# Flog Txt Version 1
# Analyzer Version: 3.2.2
# Analyzer Build Date: Jun 3 2020 08:38:37
# Log Creation Date: 23.01.2021 23:12:16.035
Process:
id = "1"
image_name = "8g4yj5vyi5gsz9qg.exe"
filename = "c:\\users\\fd1hvy\\desktop\\8g4yj5vyi5gsz9qg.exe"
page_root = "0x143be000"
os_pid = "0x11b0"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "analysis_target"
parent_id = "0"
os_parent_pid = "0x560"
cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\8g4YJ5vYi5gsz9qg.exe\" "
cur_dir = "C:\\Users\\FD1HVy\\Desktop\\"
os_username = "NQDPDE\\FD1HVy"
bitness = "32"
os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Thread:
id = 1
os_tid = 0x11b4
[0068.338] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0069.034] RoInitialize () returned 0x1
[0069.035] RoUninitialize () returned 0x0
[0072.412] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0xb1de08 | out: phkResult=0xb1de08*=0x0) returned 0x2
[0072.413] RegCloseKey (hKey=0xffffffff80000002) returned 0x0
[0072.500] GetFullPathNameW (in: lpFileName="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0xb1e8c0, lpFilePart=0x0 | out: lpBuffer="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77
[0072.514] IsAppThemed () returned 0x1
[0072.519] CoTaskMemAlloc (cb=0xf0) returned 0xdd7ad0
[0072.519] CreateActCtxA (pActCtx=0xb1eed0) returned 0xdcfa08
[0072.665] CoTaskMemFree (pv=0xdd7ad0)
[0072.675] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc151
[0072.675] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc197
[0076.100] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\8g4YJ5vYi5gsz9qg.exe.config", nBufferLength=0x105, lpBuffer=0xb1e440, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\8g4YJ5vYi5gsz9qg.exe.config", lpFilePart=0x0) returned 0x33
[0077.299] GetCurrentProcess () returned 0xffffffffffffffff
[0077.299] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xb1e748 | out: TokenHandle=0xb1e748*=0x274) returned 1
[0077.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0xb1e120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", lpFilePart=0x0) returned 0x30
[0077.342] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0xb1e7f0 | out: lpFileInformation=0xb1e7f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fdfbae, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x982bc0b8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x982bc0b8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1
[0077.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0xb1e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45
[0077.345] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0xb1e7e8 | out: lpFileInformation=0xb1e7e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fdfbae, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x982bc0b8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x982bc0b8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1
[0077.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0xb1e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45
[0077.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xb1e660) returned 1
[0077.352] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x88
[0077.352] GetFileType (hFile=0x88) returned 0x1
[0077.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xb1e5d0) returned 1
[0077.352] GetFileType (hFile=0x88) returned 0x1
[0077.427] GetFileSize (in: hFile=0x88, lpFileSizeHigh=0xb1e738 | out: lpFileSizeHigh=0xb1e738*=0x0) returned 0x8c8f
[0077.428] ReadFile (in: hFile=0x88, lpBuffer=0x27bdee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xb1e6a8, lpOverlapped=0x0 | out: lpBuffer=0x27bdee0*, lpNumberOfBytesRead=0xb1e6a8*=0x1000, lpOverlapped=0x0) returned 1
[0077.447] ReadFile (in: hFile=0x88, lpBuffer=0x27bdee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xb1e458, lpOverlapped=0x0 | out: lpBuffer=0x27bdee0*, lpNumberOfBytesRead=0xb1e458*=0x1000, lpOverlapped=0x0) returned 1
[0077.448] ReadFile (in: hFile=0x88, lpBuffer=0x27bdee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xb1e228, lpOverlapped=0x0 | out: lpBuffer=0x27bdee0*, lpNumberOfBytesRead=0xb1e228*=0x1000, lpOverlapped=0x0) returned 1
[0077.449] ReadFile (in: hFile=0x88, lpBuffer=0x27bdee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xb1e228, lpOverlapped=0x0 | out: lpBuffer=0x27bdee0*, lpNumberOfBytesRead=0xb1e228*=0x1000, lpOverlapped=0x0) returned 1
[0077.449] ReadFile (in: hFile=0x88, lpBuffer=0x27bdee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xb1e228, lpOverlapped=0x0 | out: lpBuffer=0x27bdee0*, lpNumberOfBytesRead=0xb1e228*=0x1000, lpOverlapped=0x0) returned 1
[0077.450] ReadFile (in: hFile=0x88, lpBuffer=0x27bdee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xb1e0c8, lpOverlapped=0x0 | out: lpBuffer=0x27bdee0*, lpNumberOfBytesRead=0xb1e0c8*=0x1000, lpOverlapped=0x0) returned 1
[0077.456] ReadFile (in: hFile=0x88, lpBuffer=0x27bdee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xb1e368, lpOverlapped=0x0 | out: lpBuffer=0x27bdee0*, lpNumberOfBytesRead=0xb1e368*=0x1000, lpOverlapped=0x0) returned 1
[0077.457] ReadFile (in: hFile=0x88, lpBuffer=0x27bdee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xb1e258, lpOverlapped=0x0 | out: lpBuffer=0x27bdee0*, lpNumberOfBytesRead=0xb1e258*=0x1000, lpOverlapped=0x0) returned 1
[0077.458] ReadFile (in: hFile=0x88, lpBuffer=0x27bdee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xb1e258, lpOverlapped=0x0 | out: lpBuffer=0x27bdee0*, lpNumberOfBytesRead=0xb1e258*=0xc8f, lpOverlapped=0x0) returned 1
[0077.458] ReadFile (in: hFile=0x88, lpBuffer=0x27bdee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xb1e368, lpOverlapped=0x0 | out: lpBuffer=0x27bdee0*, lpNumberOfBytesRead=0xb1e368*=0x0, lpOverlapped=0x0) returned 1
[0077.458] CloseHandle (hObject=0x88) returned 1
[0077.460] GetCurrentProcess () returned 0xffffffffffffffff
[0077.460] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xb1e908 | out: TokenHandle=0xb1e908*=0x88) returned 1
[0077.460] GetCurrentProcess () returned 0xffffffffffffffff
[0077.460] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xb1e908 | out: TokenHandle=0xb1e908*=0x278) returned 1
[0077.461] GetCurrentProcess () returned 0xffffffffffffffff
[0077.461] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xb1e748 | out: TokenHandle=0xb1e748*=0x27c) returned 1
[0077.461] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\8g4YJ5vYi5gsz9qg.exe.config" (normalized: "c:\\users\\fd1hvy\\desktop\\8g4yj5vyi5gsz9qg.exe.config"), fInfoLevelId=0x0, lpFileInformation=0xb1e7f0 | out: lpFileInformation=0xb1e7f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0077.462] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\8g4YJ5vYi5gsz9qg.exe.config", nBufferLength=0x105, lpBuffer=0xb1e140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\8g4YJ5vYi5gsz9qg.exe.config", lpFilePart=0x0) returned 0x33
[0077.462] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\8g4YJ5vYi5gsz9qg.exe.config" (normalized: "c:\\users\\fd1hvy\\desktop\\8g4yj5vyi5gsz9qg.exe.config"), fInfoLevelId=0x0, lpFileInformation=0xb1e7e8 | out: lpFileInformation=0xb1e7e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0077.463] GetCurrentProcess () returned 0xffffffffffffffff
[0077.463] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xb1e908 | out: TokenHandle=0xb1e908*=0x280) returned 1
[0077.463] GetCurrentProcess () returned 0xffffffffffffffff
[0077.463] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xb1e908 | out: TokenHandle=0xb1e908*=0x284) returned 1
[0077.542] GetCurrentProcess () returned 0xffffffffffffffff
[0077.542] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xb1e618 | out: TokenHandle=0xb1e618*=0x288) returned 1
[0077.551] GetCurrentProcess () returned 0xffffffffffffffff
[0077.551] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xb1e628 | out: TokenHandle=0xb1e628*=0x28c) returned 1
[0077.609] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0077.612] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x7ffcc4420000
[0078.623] AdjustWindowRectEx (in: lpRect=0xb1eed0, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0xb1eed0) returned 1
[0078.664] GetCurrentProcess () returned 0xffffffffffffffff
[0078.664] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0xb1ecc0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0xb1ecc0*=0x294) returned 1
[0078.680] GetCurrentActCtx (in: lphActCtx=0xb1ebc0 | out: lphActCtx=0xb1ebc0*=0x0) returned 1
[0078.681] ActivateActCtx (in: hActCtx=0xdcfa08, lpCookie=0xb1ec00 | out: hActCtx=0xdcfa08, lpCookie=0xb1ec00) returned 1
[0078.681] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0078.733] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x7ffcdf080000
[0079.958] GetModuleHandleW (lpModuleName="user32.dll") returned 0x7ffce9280000
[0079.958] GetProcAddress (hModule=0x7ffce9280000, lpProcName="DefWindowProcW") returned 0x7ffcea425090
[0079.959] GetStockObject (i=5) returned 0x900015
[0079.964] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0079.968] CoTaskMemAlloc (cb=0x5a) returned 0xdc1050
[0079.968] RegisterClassW (lpWndClass=0xb1e8b0) returned 0xc196
[0079.969] CoTaskMemFree (pv=0xdc1050)
[0079.970] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0079.970] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r6_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0x790000, lpParam=0x0) returned 0x302bc
[0079.979] SetWindowLongPtrW (hWnd=0x302bc, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b34086c
[0079.982] GetWindowLongPtrW (hWnd=0x302bc, nIndex=-4) returned 0x7ffcea425090
[0079.990] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0xb1dc28 | out: phkResult=0xb1dc28*=0x2a8) returned 0x0
[0079.992] RegQueryValueExW (in: hKey=0x2a8, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0xb1dc78, lpData=0x0, lpcbData=0xb1dc70*=0x0 | out: lpType=0xb1dc78*=0x0, lpData=0x0, lpcbData=0xb1dc70*=0x0) returned 0x2
[0079.992] RegQueryValueExW (in: hKey=0x2a8, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0xb1dc78, lpData=0x0, lpcbData=0xb1dc70*=0x0 | out: lpType=0xb1dc78*=0x0, lpData=0x0, lpcbData=0xb1dc70*=0x0) returned 0x2
[0079.993] RegCloseKey (hKey=0x2a8) returned 0x0
[0080.061] SetWindowLongPtrW (hWnd=0x302bc, nIndex=-4, dwNewLong=0x1b3408bc) returned 0x7ffcea425090
[0080.061] GetWindowLongPtrW (hWnd=0x302bc, nIndex=-4) returned 0x1b3408bc
[0080.062] GetWindowLongPtrW (hWnd=0x302bc, nIndex=-16) returned 0x6c10000
[0080.064] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc19a
[0080.065] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc19b
[0080.066] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302bc, Msg=0x81, wParam=0x0, lParam=0xb1e260) returned 0x1
[0080.067] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302bc, Msg=0x83, wParam=0x0, lParam=0xb1e310) returned 0x0
[0080.422] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302bc, Msg=0x1, wParam=0x0, lParam=0xb1e260) returned 0x0
[0080.422] GetClientRect (in: hWnd=0x302bc, lpRect=0xb1dc80 | out: lpRect=0xb1dc80) returned 1
[0080.422] GetWindowRect (in: hWnd=0x302bc, lpRect=0xb1dc80 | out: lpRect=0xb1dc80) returned 1
[0080.426] GetParent (hWnd=0x302bc) returned 0x0
[0080.426] DeactivateActCtx (dwFlags=0x0, ulCookie=0x100260f200000001) returned 1
[0080.834] GetStockObject (i=5) returned 0x900015
[0080.834] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0080.835] CoTaskMemAlloc (cb=0x5a) returned 0xdc0a30
[0080.835] RegisterClassW (lpWndClass=0xb1eaa0) returned 0xc19c
[0080.835] CoTaskMemFree (pv=0xdc0a30)
[0080.835] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0080.835] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0x790000, lpParam=0x0) returned 0x302be
[0080.836] SetWindowLongPtrW (hWnd=0x302be, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b34090c
[0080.836] GetWindowLongPtrW (hWnd=0x302be, nIndex=-4) returned 0x7ffcea425090
[0080.836] SetWindowLongPtrW (hWnd=0x302be, nIndex=-4, dwNewLong=0x1b34095c) returned 0x7ffcea425090
[0080.836] GetWindowLongPtrW (hWnd=0x302be, nIndex=-4) returned 0x1b34095c
[0080.836] GetWindowLongPtrW (hWnd=0x302be, nIndex=-16) returned 0x4c00000
[0080.838] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302be, Msg=0x24, wParam=0x0, lParam=0xb1e4e0) returned 0x0
[0080.839] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302be, Msg=0x81, wParam=0x0, lParam=0xb1e450) returned 0x1
[0080.840] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302be, Msg=0x83, wParam=0x0, lParam=0xb1e500) returned 0x0
[0080.840] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302be, Msg=0x1, wParam=0x0, lParam=0xb1e420) returned 0x0
[0080.920] SetTimer (hWnd=0x302be, nIDEvent=0x1, uElapse=0x64, lpTimerFunc=0x0) returned 0x1
[0080.932] GetWindowThreadProcessId (in: hWnd=0x302be, lpdwProcessId=0xb1edc0 | out: lpdwProcessId=0xb1edc0) returned 0x11b4
[0080.932] GetCurrentThreadId () returned 0x11b4
[0080.932] IsWindow (hWnd=0x302be) returned 1
[0080.933] KillTimer (hWnd=0x302be, uIDEvent=0x1) returned 1
[0080.933] SetTimer (hWnd=0x302be, nIDEvent=0x2, uElapse=0x2710, lpTimerFunc=0x0) returned 0x2
[0080.934] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0080.934] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0x790000, lpParam=0x0) returned 0x302ca
[0080.935] SetWindowLongPtrW (hWnd=0x302ca, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b34090c
[0080.935] GetWindowLongPtrW (hWnd=0x302ca, nIndex=-4) returned 0x7ffcea425090
[0080.935] SetWindowLongPtrW (hWnd=0x302ca, nIndex=-4, dwNewLong=0x1b3409ac) returned 0x7ffcea425090
[0080.935] GetWindowLongPtrW (hWnd=0x302ca, nIndex=-4) returned 0x1b3409ac
[0080.935] GetWindowLongPtrW (hWnd=0x302ca, nIndex=-16) returned 0x4c00000
[0080.935] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302ca, Msg=0x24, wParam=0x0, lParam=0xb1e4e0) returned 0x0
[0080.935] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302ca, Msg=0x81, wParam=0x0, lParam=0xb1e450) returned 0x1
[0080.936] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302ca, Msg=0x83, wParam=0x0, lParam=0xb1e500) returned 0x0
[0080.936] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302ca, Msg=0x1, wParam=0x0, lParam=0xb1e420) returned 0x0
[0080.937] SetTimer (hWnd=0x302ca, nIDEvent=0x3, uElapse=0x64, lpTimerFunc=0x0) returned 0x3
[0080.937] GetWindowThreadProcessId (in: hWnd=0x302ca, lpdwProcessId=0xb1edc0 | out: lpdwProcessId=0xb1edc0) returned 0x11b4
[0080.937] GetCurrentThreadId () returned 0x11b4
[0080.937] IsWindow (hWnd=0x302ca) returned 1
[0080.937] KillTimer (hWnd=0x302ca, uIDEvent=0x3) returned 1
[0080.937] SetTimer (hWnd=0x302ca, nIDEvent=0x4, uElapse=0x3a98, lpTimerFunc=0x0) returned 0x4
[0080.945] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0080.946] AdjustWindowRectEx (in: lpRect=0xb1ee00, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0xb1ee00) returned 1
[0080.946] GetSystemMetrics (nIndex=59) returned 1460
[0080.946] GetSystemMetrics (nIndex=60) returned 920
[0080.946] GetSystemMetrics (nIndex=34) returned 136
[0080.946] GetSystemMetrics (nIndex=35) returned 39
[0080.949] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0080.949] AdjustWindowRectEx (in: lpRect=0xb1ebc0, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0xb1ebc0) returned 1
[0080.952] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0080.952] AdjustWindowRectEx (in: lpRect=0xb1ebf0, dwStyle=0x2010000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0xb1ebf0) returned 1
[0080.952] AdjustWindowRectEx (in: lpRect=0xb1ed70, dwStyle=0x2010000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0xb1ed70) returned 1
[0080.952] GetSystemMetrics (nIndex=59) returned 1460
[0080.952] GetSystemMetrics (nIndex=60) returned 920
[0080.953] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0080.953] AdjustWindowRectEx (in: lpRect=0xb1e9a0, dwStyle=0x2010000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0xb1e9a0) returned 1
[0080.953] AdjustWindowRectEx (in: lpRect=0xb1eb30, dwStyle=0x2010000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0xb1eb30) returned 1
[0080.964] CreateCompatibleDC (hdc=0x0) returned 0x64010521
[0081.086] GetSystemDefaultLCID () returned 0x409
[0081.086] GetStockObject (i=17) returned 0xa01c1
[0081.090] GetObjectW (in: h=0xa01c1, c=92, pv=0xb1e8e0 | out: pv=0xb1e8e0) returned 92
[0081.091] GetDC (hWnd=0x0) returned 0xd0104fe
[0081.114] GdiplusStartup (in: token=0x7ffc6a026d60, input=0xb1d368, output=0xb1d418 | out: token=0x7ffc6a026d60, output=0xb1d418) returned 0x0
[0081.271] CoTaskMemAlloc (cb=0x5c) returned 0xdc0a30
[0081.272] GdipCreateFontFromLogfontW (hdc=0xd0104fe, logfont=0xdc0a30, font=0xb1ea20) returned 0x0
[0081.808] CoTaskMemFree (pv=0xdc0a30)
[0081.809] CoTaskMemAlloc (cb=0x5c) returned 0xdc0a30
[0081.809] CoTaskMemFree (pv=0xdc0a30)
[0081.810] CoTaskMemAlloc (cb=0x5c) returned 0xdc0a30
[0081.810] CoTaskMemFree (pv=0xdc0a30)
[0081.811] GdipGetFontUnit (font=0x1b4034f0, unit=0xb1e990) returned 0x0
[0081.812] GdipGetFontSize (font=0x1b4034f0, size=0xb1e99c) returned 0x0
[0081.812] GdipGetFontStyle (font=0x1b4034f0, style=0xb1e988) returned 0x0
[0081.813] GdipGetFamily (font=0x1b4034f0, family=0xb1e980) returned 0x0
[0081.815] GdipGetFontSize (font=0x1b4034f0, size=0x27e43f0) returned 0x0
[0081.815] ReleaseDC (hWnd=0x0, hDC=0xd0104fe) returned 1
[0081.817] GetDC (hWnd=0x0) returned 0xf0105ee
[0081.818] GdipCreateFromHDC (hdc=0xf0105ee, graphics=0xb1e988) returned 0x0
[0081.863] GdipGetDpiY (graphics=0x1c621520, dpi=0x27e4580) returned 0x0
[0081.864] GdipGetFontHeight (font=0x1b4034f0, graphics=0x1c621520, height=0xb1e984) returned 0x0
[0081.867] GdipGetEmHeight (family=0x1b40a440, style=0, EmHeight=0xb1e988) returned 0x0
[0081.868] GdipGetLineSpacing (family=0x1b40a440, style=0, LineSpacing=0xb1e988) returned 0x0
[0081.869] GdipDeleteGraphics (graphics=0x1c621520) returned 0x0
[0081.869] ReleaseDC (hWnd=0x0, hDC=0xf0105ee) returned 1
[0081.912] GdipCreateFont (fontFamily=0x1b40a440, emSize=0x7ffcc71dda75, style=0, unit=0x3, font=0x27e45b8) returned 0x0
[0081.912] GdipGetFontSize (font=0x1b40ebe0, size=0x27e45c0) returned 0x0
[0081.912] GdipDeleteFont (font=0x1b4034f0) returned 0x0
[0081.917] GetDC (hWnd=0x0) returned 0xf0105ee
[0081.917] GdipCreateFromHDC (hdc=0xf0105ee, graphics=0xb1ea48) returned 0x0
[0081.918] CoTaskMemAlloc (cb=0x5c) returned 0xdc0a30
[0081.918] GdipGetLogFontW (font=0x1b40ebe0, graphics=0x1c621520, logfontW=0xdc0a30) returned 0x0
[0081.921] CoTaskMemFree (pv=0xdc0a30)
[0081.921] CoTaskMemAlloc (cb=0x5c) returned 0xdc0a30
[0081.921] CoTaskMemFree (pv=0xdc0a30)
[0081.921] CoTaskMemAlloc (cb=0x5c) returned 0xdc0a30
[0081.922] CoTaskMemFree (pv=0xdc0a30)
[0081.922] GdipDeleteGraphics (graphics=0x1c621520) returned 0x0
[0081.922] ReleaseDC (hWnd=0x0, hDC=0xf0105ee) returned 1
[0081.922] CoTaskMemAlloc (cb=0x5c) returned 0xdc0a30
[0081.922] CreateFontIndirectW (lplf=0xdc0a30) returned 0x550a0545
[0081.923] CoTaskMemFree (pv=0xdc0a30)
[0081.924] SelectObject (hdc=0x64010521, h=0x550a0545) returned 0x8a01c2
[0081.924] GetTextMetricsW (in: hdc=0x64010521, lptm=0xb1ecc8 | out: lptm=0xb1ecc8) returned 1
[0081.925] GetTextExtentPoint32W (in: hdc=0x64010521, lpString="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c=52, psizl=0x27e4940 | out: psizl=0x27e4940) returned 1
[0081.928] SelectObject (hdc=0x64010521, h=0x8a01c2) returned 0x550a0545
[0081.928] DeleteDC (hdc=0x64010521) returned 1
[0081.929] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0081.929] AdjustWindowRectEx (in: lpRect=0xb1e920, dwStyle=0x2010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0xb1e920) returned 1
[0081.930] GetCursorPos (in: lpPoint=0x27e4978 | out: lpPoint=0x27e4978*(x=1181, y=286)) returned 1
[0081.931] GetSystemMetrics (nIndex=80) returned 1
[0081.934] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xb1e6d0 | out: lpmi=0xb1e6d0) returned 1
[0081.951] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x66010521
[0081.951] GetDeviceCaps (hdc=0x66010521, index=12) returned 32
[0081.951] GetDeviceCaps (hdc=0x66010521, index=14) returned 1
[0081.951] DeleteDC (hdc=0x66010521) returned 1
[0081.965] GetUserObjectInformationA (in: hObj=0xe8, nIndex=1, pvInfo=0x27e50c8, nLength=0xc, lpnLengthNeeded=0xb1e770 | out: pvInfo=0x27e50c8, lpnLengthNeeded=0xb1e770) returned 1
[0081.968] SetConsoleCtrlHandler (HandlerRoutine=0x1b3409fc, Add=1) returned 1
[0081.969] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0081.970] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0081.972] GetClassInfoW (in: hInstance=0x790000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x27e5188 | out: lpWndClass=0x27e5188) returned 0
[0081.973] CoTaskMemAlloc (cb=0x58) returned 0xdc3f60
[0081.973] RegisterClassW (lpWndClass=0xb1e580) returned 0xc19e
[0081.973] CoTaskMemFree (pv=0xdc3f60)
[0081.974] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x790000, lpParam=0x0) returned 0x6008c
[0081.981] NtdllDefWindowProc_W (hWnd=0x6008c, Msg=0x83, wParam=0x0, lParam=0xb1df70) returned 0x0
[0081.982] NtdllDefWindowProc_W (hWnd=0x6008c, Msg=0x1, wParam=0x0, lParam=0xb1de60) returned 0x0
[0081.983] NtdllDefWindowProc_W (hWnd=0x6008c, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0
[0081.983] NtdllDefWindowProc_W (hWnd=0x6008c, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0
[0081.990] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xb1e7a0 | out: lpmi=0xb1e7a0) returned 1
[0081.991] AdjustWindowRectEx (in: lpRect=0xb1eba0, dwStyle=0x2010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0xb1eba0) returned 1
[0081.991] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0081.991] AdjustWindowRectEx (in: lpRect=0xb1e810, dwStyle=0x2010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0xb1e810) returned 1
[0081.991] GetCursorPos (in: lpPoint=0x27e59e8 | out: lpPoint=0x27e59e8*(x=1181, y=286)) returned 1
[0081.991] MonitorFromPoint (pt=0x11e0000049c, dwFlags=0x2) returned 0x10001
[0081.992] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xb1e5c0 | out: lpmi=0xb1e5c0) returned 1
[0081.992] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x6c010521
[0081.992] GetDeviceCaps (hdc=0x6c010521, index=12) returned 32
[0081.992] GetDeviceCaps (hdc=0x6c010521, index=14) returned 1
[0081.993] DeleteDC (hdc=0x6c010521) returned 1
[0081.993] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xb1e690 | out: lpmi=0xb1e690) returned 1
[0081.993] AdjustWindowRectEx (in: lpRect=0xb1e990, dwStyle=0x2010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0xb1e990) returned 1
[0082.148] LocalAlloc (uFlags=0x0, uBytes=0xac) returned 0xdd6540
[0083.500] ShellExecuteExW (in: pExecInfo=0x27e63b8*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="cmd.exe", lpParameters="/k takeown /f C:\\Windows\\System32 && icacls C:\\Windows\\System32 /grant \"%username%:F\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x27e63b8*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="cmd.exe", lpParameters="/k takeown /f C:\\Windows\\System32 && icacls C:\\Windows\\System32 /grant \"%username%:F\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x514)) returned 1
[0090.789] LocalFree (hMem=0xde0cd0) returned 0x0
[0090.789] LocalFree (hMem=0xdd6540) returned 0x0
[0090.814] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", ulOptions=0x0, samDesired=0x2001f, phkResult=0xb1edf8 | out: phkResult=0xb1edf8*=0x0) returned 0x2
[0090.815] RegCreateKeyExW (in: hKey=0xffffffff80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0xb1ee50, lpdwDisposition=0xb1ef38 | out: phkResult=0xb1ee50*=0x43c, lpdwDisposition=0xb1ef38*=0x1) returned 0x0
[0090.818] RegQueryValueExW (in: hKey=0x43c, lpValueName="DisableTaskMgr", lpReserved=0x0, lpType=0xb1ef08, lpData=0x0, lpcbData=0xb1ef00*=0x0 | out: lpType=0xb1ef08*=0x0, lpData=0x0, lpcbData=0xb1ef00*=0x0) returned 0x2
[0090.819] RegSetValueExW (in: hKey=0x43c, lpValueName="DisableTaskMgr", Reserved=0x0, dwType=0x1, lpData="1", cbData=0x4 | out: lpData="1") returned 0x0
[0090.821] GetCurrentActCtx (in: lphActCtx=0xb1efc0 | out: lphActCtx=0xb1efc0*=0x0) returned 1
[0090.821] ActivateActCtx (in: hActCtx=0xdcfa08, lpCookie=0xb1f000 | out: hActCtx=0xdcfa08, lpCookie=0xb1f000) returned 1
[0090.823] GetCurrentActCtx (in: lphActCtx=0xb1ec60 | out: lphActCtx=0xb1ec60*=0xdcfa08) returned 1
[0090.823] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0090.824] AdjustWindowRectEx (in: lpRect=0xb1eb80, dwStyle=0x2010000, bMenu=0, dwExStyle=0x90000 | out: lpRect=0xb1eb80) returned 1
[0090.824] GetCursorPos (in: lpPoint=0x27e6a30 | out: lpPoint=0x27e6a30*(x=20, y=183)) returned 1
[0090.824] MonitorFromPoint (pt=0xb700000014, dwFlags=0x2) returned 0x10001
[0090.824] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xb1e930 | out: lpmi=0xb1e930) returned 1
[0090.825] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x6d010521
[0090.826] GetDeviceCaps (hdc=0x6d010521, index=12) returned 32
[0090.826] GetDeviceCaps (hdc=0x6d010521, index=14) returned 1
[0090.826] DeleteDC (hdc=0x6d010521) returned 1
[0090.826] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xb1ea00 | out: lpmi=0xb1ea00) returned 1
[0090.827] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0090.827] CreateWindowExW (dwExStyle=0x90000, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r6_ad1", lpWindowName="ff0953qpn7361bbu", dwStyle=0x2010000, X=695, Y=405, nWidth=50, nHeight=50, hWndParent=0x0, hMenu=0x0, hInstance=0x790000, lpParam=0x0) returned 0x70036
[0090.829] SetWindowLongPtrW (hWnd=0x70036, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b34086c
[0090.829] GetWindowLongPtrW (hWnd=0x70036, nIndex=-4) returned 0x7ffcea425090
[0090.829] SetWindowLongPtrW (hWnd=0x70036, nIndex=-4, dwNewLong=0x1b340a9c) returned 0x7ffcea425090
[0090.829] GetWindowLongPtrW (hWnd=0x70036, nIndex=-4) returned 0x1b340a9c
[0090.829] GetWindowLongPtrW (hWnd=0x70036, nIndex=-16) returned 0x6c10000
[0090.832] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x81, wParam=0x0, lParam=0xb1e300) returned 0x1
[0090.833] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x83, wParam=0x0, lParam=0xb1e3b0) returned 0x0
[0090.835] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x1, wParam=0x0, lParam=0xb1e2d0) returned 0x0
[0090.835] GetClientRect (in: hWnd=0x70036, lpRect=0xb1dcb0 | out: lpRect=0xb1dcb0) returned 1
[0090.835] GetWindowRect (in: hWnd=0x70036, lpRect=0xb1dcb0 | out: lpRect=0xb1dcb0) returned 1
[0090.839] SetWindowTextW (hWnd=0x70036, lpString="ff0953qpn7361bbu") returned 1
[0090.839] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xc, wParam=0x0, lParam=0x27e2d94) returned 0x1
[0090.850] GetSysColor (nIndex=10) returned 0xb4b4b4
[0090.850] GetSysColor (nIndex=2) returned 0xd1b499
[0090.850] GetSysColor (nIndex=9) returned 0x0
[0090.850] GetSysColor (nIndex=12) returned 0xababab
[0090.850] GetSysColor (nIndex=15) returned 0xf0f0f0
[0090.850] GetSysColor (nIndex=20) returned 0xffffff
[0090.850] GetSysColor (nIndex=16) returned 0xa0a0a0
[0090.850] GetSysColor (nIndex=15) returned 0xf0f0f0
[0090.850] GetSysColor (nIndex=16) returned 0xa0a0a0
[0090.850] GetSysColor (nIndex=21) returned 0x696969
[0090.850] GetSysColor (nIndex=22) returned 0xe3e3e3
[0090.850] GetSysColor (nIndex=20) returned 0xffffff
[0090.850] GetSysColor (nIndex=18) returned 0x0
[0090.850] GetSysColor (nIndex=1) returned 0x0
[0090.850] GetSysColor (nIndex=27) returned 0xead1b9
[0090.850] GetSysColor (nIndex=28) returned 0xf2e4d7
[0090.851] GetSysColor (nIndex=17) returned 0x6d6d6d
[0090.851] GetSysColor (nIndex=13) returned 0xd77800
[0090.851] GetSysColor (nIndex=14) returned 0xffffff
[0090.851] GetSysColor (nIndex=26) returned 0xcc6600
[0090.851] GetSysColor (nIndex=11) returned 0xfcf7f4
[0090.851] GetSysColor (nIndex=3) returned 0xdbcdbf
[0090.851] GetSysColor (nIndex=19) returned 0x0
[0090.851] GetSysColor (nIndex=24) returned 0xe1ffff
[0090.851] GetSysColor (nIndex=23) returned 0x0
[0090.851] GetSysColor (nIndex=4) returned 0xf0f0f0
[0090.851] GetSysColor (nIndex=30) returned 0xf0f0f0
[0090.851] GetSysColor (nIndex=29) returned 0xd77800
[0090.851] GetSysColor (nIndex=7) returned 0x0
[0090.851] GetSysColor (nIndex=0) returned 0xc8c8c8
[0090.851] GetSysColor (nIndex=5) returned 0xffffff
[0090.851] GetSysColor (nIndex=6) returned 0x646464
[0090.851] GetSysColor (nIndex=8) returned 0x0
[0090.859] SetLayeredWindowAttributes (hwnd=0x70036, crKey=0xf0f0f0, bAlpha=0x0, dwFlags=0x1) returned 1
[0090.866] GetStartupInfoW (in: lpStartupInfo=0x27e73e0 | out: lpStartupInfo=0x27e73e0*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\FD1HVy\\Desktop\\8g4YJ5vYi5gsz9qg.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0))
[0090.869] GetParent (hWnd=0x70036) returned 0x0
[0090.870] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0090.870] CreateWindowExW (dwExStyle=0x80, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x790000, lpParam=0x0) returned 0x70030
[0090.871] SetWindowLongPtrW (hWnd=0x70030, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b34090c
[0090.871] GetWindowLongPtrW (hWnd=0x70030, nIndex=-4) returned 0x7ffcea425090
[0090.871] SetWindowLongPtrW (hWnd=0x70030, nIndex=-4, dwNewLong=0x1b340aec) returned 0x7ffcea425090
[0090.871] GetWindowLongPtrW (hWnd=0x70030, nIndex=-4) returned 0x1b340aec
[0090.871] GetWindowLongPtrW (hWnd=0x70030, nIndex=-16) returned 0x4c00000
[0090.872] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70030, Msg=0x24, wParam=0x0, lParam=0xb1e390) returned 0x0
[0090.872] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70030, Msg=0x81, wParam=0x0, lParam=0xb1e300) returned 0x1
[0090.872] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70030, Msg=0x83, wParam=0x0, lParam=0xb1e3b0) returned 0x0
[0090.874] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70030, Msg=0x1, wParam=0x0, lParam=0xb1e300) returned 0x0
[0090.874] SetWindowLongPtrW (hWnd=0x70036, nIndex=-8, dwNewLong=0x70030) returned 0x0
[0090.877] SendMessageW (hWnd=0x70036, Msg=0x80, wParam=0x0, lParam=0x0) returned 0x0
[0090.877] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x80, wParam=0x0, lParam=0x0) returned 0x0
[0090.877] SendMessageW (hWnd=0x70036, Msg=0x80, wParam=0x1, lParam=0x0) returned 0x0
[0090.877] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x80, wParam=0x1, lParam=0x0) returned 0x0
[0090.944] GetSystemMenu (hWnd=0x70036, bRevert=0) returned 0x0
[0090.944] GetWindowPlacement (in: hWnd=0x70036, lpwndpl=0xb1ec60 | out: lpwndpl=0xb1ec60) returned 1
[0090.945] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf020, uEnable=0x1) returned 1
[0090.945] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf030, uEnable=0x1) returned 1
[0090.945] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf060, uEnable=0x0) returned 1
[0090.945] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf120, uEnable=0x1) returned 1
[0090.945] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf000, uEnable=0x1) returned 1
[0090.945] GetClientRect (in: hWnd=0x70036, lpRect=0xb1ed30 | out: lpRect=0xb1ed30) returned 1
[0090.945] GetClientRect (in: hWnd=0x70036, lpRect=0xb1ec50 | out: lpRect=0xb1ec50) returned 1
[0090.945] GetWindowRect (in: hWnd=0x70036, lpRect=0xb1ec50 | out: lpRect=0xb1ec50) returned 1
[0090.945] SetWindowLongPtrW (hWnd=0x70036, nIndex=-8, dwNewLong=0x70030) returned 0x70030
[0090.951] GetSystemMetrics (nIndex=11) returned 32
[0090.951] GetSystemMetrics (nIndex=12) returned 32
[0090.951] GetDC (hWnd=0x0) returned 0x10105d6
[0090.952] GetDeviceCaps (hdc=0x10105d6, index=12) returned 32
[0090.952] GetDeviceCaps (hdc=0x10105d6, index=14) returned 1
[0090.952] ReleaseDC (hWnd=0x0, hDC=0x10105d6) returned 1
[0090.952] CreateIconFromResourceEx (presbits=0x27ea0d8, dwResSize=0x10a8, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x170097
[0090.955] SendMessageW (hWnd=0x70030, Msg=0x80, wParam=0x1, lParam=0x170097) returned 0x0
[0090.955] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70030, Msg=0x80, wParam=0x1, lParam=0x170097) returned 0x0
[0090.957] SetWindowPos (hWnd=0x70036, hWndInsertAfter=0xffffffffffffffff, X=0, Y=0, cx=0, cy=0, uFlags=0x3) returned 1
[0090.957] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x46, wParam=0x0, lParam=0xb1ebf0) returned 0x0
[0090.957] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70030, Msg=0x46, wParam=0x0, lParam=0xb1ebf0) returned 0x0
[0090.970] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x46, wParam=0x0, lParam=0xb1ebf0) returned 0x0
[0090.970] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70030, Msg=0x46, wParam=0x0, lParam=0xb1ebf0) returned 0x0
[0090.970] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x1c, wParam=0x1, lParam=0x104c) returned 0x0
[0090.970] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70030, Msg=0x1c, wParam=0x1, lParam=0x104c) returned 0x0
[0090.971] NtdllDefWindowProc_W (hWnd=0x6008c, Msg=0x1c, wParam=0x1, lParam=0x104c) returned 0x0
[0090.971] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x86, wParam=0x1, lParam=0x0) returned 0x1
[0090.977] OleInitialize (pvReserved=0x0) returned 0x0
[0090.978] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0xb1e738 | out: lplpMessageFilter=0xb1e738*=0x0) returned 0x0
[0091.374] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0
[0091.383] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0
[0091.385] GetParent (hWnd=0x70036) returned 0x0
[0091.385] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0091.390] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x0
[0091.390] GetWindowPlacement (in: hWnd=0x70036, lpwndpl=0xb1e700 | out: lpwndpl=0xb1e700) returned 1
[0091.390] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x47, wParam=0x0, lParam=0xb1ebf0) returned 0x0
[0091.390] GetClientRect (in: hWnd=0x70036, lpRect=0xb1e5a0 | out: lpRect=0xb1e5a0) returned 1
[0091.390] GetWindowRect (in: hWnd=0x70036, lpRect=0xb1e5a0 | out: lpRect=0xb1e5a0) returned 1
[0091.394] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x83, wParam=0x1, lParam=0xb1e460) returned 0x0
[0091.395] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0091.396] GetWindowLongPtrW (hWnd=0x70036, nIndex=-16) returned 0x6c10000
[0091.396] GetCursorPos (in: lpPoint=0x27eb588 | out: lpPoint=0x27eb588*(x=20, y=183)) returned 1
[0091.396] MonitorFromPoint (pt=0xba00000011, dwFlags=0x2) returned 0x10001
[0091.396] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xb1e900 | out: lpmi=0xb1e900) returned 1
[0091.396] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x790107c4
[0091.396] GetDeviceCaps (hdc=0x790107c4, index=12) returned 32
[0091.396] GetDeviceCaps (hdc=0x790107c4, index=14) returned 1
[0091.396] DeleteDC (hdc=0x790107c4) returned 1
[0091.396] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xb1e9d0 | out: lpmi=0xb1e9d0) returned 1
[0091.397] GetWindowLongPtrW (hWnd=0x70036, nIndex=-16) returned 0x6c10000
[0091.397] GetWindowLongPtrW (hWnd=0x70036, nIndex=-20) returned 0x90108
[0091.397] SetWindowLongPtrW (hWnd=0x70036, nIndex=-16, dwNewLong=0x2010000) returned 0x6c10000
[0091.397] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x7c, wParam=0xfffffffffffffff0, lParam=0xb1eb30) returned 0x0
[0091.397] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x7d, wParam=0xfffffffffffffff0, lParam=0xb1eb30) returned 0x0
[0091.398] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x46, wParam=0x0, lParam=0xb1dd40) returned 0x0
[0091.398] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x83, wParam=0x1, lParam=0xb1dd10) returned 0x0
[0091.399] GetWindowPlacement (in: hWnd=0x70036, lpwndpl=0xb1d850 | out: lpwndpl=0xb1d850) returned 1
[0091.399] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x47, wParam=0x0, lParam=0xb1dd40) returned 0x0
[0091.399] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x3, wParam=0x0, lParam=0x19502b7) returned 0x0
[0091.399] GetClientRect (in: hWnd=0x70036, lpRect=0xb1cba0 | out: lpRect=0xb1cba0) returned 1
[0091.399] GetWindowRect (in: hWnd=0x70036, lpRect=0xb1cba0 | out: lpRect=0xb1cba0) returned 1
[0091.399] GetWindowTextLengthW (hWnd=0x70036) returned 16
[0091.399] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0091.399] GetSystemMetrics (nIndex=42) returned 0
[0091.400] GetWindowTextW (in: hWnd=0x70036, lpString=0xb1c7e0, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0091.400] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xd, wParam=0x11, lParam=0xb1c7e0) returned 0x10
[0091.401] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x5, wParam=0x0, lParam=0x320088) returned 0x0
[0091.402] GetClientRect (in: hWnd=0x70036, lpRect=0xb1d6f0 | out: lpRect=0xb1d6f0) returned 1
[0091.402] GetWindowRect (in: hWnd=0x70036, lpRect=0xb1d6f0 | out: lpRect=0xb1d6f0) returned 1
[0091.402] SetWindowLongPtrW (hWnd=0x70036, nIndex=-20, dwNewLong=0x90000) returned 0x90008
[0091.402] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x7c, wParam=0xffffffffffffffec, lParam=0xb1eb30) returned 0x0
[0091.403] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x7d, wParam=0xffffffffffffffec, lParam=0xb1eb30) returned 0x0
[0091.403] SetWindowPos (hWnd=0x70036, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1
[0091.403] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x46, wParam=0x0, lParam=0xb1eb90) returned 0x0
[0091.403] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x83, wParam=0x1, lParam=0xb1eb60) returned 0x0
[0091.403] GetWindowPlacement (in: hWnd=0x70036, lpwndpl=0xb1e6a0 | out: lpwndpl=0xb1e6a0) returned 1
[0091.403] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x47, wParam=0x0, lParam=0xb1eb90) returned 0x0
[0091.403] GetClientRect (in: hWnd=0x70036, lpRect=0xb1e540 | out: lpRect=0xb1e540) returned 1
[0091.403] GetWindowRect (in: hWnd=0x70036, lpRect=0xb1e540 | out: lpRect=0xb1e540) returned 1
[0091.404] RedrawWindow (hWnd=0x70036, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1
[0091.404] GetSystemMenu (hWnd=0x70036, bRevert=0) returned 0x0
[0091.404] GetWindowPlacement (in: hWnd=0x70036, lpwndpl=0xb1ec00 | out: lpwndpl=0xb1ec00) returned 1
[0091.404] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf020, uEnable=0x1) returned 1
[0091.404] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf030, uEnable=0x1) returned 1
[0091.404] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf060, uEnable=0x0) returned 1
[0091.404] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf120, uEnable=0x1) returned 1
[0091.404] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf000, uEnable=0x1) returned 1
[0091.404] ShowWindow (hWnd=0x70036, nCmdShow=5) returned 0
[0091.404] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0091.405] GetWindowTextLengthW (hWnd=0x70036) returned 16
[0091.405] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0091.405] GetSystemMetrics (nIndex=42) returned 0
[0091.405] GetWindowTextW (in: hWnd=0x70036, lpString=0xb1e510, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0091.405] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xd, wParam=0x11, lParam=0xb1e510) returned 0x10
[0091.416] GetWindowThreadProcessId (in: hWnd=0x70036, lpdwProcessId=0xb1e5f0 | out: lpdwProcessId=0xb1e5f0) returned 0x11b4
[0091.416] GetCurrentThreadId () returned 0x11b4
[0091.416] RegisterClipboardFormatW (lpszFormat="WindowsForms12_ThreadCallbackMessage") returned 0xc19f
[0091.417] PostMessageW (hWnd=0x70036, Msg=0xc19f, wParam=0x0, lParam=0x0) returned 1
[0091.417] GetWindowTextLengthW (hWnd=0x70036) returned 16
[0091.417] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0091.417] GetSystemMetrics (nIndex=42) returned 0
[0091.417] GetWindowTextW (in: hWnd=0x70036, lpString=0xb1e4e0, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0091.417] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xd, wParam=0x11, lParam=0xb1e4e0) returned 0x10
[0091.417] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x46, wParam=0x0, lParam=0xb1eda0) returned 0x0
[0091.417] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70030, Msg=0x46, wParam=0x0, lParam=0xb1eda0) returned 0x0
[0091.555] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0
[0091.556] GetWindowPlacement (in: hWnd=0x70036, lpwndpl=0xb1e8d0 | out: lpwndpl=0xb1e8d0) returned 1
[0091.556] GetClientRect (in: hWnd=0x70036, lpRect=0xb1e7f0 | out: lpRect=0xb1e7f0) returned 1
[0091.556] GetWindowTextLengthW (hWnd=0x70036) returned 16
[0091.556] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0091.556] GetSystemMetrics (nIndex=42) returned 0
[0091.556] GetWindowTextW (in: hWnd=0x70036, lpString=0xb1e530, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0091.556] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xd, wParam=0x11, lParam=0xb1e530) returned 0x10
[0091.556] GetClientRect (in: hWnd=0x70036, lpRect=0xb1e5b8 | out: lpRect=0xb1e5b8) returned 1
[0091.562] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x1b340b3c, dwData=0x0) returned 1
[0091.562] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xb1dd90 | out: lpmi=0xb1dd90) returned 1
[0091.562] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x550107c0
[0091.562] GetDeviceCaps (hdc=0x550107c0, index=12) returned 32
[0091.562] GetDeviceCaps (hdc=0x550107c0, index=14) returned 1
[0091.563] DeleteDC (hdc=0x550107c0) returned 1
[0091.564] GetCurrentObject (hdc=0x60100ce, type=0x1) returned 0xb00017
[0091.565] GetCurrentObject (hdc=0x60100ce, type=0x2) returned 0x900010
[0091.565] GetCurrentObject (hdc=0x60100ce, type=0x7) returned 0xffffffff9f0507c6
[0091.565] GetCurrentObject (hdc=0x60100ce, type=0x6) returned 0x8a01c2
[0091.570] SaveDC (hdc=0x60100ce) returned 1
[0091.573] GetNearestColor (hdc=0x60100ce, color=0xf0f0f0) returned 0xf0f0f0
[0091.583] CreateSolidBrush (color=0xf0f0f0) returned 0x7a1007c4
[0091.584] FillRect (hDC=0x60100ce, lprc=0xb1e2a0, hbr=0x7a1007c4) returned 1
[0091.590] DeleteObject (ho=0x7a1007c4) returned 1
[0091.601] RestoreDC (hdc=0x60100ce, nSavedDC=-1) returned 1
[0091.605] GetWindowPlacement (in: hWnd=0x70036, lpwndpl=0xb1e8b0 | out: lpwndpl=0xb1e8b0) returned 1
[0091.605] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x47, wParam=0x0, lParam=0xb1eda0) returned 0x0
[0091.605] GetClientRect (in: hWnd=0x70036, lpRect=0xb1e750 | out: lpRect=0xb1e750) returned 1
[0091.605] GetWindowRect (in: hWnd=0x70036, lpRect=0xb1e750 | out: lpRect=0xb1e750) returned 1
[0091.605] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x5, wParam=0x0, lParam=0x320088) returned 0x0
[0091.605] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x3, wParam=0x0, lParam=0x19502b7) returned 0x0
[0091.605] GetClientRect (in: hWnd=0x70036, lpRect=0xb1e7e0 | out: lpRect=0xb1e7e0) returned 1
[0091.605] GetWindowRect (in: hWnd=0x70036, lpRect=0xb1e7e0 | out: lpRect=0xb1e7e0) returned 1
[0091.606] SetFocus (hWnd=0x70036) returned 0x70036
[0091.606] PeekMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.609] IsWindowUnicode (hWnd=0x70036) returned 1
[0091.610] GetMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.612] TranslateMessage (lpMsg=0xb1ef10) returned 0
[0091.612] DispatchMessageW (lpMsg=0xb1ef10) returned 0x0
[0091.613] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x46, wParam=0x0, lParam=0xb1ea70) returned 0x0
[0091.613] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x83, wParam=0x1, lParam=0xb1ea40) returned 0x0
[0091.613] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0
[0091.613] GetWindowPlacement (in: hWnd=0x70036, lpwndpl=0xb1e5a0 | out: lpwndpl=0xb1e5a0) returned 1
[0091.613] GetClientRect (in: hWnd=0x70036, lpRect=0xb1e4c0 | out: lpRect=0xb1e4c0) returned 1
[0091.613] GetWindowTextLengthW (hWnd=0x70036) returned 16
[0091.613] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0091.613] GetSystemMetrics (nIndex=42) returned 0
[0091.614] GetWindowTextW (in: hWnd=0x70036, lpString=0xb1e200, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0091.614] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xd, wParam=0x11, lParam=0xb1e200) returned 0x10
[0091.614] GetClientRect (in: hWnd=0x70036, lpRect=0xb1e288 | out: lpRect=0xb1e288) returned 1
[0091.614] GetCurrentObject (hdc=0xf0105ee, type=0x1) returned 0xb00017
[0091.614] GetCurrentObject (hdc=0xf0105ee, type=0x2) returned 0x900010
[0091.614] GetCurrentObject (hdc=0xf0105ee, type=0x7) returned 0xffffffff9f0507c6
[0091.614] GetCurrentObject (hdc=0xf0105ee, type=0x6) returned 0x8a01c2
[0091.614] SaveDC (hdc=0xf0105ee) returned 1
[0091.614] GetNearestColor (hdc=0xf0105ee, color=0xf0f0f0) returned 0xf0f0f0
[0091.614] CreateSolidBrush (color=0xf0f0f0) returned 0x7b1007c4
[0091.614] FillRect (hDC=0xf0105ee, lprc=0xb1df70, hbr=0x7b1007c4) returned 1
[0091.616] DeleteObject (ho=0x7b1007c4) returned 1
[0091.616] RestoreDC (hdc=0xf0105ee, nSavedDC=-1) returned 1
[0091.616] GetWindowPlacement (in: hWnd=0x70036, lpwndpl=0xb1e580 | out: lpwndpl=0xb1e580) returned 1
[0091.616] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x47, wParam=0x0, lParam=0xb1ea70) returned 0x0
[0091.616] GetClientRect (in: hWnd=0x70036, lpRect=0xb1e420 | out: lpRect=0xb1e420) returned 1
[0091.616] GetWindowRect (in: hWnd=0x70036, lpRect=0xb1e420 | out: lpRect=0xb1e420) returned 1
[0091.617] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0
[0091.617] PeekMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.617] IsWindowUnicode (hWnd=0x70030) returned 1
[0091.617] GetMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.617] TranslateMessage (lpMsg=0xb1ef10) returned 0
[0091.617] DispatchMessageW (lpMsg=0xb1ef10) returned 0x0
[0091.617] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70030, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0
[0091.617] PeekMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.617] IsWindowUnicode (hWnd=0x18001c) returned 1
[0091.617] GetMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.617] TranslateMessage (lpMsg=0xb1ef10) returned 0
[0091.617] DispatchMessageW (lpMsg=0xb1ef10) returned 0x0
[0091.617] PeekMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.617] IsWindowUnicode (hWnd=0x70036) returned 1
[0091.617] GetMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.617] TranslateMessage (lpMsg=0xb1ef10) returned 0
[0091.617] DispatchMessageW (lpMsg=0xb1ef10) returned 0x0
[0091.618] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x46, wParam=0x0, lParam=0xb1ea70) returned 0x0
[0091.618] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x83, wParam=0x1, lParam=0xb1ea40) returned 0x0
[0091.618] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0
[0091.618] GetWindowPlacement (in: hWnd=0x70036, lpwndpl=0xb1e5a0 | out: lpwndpl=0xb1e5a0) returned 1
[0091.618] GetClientRect (in: hWnd=0x70036, lpRect=0xb1e4c0 | out: lpRect=0xb1e4c0) returned 1
[0091.618] GetWindowTextLengthW (hWnd=0x70036) returned 16
[0091.618] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0091.618] GetSystemMetrics (nIndex=42) returned 0
[0091.618] GetWindowTextW (in: hWnd=0x70036, lpString=0xb1e200, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0091.618] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xd, wParam=0x11, lParam=0xb1e200) returned 0x10
[0091.619] GetClientRect (in: hWnd=0x70036, lpRect=0xb1e288 | out: lpRect=0xb1e288) returned 1
[0091.619] GetCurrentObject (hdc=0x60100ce, type=0x1) returned 0xb00017
[0091.619] GetCurrentObject (hdc=0x60100ce, type=0x2) returned 0x900010
[0091.619] GetCurrentObject (hdc=0x60100ce, type=0x7) returned 0xffffffff9f0507c6
[0091.619] GetCurrentObject (hdc=0x60100ce, type=0x6) returned 0x8a01c2
[0091.619] SaveDC (hdc=0x60100ce) returned 1
[0091.619] GetNearestColor (hdc=0x60100ce, color=0xf0f0f0) returned 0xf0f0f0
[0091.619] CreateSolidBrush (color=0xf0f0f0) returned 0x7c1007c4
[0091.619] FillRect (hDC=0x60100ce, lprc=0xb1df70, hbr=0x7c1007c4) returned 1
[0091.619] DeleteObject (ho=0x7c1007c4) returned 1
[0091.619] RestoreDC (hdc=0x60100ce, nSavedDC=-1) returned 1
[0091.620] GetWindowPlacement (in: hWnd=0x70036, lpwndpl=0xb1e580 | out: lpwndpl=0xb1e580) returned 1
[0091.620] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x47, wParam=0x0, lParam=0xb1ea70) returned 0x0
[0091.620] GetClientRect (in: hWnd=0x70036, lpRect=0xb1e420 | out: lpRect=0xb1e420) returned 1
[0091.620] GetWindowRect (in: hWnd=0x70036, lpRect=0xb1e420 | out: lpRect=0xb1e420) returned 1
[0091.620] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x31f, wParam=0x0, lParam=0x0) returned 0x0
[0091.620] PeekMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.620] IsWindowUnicode (hWnd=0x70036) returned 1
[0091.620] GetMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.620] TranslateMessage (lpMsg=0xb1ef10) returned 0
[0091.620] DispatchMessageW (lpMsg=0xb1ef10) returned 0x0
[0091.623] PeekMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.625] IsWindowUnicode (hWnd=0x70036) returned 1
[0091.625] GetMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.625] TranslateMessage (lpMsg=0xb1ef10) returned 0
[0091.625] DispatchMessageW (lpMsg=0xb1ef10) returned 0x0
[0091.643] BeginPaint (in: hWnd=0x70036, lpPaint=0xb1e588 | out: lpPaint=0xb1e588) returned 0x60100ce
[0091.644] GdipCreateHalftonePalette () returned 0x630807c0
[0091.644] SelectPalette (hdc=0x60100ce, hPal=0x630807c0, bForceBkgd=1) returned 0x88000b
[0091.644] GetWindowTextLengthW (hWnd=0x70036) returned 16
[0091.644] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0091.644] GetSystemMetrics (nIndex=42) returned 0
[0091.644] GetWindowTextW (in: hWnd=0x70036, lpString=0xb1e400, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0091.644] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xd, wParam=0x11, lParam=0xb1e400) returned 0x10
[0091.644] SelectPalette (hdc=0x60100ce, hPal=0x88000b, bForceBkgd=0) returned 0x630807c0
[0091.645] EndPaint (hWnd=0x70036, lpPaint=0xb1e528) returned 1
[0091.645] PeekMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.645] IsWindowUnicode (hWnd=0x18001c) returned 1
[0091.645] GetMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.645] TranslateMessage (lpMsg=0xb1ef10) returned 0
[0091.645] DispatchMessageW (lpMsg=0xb1ef10) returned 0x0
[0091.650] PeekMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.651] IsWindowUnicode (hWnd=0x18001c) returned 1
[0091.651] GetMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.651] TranslateMessage (lpMsg=0xb1ef10) returned 0
[0091.651] DispatchMessageW (lpMsg=0xb1ef10) returned 0x0
[0091.652] PeekMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.652] IsWindowUnicode (hWnd=0x18001c) returned 1
[0091.652] GetMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.652] TranslateMessage (lpMsg=0xb1ef10) returned 0
[0091.652] DispatchMessageW (lpMsg=0xb1ef10) returned 0x0
[0091.652] PeekMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.652] IsWindowUnicode (hWnd=0x18001c) returned 1
[0091.652] GetMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.652] TranslateMessage (lpMsg=0xb1ef10) returned 0
[0091.652] DispatchMessageW (lpMsg=0xb1ef10) returned 0x0
[0091.652] PeekMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.653] IsWindowUnicode (hWnd=0x302be) returned 1
[0091.653] GetMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1ef10) returned 1
[0091.653] TranslateMessage (lpMsg=0xb1ef10) returned 0
[0091.653] DispatchMessageW (lpMsg=0xb1ef10) returned 0x0
[0091.799] GetWindowThreadProcessId (in: hWnd=0x302be, lpdwProcessId=0xb1e7a0 | out: lpdwProcessId=0xb1e7a0) returned 0x11b4
[0091.799] GetCurrentThreadId () returned 0x11b4
[0091.799] IsWindow (hWnd=0x302be) returned 1
[0091.799] KillTimer (hWnd=0x302be, uIDEvent=0x2) returned 1
[0091.799] DestroyWindow (hWnd=0x302be) returned 1
[0091.800] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302be, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0091.800] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302be, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0091.800] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302be, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0091.807] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xb1e670, nSize=0x80 | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0091.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\LogonUIinf.exe", nBufferLength=0x105, lpBuffer=0xb1e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\LogonUIinf.exe", lpFilePart=0x0) returned 0x22
[0091.914] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xb1e540) returned 1
[0091.914] CreateFileW (lpFileName="C:\\Windows\\System32\\LogonUIinf.exe" (normalized: "c:\\windows\\system32\\logonuiinf.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x594
[0091.917] GetFileType (hFile=0x594) returned 0x1
[0091.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xb1e4b0) returned 1
[0091.917] GetFileType (hFile=0x594) returned 0x1
[0091.919] WriteFile (in: hFile=0x594, lpBuffer=0x27ee688*, nNumberOfBytesToWrite=0xe000, lpNumberOfBytesWritten=0xb1e6f8, lpOverlapped=0x0 | out: lpBuffer=0x27ee688*, lpNumberOfBytesWritten=0xb1e6f8*=0xe000, lpOverlapped=0x0) returned 1
[0091.923] CloseHandle (hObject=0x594) returned 1
[0091.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\ransom_voice.vbs", nBufferLength=0x105, lpBuffer=0xb1e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\ransom_voice.vbs", lpFilePart=0x0) returned 0x24
[0091.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xb1e540) returned 1
[0091.929] CreateFileW (lpFileName="C:\\Windows\\System32\\ransom_voice.vbs" (normalized: "c:\\windows\\system32\\ransom_voice.vbs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x594
[0091.930] GetFileType (hFile=0x594) returned 0x1
[0091.930] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xb1e4b0) returned 1
[0091.930] GetFileType (hFile=0x594) returned 0x1
[0091.930] WriteFile (in: hFile=0x594, lpBuffer=0x27fcd00*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0xb1e5b8, lpOverlapped=0x0 | out: lpBuffer=0x27fcd00*, lpNumberOfBytesWritten=0xb1e5b8*=0x190, lpOverlapped=0x0) returned 1
[0091.931] CloseHandle (hObject=0x594) returned 1
[0091.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WormLocker2.0.exe", nBufferLength=0x105, lpBuffer=0xb1e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WormLocker2.0.exe", lpFilePart=0x0) returned 0x25
[0091.932] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xb1e540) returned 1
[0091.933] CreateFileW (lpFileName="C:\\Windows\\System32\\WormLocker2.0.exe" (normalized: "c:\\windows\\system32\\wormlocker2.0.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x594
[0091.934] GetFileType (hFile=0x594) returned 0x1
[0091.934] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xb1e4b0) returned 1
[0091.934] GetFileType (hFile=0x594) returned 0x1
[0091.937] WriteFile (in: hFile=0x594, lpBuffer=0x127c1968*, nNumberOfBytesToWrite=0x1d000, lpNumberOfBytesWritten=0xb1e6f8, lpOverlapped=0x0 | out: lpBuffer=0x127c1968*, lpNumberOfBytesWritten=0xb1e6f8*=0x1d000, lpOverlapped=0x0) returned 1
[0091.941] CloseHandle (hObject=0x594) returned 1
[0091.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\LogonUI.exe", nBufferLength=0x105, lpBuffer=0xb1e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\LogonUI.exe", lpFilePart=0x0) returned 0x1f
[0091.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\LogonUItrue.exe", nBufferLength=0x105, lpBuffer=0xb1e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\LogonUItrue.exe", lpFilePart=0x0) returned 0x23
[0091.948] CopyFileW (lpExistingFileName="C:\\Windows\\System32\\LogonUI.exe" (normalized: "c:\\windows\\system32\\logonui.exe"), lpNewFileName="C:\\Windows\\System32\\LogonUItrue.exe" (normalized: "c:\\windows\\system32\\logonuitrue.exe"), bFailIfExists=1) returned 1
[0091.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\LogonUI.exe", nBufferLength=0x105, lpBuffer=0xb1e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\LogonUI.exe", lpFilePart=0x0) returned 0x1f
[0091.961] DeleteFileW (lpFileName="C:\\Windows\\System32\\LogonUI.exe" (normalized: "c:\\windows\\system32\\logonui.exe")) returned 0
[0091.985] EtwEventRegister (in: ProviderId=0x2800c48, EnableCallback=0x1b340b8c, CallbackContext=0x0, RegHandle=0x2800c28 | out: RegHandle=0x2800c28) returned 0x0
[0091.987] EtwEventSetInformation (RegHandle=0x6300001d0318c0, InformationClass=0x2, EventInformation=0x2800bb0, InformationLength=0x33) returned 0x0
[0092.062] GetUserObjectInformationA (in: hObj=0xe8, nIndex=1, pvInfo=0x2802b68, nLength=0xc, lpnLengthNeeded=0xb1bdf0 | out: pvInfo=0x2802b68, lpnLengthNeeded=0xb1bdf0) returned 1
[0092.081] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0092.081] AdjustWindowRectEx (in: lpRect=0xb1bca0, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0xb1bca0) returned 1
[0092.082] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0092.083] AdjustWindowRectEx (in: lpRect=0xb1bc90, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xb1bc90) returned 1
[0092.084] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0092.085] AdjustWindowRectEx (in: lpRect=0xb1bc70, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0xb1bc70) returned 1
[0092.085] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0092.085] AdjustWindowRectEx (in: lpRect=0xb1bc70, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0xb1bc70) returned 1
[0092.085] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0092.085] AdjustWindowRectEx (in: lpRect=0xb1bc70, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0xb1bc70) returned 1
[0092.085] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0092.085] AdjustWindowRectEx (in: lpRect=0xb1bc70, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0xb1bc70) returned 1
[0092.088] GetDC (hWnd=0x0) returned 0x10105d6
[0092.088] GdipCreateFromHDC (hdc=0x10105d6, graphics=0xb1b9d8) returned 0x0
[0092.089] GdipGetFontHeight (font=0x1b40ebe0, graphics=0x1c621520, height=0xb1b9d4) returned 0x0
[0092.089] GdipDeleteGraphics (graphics=0x1c621520) returned 0x0
[0092.089] ReleaseDC (hWnd=0x0, hDC=0x10105d6) returned 1
[0092.089] GetSystemMetrics (nIndex=5) returned 1
[0092.090] GetSystemMetrics (nIndex=6) returned 1
[0092.090] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0092.091] AdjustWindowRectEx (in: lpRect=0xb1bc90, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0xb1bc90) returned 1
[0092.091] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0092.091] AdjustWindowRectEx (in: lpRect=0xb1bc30, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0xb1bc30) returned 1
[0092.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xb1b690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
[0092.485] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xb1bb20) returned 1
[0092.485] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorlib.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscorlib.dll"), fInfoLevelId=0x0, lpFileInformation=0xb1bc00 | out: lpFileInformation=0xb1bc00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79529280, ftCreationTime.dwHighDateTime=0x1d32794, ftLastAccessTime.dwLowDateTime=0x79529280, ftLastAccessTime.dwHighDateTime=0x1d32794, ftLastWriteTime.dwLowDateTime=0x7954f49e, ftLastWriteTime.dwHighDateTime=0x1d32794, nFileSizeHigh=0x0, nFileSizeLow=0x526ca8)) returned 1
[0092.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xb1bae0) returned 1
[0092.487] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorlib.dll", lpdwHandle=0xb1bcd8 | out: lpdwHandle=0xb1bcd8) returned 0x82c
[0092.582] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorlib.dll", dwHandle=0x0, dwLen=0x82c, lpData=0x280c6d0 | out: lpData=0x280c6d0) returned 1
[0092.584] VerQueryValueW (in: pBlock=0x280c6d0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xb1bc58, puLen=0xb1bc50 | out: lplpBuffer=0xb1bc58*=0x280cae0, puLen=0xb1bc50) returned 1
[0092.585] VerQueryValueW (in: pBlock=0x280c6d0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\CompanyName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280c788, puLen=0xb1bbf0) returned 1
[0092.586] VerQueryValueW (in: pBlock=0x280c6d0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileDescription", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280c7dc, puLen=0xb1bbf0) returned 1
[0092.586] VerQueryValueW (in: pBlock=0x280c6d0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileVersion", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280c85c, puLen=0xb1bbf0) returned 1
[0092.586] VerQueryValueW (in: pBlock=0x280c6d0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\InternalName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280c8c4, puLen=0xb1bbf0) returned 1
[0092.586] VerQueryValueW (in: pBlock=0x280c6d0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalCopyright", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280c904, puLen=0xb1bbf0) returned 1
[0092.586] VerQueryValueW (in: pBlock=0x280c6d0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\OriginalFilename", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280c98c, puLen=0xb1bbf0) returned 1
[0092.586] VerQueryValueW (in: pBlock=0x280c6d0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280c9c8, puLen=0xb1bbf0) returned 1
[0092.586] VerQueryValueW (in: pBlock=0x280c6d0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductVersion", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280ca20, puLen=0xb1bbf0) returned 1
[0092.586] VerQueryValueW (in: pBlock=0x280c6d0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\Comments", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280ca50, puLen=0xb1bbf0) returned 1
[0092.586] VerQueryValueW (in: pBlock=0x280c6d0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalTrademarks", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x0, puLen=0xb1bbf0) returned 0
[0092.586] VerQueryValueW (in: pBlock=0x280c6d0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\PrivateBuild", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280ca8c, puLen=0xb1bbf0) returned 1
[0092.586] VerQueryValueW (in: pBlock=0x280c6d0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\SpecialBuild", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x0, puLen=0xb1bbf0) returned 0
[0092.586] VerQueryValueW (in: pBlock=0x280c6d0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xb1bba8, puLen=0xb1bba0 | out: lplpBuffer=0xb1bba8*=0x280cae0, puLen=0xb1bba0) returned 1
[0092.586] VerLanguageNameW (in: wLang=0x409, szLang=0xb1b8d0, cchLang=0x100 | out: szLang="English (United States)") returned 0x17
[0092.588] VerQueryValueW (in: pBlock=0x280c6d0, lpSubBlock="\\", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280c6f8, puLen=0xb1bbf0) returned 1
[0092.591] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\8g4YJ5vYi5gsz9qg.exe", nBufferLength=0x105, lpBuffer=0xb1b690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\8g4YJ5vYi5gsz9qg.exe", lpFilePart=0x0) returned 0x2c
[0092.591] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xb1bb20) returned 1
[0092.591] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\8g4YJ5vYi5gsz9qg.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\8g4yj5vyi5gsz9qg.exe"), fInfoLevelId=0x0, lpFileInformation=0xb1bc00 | out: lpFileInformation=0xb1bc00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e3fae00, ftCreationTime.dwHighDateTime=0x1d6f1dd, ftLastAccessTime.dwLowDateTime=0x2e3fae00, ftLastAccessTime.dwHighDateTime=0x1d6f1dd, ftLastWriteTime.dwLowDateTime=0x2b908900, ftLastWriteTime.dwHighDateTime=0x1d6f1dc, nFileSizeHigh=0x0, nFileSizeLow=0x2ea00)) returned 1
[0092.591] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xb1bae0) returned 1
[0092.591] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Users\\FD1HVy\\Desktop\\8g4YJ5vYi5gsz9qg.exe", lpdwHandle=0xb1bcd8 | out: lpdwHandle=0xb1bcd8) returned 0x60c
[0092.591] GetFileVersionInfoW (in: lptstrFilename="C:\\Users\\FD1HVy\\Desktop\\8g4YJ5vYi5gsz9qg.exe", dwHandle=0x0, dwLen=0x60c, lpData=0x280eff8 | out: lpData=0x280eff8) returned 1
[0092.647] VerQueryValueW (in: pBlock=0x280eff8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xb1bc58, puLen=0xb1bc50 | out: lplpBuffer=0xb1bc58*=0x280f094, puLen=0xb1bc50) returned 1
[0092.647] VerQueryValueW (in: pBlock=0x280eff8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280f10c, puLen=0xb1bbf0) returned 1
[0092.647] VerQueryValueW (in: pBlock=0x280eff8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280f13c, puLen=0xb1bbf0) returned 1
[0092.647] VerQueryValueW (in: pBlock=0x280eff8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280f170, puLen=0xb1bbf0) returned 1
[0092.647] VerQueryValueW (in: pBlock=0x280eff8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280f1a0, puLen=0xb1bbf0) returned 1
[0092.647] VerQueryValueW (in: pBlock=0x280eff8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280f1d4, puLen=0xb1bbf0) returned 1
[0092.647] VerQueryValueW (in: pBlock=0x280eff8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280f24c, puLen=0xb1bbf0) returned 1
[0092.647] VerQueryValueW (in: pBlock=0x280eff8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280f27c, puLen=0xb1bbf0) returned 1
[0092.648] VerQueryValueW (in: pBlock=0x280eff8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280f2b4, puLen=0xb1bbf0) returned 1
[0092.648] VerQueryValueW (in: pBlock=0x280eff8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280f0ea, puLen=0xb1bbf0) returned 1
[0092.648] VerQueryValueW (in: pBlock=0x280eff8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280f21c, puLen=0xb1bbf0) returned 1
[0092.648] VerQueryValueW (in: pBlock=0x280eff8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x0, puLen=0xb1bbf0) returned 0
[0092.648] VerQueryValueW (in: pBlock=0x280eff8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x0, puLen=0xb1bbf0) returned 0
[0092.648] VerQueryValueW (in: pBlock=0x280eff8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xb1bba8, puLen=0xb1bba0 | out: lplpBuffer=0xb1bba8*=0x280f094, puLen=0xb1bba0) returned 1
[0092.648] VerLanguageNameW (in: wLang=0x0, szLang=0xb1b8d0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
[0092.648] VerQueryValueW (in: pBlock=0x280eff8, lpSubBlock="\\", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x280f020, puLen=0xb1bbf0) returned 1
[0092.649] GetFullPathNameW (in: lpFileName="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0xb1b690, lpFilePart=0x0 | out: lpBuffer="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77
[0092.649] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xb1bb20) returned 1
[0092.649] GetFileAttributesExW (in: lpFileName="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.windows.forms\\v4.0_4.0.0.0__b77a5c561934e089\\system.windows.forms.dll"), fInfoLevelId=0x0, lpFileInformation=0xb1bc00 | out: lpFileInformation=0xb1bc00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79490901, ftCreationTime.dwHighDateTime=0x1d32794, ftLastAccessTime.dwLowDateTime=0x79490901, ftLastAccessTime.dwHighDateTime=0x1d32794, ftLastWriteTime.dwLowDateTime=0x794b6b79, ftLastWriteTime.dwHighDateTime=0x1d32794, nFileSizeHigh=0x0, nFileSizeLow=0x4f12d8)) returned 1
[0092.650] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xb1bae0) returned 1
[0092.650] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpdwHandle=0xb1bcd8 | out: lpdwHandle=0xb1bcd8) returned 0x80c
[0092.653] GetFileVersionInfoW (in: lptstrFilename="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", dwHandle=0x0, dwLen=0x80c, lpData=0x28112f0 | out: lpData=0x28112f0) returned 1
[0092.653] VerQueryValueW (in: pBlock=0x28112f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xb1bc58, puLen=0xb1bc50 | out: lplpBuffer=0xb1bc58*=0x28116f0, puLen=0xb1bc50) returned 1
[0092.653] VerQueryValueW (in: pBlock=0x28112f0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\CompanyName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x28113a8, puLen=0xb1bbf0) returned 1
[0092.653] VerQueryValueW (in: pBlock=0x28112f0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileDescription", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x28113fc, puLen=0xb1bbf0) returned 1
[0092.654] VerQueryValueW (in: pBlock=0x28112f0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileVersion", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281143c, puLen=0xb1bbf0) returned 1
[0092.654] VerQueryValueW (in: pBlock=0x28112f0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\InternalName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x28114a4, puLen=0xb1bbf0) returned 1
[0092.656] VerQueryValueW (in: pBlock=0x28112f0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalCopyright", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x28114fc, puLen=0xb1bbf0) returned 1
[0092.656] VerQueryValueW (in: pBlock=0x28112f0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\OriginalFilename", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2811584, puLen=0xb1bbf0) returned 1
[0092.656] VerQueryValueW (in: pBlock=0x28112f0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x28115d8, puLen=0xb1bbf0) returned 1
[0092.656] VerQueryValueW (in: pBlock=0x28112f0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductVersion", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2811630, puLen=0xb1bbf0) returned 1
[0092.656] VerQueryValueW (in: pBlock=0x28112f0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\Comments", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2811660, puLen=0xb1bbf0) returned 1
[0092.656] VerQueryValueW (in: pBlock=0x28112f0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalTrademarks", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x0, puLen=0xb1bbf0) returned 0
[0092.656] VerQueryValueW (in: pBlock=0x28112f0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\PrivateBuild", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281169c, puLen=0xb1bbf0) returned 1
[0092.656] VerQueryValueW (in: pBlock=0x28112f0, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\SpecialBuild", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x0, puLen=0xb1bbf0) returned 0
[0092.656] VerQueryValueW (in: pBlock=0x28112f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xb1bba8, puLen=0xb1bba0 | out: lplpBuffer=0xb1bba8*=0x28116f0, puLen=0xb1bba0) returned 1
[0092.656] VerLanguageNameW (in: wLang=0x409, szLang=0xb1b8d0, cchLang=0x100 | out: szLang="English (United States)") returned 0x17
[0092.657] VerQueryValueW (in: pBlock=0x28112f0, lpSubBlock="\\", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2811318, puLen=0xb1bbf0) returned 1
[0092.657] GetFullPathNameW (in: lpFileName="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xb1b690, lpFilePart=0x0 | out: lpBuffer="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x5b
[0092.658] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xb1bb20) returned 1
[0092.658] GetFileAttributesExW (in: lpFileName="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system\\v4.0_4.0.0.0__b77a5c561934e089\\system.dll"), fInfoLevelId=0x0, lpFileInformation=0xb1bc00 | out: lpFileInformation=0xb1bc00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7960e088, ftCreationTime.dwHighDateTime=0x1d32794, ftLastAccessTime.dwLowDateTime=0x7960e088, ftLastAccessTime.dwHighDateTime=0x1d32794, ftLastWriteTime.dwLowDateTime=0x7963430c, ftLastWriteTime.dwHighDateTime=0x1d32794, nFileSizeHigh=0x0, nFileSizeLow=0x35ce88)) returned 1
[0092.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xb1bae0) returned 1
[0092.658] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.dll", lpdwHandle=0xb1bcd8 | out: lpdwHandle=0xb1bcd8) returned 0x79c
[0092.712] GetFileVersionInfoW (in: lptstrFilename="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.dll", dwHandle=0x0, dwLen=0x79c, lpData=0x2814660 | out: lpData=0x2814660) returned 1
[0092.712] VerQueryValueW (in: pBlock=0x2814660, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xb1bc58, puLen=0xb1bc50 | out: lplpBuffer=0xb1bc58*=0x2814a28, puLen=0xb1bc50) returned 1
[0092.712] VerQueryValueW (in: pBlock=0x2814660, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\CompanyName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2814718, puLen=0xb1bbf0) returned 1
[0092.712] VerQueryValueW (in: pBlock=0x2814660, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileDescription", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281476c, puLen=0xb1bbf0) returned 1
[0092.713] VerQueryValueW (in: pBlock=0x2814660, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileVersion", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x28147ac, puLen=0xb1bbf0) returned 1
[0092.713] VerQueryValueW (in: pBlock=0x2814660, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\InternalName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2814814, puLen=0xb1bbf0) returned 1
[0092.713] VerQueryValueW (in: pBlock=0x2814660, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalCopyright", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2814850, puLen=0xb1bbf0) returned 1
[0092.713] VerQueryValueW (in: pBlock=0x2814660, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\OriginalFilename", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x28148d8, puLen=0xb1bbf0) returned 1
[0092.713] VerQueryValueW (in: pBlock=0x2814660, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2814910, puLen=0xb1bbf0) returned 1
[0092.713] VerQueryValueW (in: pBlock=0x2814660, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductVersion", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2814968, puLen=0xb1bbf0) returned 1
[0092.713] VerQueryValueW (in: pBlock=0x2814660, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\Comments", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2814998, puLen=0xb1bbf0) returned 1
[0092.713] VerQueryValueW (in: pBlock=0x2814660, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalTrademarks", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x0, puLen=0xb1bbf0) returned 0
[0092.713] VerQueryValueW (in: pBlock=0x2814660, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\PrivateBuild", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x28149d4, puLen=0xb1bbf0) returned 1
[0092.713] VerQueryValueW (in: pBlock=0x2814660, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\SpecialBuild", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x0, puLen=0xb1bbf0) returned 0
[0092.713] VerQueryValueW (in: pBlock=0x2814660, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xb1bba8, puLen=0xb1bba0 | out: lplpBuffer=0xb1bba8*=0x2814a28, puLen=0xb1bba0) returned 1
[0092.713] VerLanguageNameW (in: wLang=0x409, szLang=0xb1b8d0, cchLang=0x100 | out: szLang="English (United States)") returned 0x17
[0092.713] VerQueryValueW (in: pBlock=0x2814660, lpSubBlock="\\", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2814688, puLen=0xb1bbf0) returned 1
[0092.714] GetFullPathNameW (in: lpFileName="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Drawing\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\System.Drawing.dll", nBufferLength=0x105, lpBuffer=0xb1b690, lpFilePart=0x0 | out: lpBuffer="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Drawing\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\System.Drawing.dll", lpFilePart=0x0) returned 0x6b
[0092.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xb1bb20) returned 1
[0092.714] GetFileAttributesExW (in: lpFileName="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Drawing\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\System.Drawing.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.drawing\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\system.drawing.dll"), fInfoLevelId=0x0, lpFileInformation=0xb1bc00 | out: lpFileInformation=0xb1bc00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93f019ce, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x93f019ce, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x93f019ce, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x926b0)) returned 1
[0092.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xb1bae0) returned 1
[0092.715] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Drawing\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\System.Drawing.dll", lpdwHandle=0xb1bcd8 | out: lpdwHandle=0xb1bcd8) returned 0x7cc
[0092.744] GetFileVersionInfoW (in: lptstrFilename="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Drawing\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\System.Drawing.dll", dwHandle=0x0, dwLen=0x7cc, lpData=0x28171b8 | out: lpData=0x28171b8) returned 1
[0092.745] VerQueryValueW (in: pBlock=0x28171b8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xb1bc58, puLen=0xb1bc50 | out: lplpBuffer=0xb1bc58*=0x2817598, puLen=0xb1bc50) returned 1
[0092.745] VerQueryValueW (in: pBlock=0x28171b8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\CompanyName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2817270, puLen=0xb1bbf0) returned 1
[0092.745] VerQueryValueW (in: pBlock=0x28171b8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileDescription", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x28172c4, puLen=0xb1bbf0) returned 1
[0092.745] VerQueryValueW (in: pBlock=0x28171b8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileVersion", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2817304, puLen=0xb1bbf0) returned 1
[0092.745] VerQueryValueW (in: pBlock=0x28171b8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\InternalName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2817364, puLen=0xb1bbf0) returned 1
[0092.745] VerQueryValueW (in: pBlock=0x28171b8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalCopyright", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x28173b0, puLen=0xb1bbf0) returned 1
[0092.745] VerQueryValueW (in: pBlock=0x28171b8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\OriginalFilename", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2817438, puLen=0xb1bbf0) returned 1
[0092.745] VerQueryValueW (in: pBlock=0x28171b8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2817480, puLen=0xb1bbf0) returned 1
[0092.745] VerQueryValueW (in: pBlock=0x28171b8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductVersion", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x28174d8, puLen=0xb1bbf0) returned 1
[0092.745] VerQueryValueW (in: pBlock=0x28171b8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\Comments", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2817508, puLen=0xb1bbf0) returned 1
[0092.745] VerQueryValueW (in: pBlock=0x28171b8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalTrademarks", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x0, puLen=0xb1bbf0) returned 0
[0092.746] VerQueryValueW (in: pBlock=0x28171b8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\PrivateBuild", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2817544, puLen=0xb1bbf0) returned 1
[0092.746] VerQueryValueW (in: pBlock=0x28171b8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\SpecialBuild", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x0, puLen=0xb1bbf0) returned 0
[0092.746] VerQueryValueW (in: pBlock=0x28171b8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xb1bba8, puLen=0xb1bba0 | out: lplpBuffer=0xb1bba8*=0x2817598, puLen=0xb1bba0) returned 1
[0092.746] VerLanguageNameW (in: wLang=0x409, szLang=0xb1b8d0, cchLang=0x100 | out: szLang="English (United States)") returned 0x17
[0092.746] VerQueryValueW (in: pBlock=0x28171b8, lpSubBlock="\\", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x28171e0, puLen=0xb1bbf0) returned 1
[0092.747] GetFullPathNameW (in: lpFileName="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Configuration\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll", nBufferLength=0x105, lpBuffer=0xb1b690, lpFilePart=0x0 | out: lpBuffer="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Configuration\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll", lpFilePart=0x0) returned 0x77
[0092.747] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xb1bb20) returned 1
[0092.747] GetFileAttributesExW (in: lpFileName="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Configuration\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.configuration\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\system.configuration.dll"), fInfoLevelId=0x0, lpFileInformation=0xb1bc00 | out: lpFileInformation=0xb1bc00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917f6420, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x917f6420, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x917f6420, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x634d8)) returned 1
[0092.747] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xb1bae0) returned 1
[0092.747] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Configuration\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll", lpdwHandle=0xb1bcd8 | out: lpdwHandle=0xb1bcd8) returned 0x824
[0092.811] GetFileVersionInfoW (in: lptstrFilename="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Configuration\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll", dwHandle=0x0, dwLen=0x824, lpData=0x2819e18 | out: lpData=0x2819e18) returned 1
[0092.811] VerQueryValueW (in: pBlock=0x2819e18, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xb1bc58, puLen=0xb1bc50 | out: lplpBuffer=0xb1bc58*=0x281a224, puLen=0xb1bc50) returned 1
[0092.811] VerQueryValueW (in: pBlock=0x2819e18, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\CompanyName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2819ed0, puLen=0xb1bbf0) returned 1
[0092.812] VerQueryValueW (in: pBlock=0x2819e18, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileDescription", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2819f24, puLen=0xb1bbf0) returned 1
[0092.812] VerQueryValueW (in: pBlock=0x2819e18, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileVersion", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2819f78, puLen=0xb1bbf0) returned 1
[0092.812] VerQueryValueW (in: pBlock=0x2819e18, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\InternalName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2819fd8, puLen=0xb1bbf0) returned 1
[0092.812] VerQueryValueW (in: pBlock=0x2819e18, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalCopyright", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281a030, puLen=0xb1bbf0) returned 1
[0092.812] VerQueryValueW (in: pBlock=0x2819e18, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\OriginalFilename", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281a0b8, puLen=0xb1bbf0) returned 1
[0092.812] VerQueryValueW (in: pBlock=0x2819e18, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281a10c, puLen=0xb1bbf0) returned 1
[0092.812] VerQueryValueW (in: pBlock=0x2819e18, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductVersion", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281a164, puLen=0xb1bbf0) returned 1
[0092.812] VerQueryValueW (in: pBlock=0x2819e18, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\Comments", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281a194, puLen=0xb1bbf0) returned 1
[0092.812] VerQueryValueW (in: pBlock=0x2819e18, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalTrademarks", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x0, puLen=0xb1bbf0) returned 0
[0092.812] VerQueryValueW (in: pBlock=0x2819e18, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\PrivateBuild", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281a1d0, puLen=0xb1bbf0) returned 1
[0092.812] VerQueryValueW (in: pBlock=0x2819e18, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\SpecialBuild", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x0, puLen=0xb1bbf0) returned 0
[0092.812] VerQueryValueW (in: pBlock=0x2819e18, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xb1bba8, puLen=0xb1bba0 | out: lplpBuffer=0xb1bba8*=0x281a224, puLen=0xb1bba0) returned 1
[0092.812] VerLanguageNameW (in: wLang=0x409, szLang=0xb1b8d0, cchLang=0x100 | out: szLang="English (United States)") returned 0x17
[0092.812] VerQueryValueW (in: pBlock=0x2819e18, lpSubBlock="\\", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x2819e40, puLen=0xb1bbf0) returned 1
[0092.813] GetFullPathNameW (in: lpFileName="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Core\\v4.0_4.0.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0xb1b690, lpFilePart=0x0 | out: lpBuffer="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Core\\v4.0_4.0.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x65
[0092.813] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xb1bb20) returned 1
[0092.813] GetFileAttributesExW (in: lpFileName="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Core\\v4.0_4.0.0.0__b77a5c561934e089\\System.Core.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.core\\v4.0_4.0.0.0__b77a5c561934e089\\system.core.dll"), fInfoLevelId=0x0, lpFileInformation=0xb1bc00 | out: lpFileInformation=0xb1bc00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7676a078, ftCreationTime.dwHighDateTime=0x1d32794, ftLastAccessTime.dwLowDateTime=0x7676a078, ftLastAccessTime.dwHighDateTime=0x1d32794, ftLastWriteTime.dwLowDateTime=0x7676a078, ftLastWriteTime.dwHighDateTime=0x1d32794, nFileSizeHigh=0x0, nFileSizeLow=0x1514a0)) returned 1
[0092.813] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xb1bae0) returned 1
[0092.813] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Core\\v4.0_4.0.0.0__b77a5c561934e089\\System.Core.dll", lpdwHandle=0xb1bcd8 | out: lpdwHandle=0xb1bcd8) returned 0x7bc
[0092.816] GetFileVersionInfoW (in: lptstrFilename="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Core\\v4.0_4.0.0.0__b77a5c561934e089\\System.Core.dll", dwHandle=0x0, dwLen=0x7bc, lpData=0x281cb58 | out: lpData=0x281cb58) returned 1
[0092.817] VerQueryValueW (in: pBlock=0x281cb58, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xb1bc58, puLen=0xb1bc50 | out: lplpBuffer=0xb1bc58*=0x281cf30, puLen=0xb1bc50) returned 1
[0092.817] VerQueryValueW (in: pBlock=0x281cb58, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\CompanyName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281cc10, puLen=0xb1bbf0) returned 1
[0092.817] VerQueryValueW (in: pBlock=0x281cb58, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileDescription", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281cc64, puLen=0xb1bbf0) returned 1
[0092.817] VerQueryValueW (in: pBlock=0x281cb58, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileVersion", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281cca4, puLen=0xb1bbf0) returned 1
[0092.817] VerQueryValueW (in: pBlock=0x281cb58, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\InternalName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281cd0c, puLen=0xb1bbf0) returned 1
[0092.817] VerQueryValueW (in: pBlock=0x281cb58, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalCopyright", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281cd50, puLen=0xb1bbf0) returned 1
[0092.817] VerQueryValueW (in: pBlock=0x281cb58, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\OriginalFilename", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281cdd8, puLen=0xb1bbf0) returned 1
[0092.817] VerQueryValueW (in: pBlock=0x281cb58, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281ce18, puLen=0xb1bbf0) returned 1
[0092.817] VerQueryValueW (in: pBlock=0x281cb58, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductVersion", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281ce70, puLen=0xb1bbf0) returned 1
[0092.817] VerQueryValueW (in: pBlock=0x281cb58, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\Comments", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281cea0, puLen=0xb1bbf0) returned 1
[0092.817] VerQueryValueW (in: pBlock=0x281cb58, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalTrademarks", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x0, puLen=0xb1bbf0) returned 0
[0092.817] VerQueryValueW (in: pBlock=0x281cb58, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\PrivateBuild", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281cedc, puLen=0xb1bbf0) returned 1
[0092.817] VerQueryValueW (in: pBlock=0x281cb58, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\SpecialBuild", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x0, puLen=0xb1bbf0) returned 0
[0092.817] VerQueryValueW (in: pBlock=0x281cb58, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xb1bba8, puLen=0xb1bba0 | out: lplpBuffer=0xb1bba8*=0x281cf30, puLen=0xb1bba0) returned 1
[0092.817] VerLanguageNameW (in: wLang=0x409, szLang=0xb1b8d0, cchLang=0x100 | out: szLang="English (United States)") returned 0x17
[0092.817] VerQueryValueW (in: pBlock=0x281cb58, lpSubBlock="\\", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281cb80, puLen=0xb1bbf0) returned 1
[0092.818] GetFullPathNameW (in: lpFileName="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Xml\\v4.0_4.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0xb1b690, lpFilePart=0x0 | out: lpBuffer="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Xml\\v4.0_4.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x63
[0092.818] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xb1bb20) returned 1
[0092.818] GetFileAttributesExW (in: lpFileName="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Xml\\v4.0_4.0.0.0__b77a5c561934e089\\System.Xml.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.xml\\v4.0_4.0.0.0__b77a5c561934e089\\system.xml.dll"), fInfoLevelId=0x0, lpFileInformation=0xb1bc00 | out: lpFileInformation=0xb1bc00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x765ec96e, ftCreationTime.dwHighDateTime=0x1d32794, ftLastAccessTime.dwLowDateTime=0x765ec96e, ftLastAccessTime.dwHighDateTime=0x1d32794, ftLastWriteTime.dwLowDateTime=0x76612aa8, ftLastWriteTime.dwHighDateTime=0x1d32794, nFileSizeHigh=0x0, nFileSizeLow=0x28b098)) returned 1
[0092.819] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xb1bae0) returned 1
[0092.819] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Xml\\v4.0_4.0.0.0__b77a5c561934e089\\System.Xml.dll", lpdwHandle=0xb1bcd8 | out: lpdwHandle=0xb1bcd8) returned 0x7bc
[0093.052] GetFileVersionInfoW (in: lptstrFilename="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Xml\\v4.0_4.0.0.0__b77a5c561934e089\\System.Xml.dll", dwHandle=0x0, dwLen=0x7bc, lpData=0x281f568 | out: lpData=0x281f568) returned 1
[0093.053] VerQueryValueW (in: pBlock=0x281f568, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xb1bc58, puLen=0xb1bc50 | out: lplpBuffer=0xb1bc58*=0x281f940, puLen=0xb1bc50) returned 1
[0093.053] VerQueryValueW (in: pBlock=0x281f568, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\CompanyName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281f620, puLen=0xb1bbf0) returned 1
[0093.053] VerQueryValueW (in: pBlock=0x281f568, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileDescription", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281f674, puLen=0xb1bbf0) returned 1
[0093.054] VerQueryValueW (in: pBlock=0x281f568, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileVersion", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281f6b4, puLen=0xb1bbf0) returned 1
[0093.054] VerQueryValueW (in: pBlock=0x281f568, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\InternalName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281f71c, puLen=0xb1bbf0) returned 1
[0093.054] VerQueryValueW (in: pBlock=0x281f568, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalCopyright", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281f760, puLen=0xb1bbf0) returned 1
[0093.054] VerQueryValueW (in: pBlock=0x281f568, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\OriginalFilename", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281f7e8, puLen=0xb1bbf0) returned 1
[0093.054] VerQueryValueW (in: pBlock=0x281f568, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductName", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281f828, puLen=0xb1bbf0) returned 1
[0093.054] VerQueryValueW (in: pBlock=0x281f568, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductVersion", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281f880, puLen=0xb1bbf0) returned 1
[0093.054] VerQueryValueW (in: pBlock=0x281f568, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\Comments", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281f8b0, puLen=0xb1bbf0) returned 1
[0093.054] VerQueryValueW (in: pBlock=0x281f568, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalTrademarks", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x0, puLen=0xb1bbf0) returned 0
[0093.054] VerQueryValueW (in: pBlock=0x281f568, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\PrivateBuild", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281f8ec, puLen=0xb1bbf0) returned 1
[0093.054] VerQueryValueW (in: pBlock=0x281f568, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\SpecialBuild", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x0, puLen=0xb1bbf0) returned 0
[0093.054] VerQueryValueW (in: pBlock=0x281f568, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xb1bba8, puLen=0xb1bba0 | out: lplpBuffer=0xb1bba8*=0x281f940, puLen=0xb1bba0) returned 1
[0093.054] VerLanguageNameW (in: wLang=0x409, szLang=0xb1b8d0, cchLang=0x100 | out: szLang="English (United States)") returned 0x17
[0093.054] VerQueryValueW (in: pBlock=0x281f568, lpSubBlock="\\", lplpBuffer=0xb1bbf8, puLen=0xb1bbf0 | out: lplpBuffer=0xb1bbf8*=0x281f590, puLen=0xb1bbf0) returned 1
[0093.058] GetCurrentActCtx (in: lphActCtx=0xb1bb80 | out: lphActCtx=0xb1bb80*=0x0) returned 1
[0093.058] ActivateActCtx (in: hActCtx=0xdcfa08, lpCookie=0xb1bbc0 | out: hActCtx=0xdcfa08, lpCookie=0xb1bbc0) returned 1
[0093.059] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0093.066] GetCurrentActCtx (in: lphActCtx=0xb1ba50 | out: lphActCtx=0xb1ba50*=0xdcfa08) returned 1
[0093.067] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0093.067] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0093.067] CreateWindowExW (dwExStyle=0x10000, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r6_ad1", lpWindowName="WindowsFormsParkingWindow", dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0x790000, lpParam=0x0) returned 0x602c2
[0093.068] SetWindowLongPtrW (hWnd=0x602c2, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b34086c
[0093.068] GetWindowLongPtrW (hWnd=0x602c2, nIndex=-4) returned 0x7ffcea425090
[0093.068] SetWindowLongPtrW (hWnd=0x602c2, nIndex=-4, dwNewLong=0x1b340bdc) returned 0x7ffcea425090
[0093.068] GetWindowLongPtrW (hWnd=0x602c2, nIndex=-4) returned 0x1b340bdc
[0093.068] GetWindowLongPtrW (hWnd=0x602c2, nIndex=-16) returned 0x6c10000
[0093.068] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x602c2, Msg=0x24, wParam=0x0, lParam=0xb1b180) returned 0x0
[0093.068] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x602c2, Msg=0x81, wParam=0x0, lParam=0xb1b0f0) returned 0x1
[0093.069] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x602c2, Msg=0x83, wParam=0x0, lParam=0xb1b1a0) returned 0x0
[0093.069] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x602c2, Msg=0x1, wParam=0x0, lParam=0xb1b0b0) returned 0x0
[0093.069] GetClientRect (in: hWnd=0x602c2, lpRect=0xb1aa80 | out: lpRect=0xb1aa80) returned 1
[0093.069] GetWindowRect (in: hWnd=0x602c2, lpRect=0xb1aa80 | out: lpRect=0xb1aa80) returned 1
[0093.070] SetWindowTextW (hWnd=0x602c2, lpString="WindowsFormsParkingWindow") returned 1
[0093.070] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x602c2, Msg=0xc, wParam=0x0, lParam=0x28250ac) returned 0x1
[0093.071] GetParent (hWnd=0x602c2) returned 0x0
[0093.071] GetClassInfoW (in: hInstance=0x0, lpClassName="STATIC", lpWndClass=0x2825508 | out: lpWndClass=0x2825508) returned 1
[0093.072] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0093.073] CoTaskMemAlloc (cb=0x56) returned 0x1d035bf0
[0093.073] RegisterClassW (lpWndClass=0xb1b870) returned 0xc1a1
[0093.073] CoTaskMemFree (pv=0x1d035bf0)
[0093.073] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0093.073] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r6_ad1", lpWindowName=0x0, dwStyle=0x5600000d, X=0, Y=0, nWidth=100, nHeight=23, hWndParent=0x602c2, hMenu=0x0, hInstance=0x790000, lpParam=0x0) returned 0x202cc
[0093.073] SetWindowLongPtrW (hWnd=0x202cc, nIndex=-4, dwNewLong=0x7ffcdf0cfd70) returned 0x1b340c2c
[0093.073] GetWindowLongPtrW (hWnd=0x202cc, nIndex=-4) returned 0x7ffcdf0cfd70
[0093.073] SetWindowLongPtrW (hWnd=0x202cc, nIndex=-4, dwNewLong=0x1b340c7c) returned 0x7ffcdf0cfd70
[0093.074] GetWindowLongPtrW (hWnd=0x202cc, nIndex=-4) returned 0x1b340c7c
[0093.074] GetWindowLongPtrW (hWnd=0x202cc, nIndex=-16) returned 0x4600000d
[0093.074] GetWindowLongPtrW (hWnd=0x202cc, nIndex=-12) returned 0x0
[0093.074] SetWindowLongPtrW (hWnd=0x202cc, nIndex=-12, dwNewLong=0x202cc) returned 0x0
[0093.074] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x81, wParam=0x0, lParam=0xb1b220) returned 0x1
[0093.075] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x83, wParam=0x0, lParam=0xb1b2d0) returned 0x0
[0093.075] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x1, wParam=0x0, lParam=0xb1b220) returned 0x0
[0093.076] GetClientRect (in: hWnd=0x202cc, lpRect=0xb1abc0 | out: lpRect=0xb1abc0) returned 1
[0093.076] GetWindowRect (in: hWnd=0x202cc, lpRect=0xb1abc0 | out: lpRect=0xb1abc0) returned 1
[0093.076] GetParent (hWnd=0x202cc) returned 0x602c2
[0093.076] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x602c2, lpPoints=0xb1abc0, cPoints=0x2 | out: lpPoints=0xb1abc0) returned -1638403
[0093.077] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x5, wParam=0x0, lParam=0x170064) returned 0x0
[0093.077] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0
[0093.077] GetClientRect (in: hWnd=0x202cc, lpRect=0xb1acd0 | out: lpRect=0xb1acd0) returned 1
[0093.077] GetWindowRect (in: hWnd=0x202cc, lpRect=0xb1acd0 | out: lpRect=0xb1acd0) returned 1
[0093.077] GetParent (hWnd=0x202cc) returned 0x602c2
[0093.077] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x602c2, lpPoints=0xb1acd0, cPoints=0x2 | out: lpPoints=0xb1acd0) returned -1638403
[0093.079] SendMessageW (hWnd=0x202cc, Msg=0x2210, wParam=0x2cc0001, lParam=0x202cc) returned 0x0
[0093.079] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x2210, wParam=0x2cc0001, lParam=0x202cc) returned 0x0
[0093.079] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0093.080] GetParent (hWnd=0x202cc) returned 0x602c2
[0093.080] DeactivateActCtx (dwFlags=0x0, ulCookie=0x100260f200000003) returned 1
[0093.080] GdipCreateFromHWND (hwnd=0x202cc, graphics=0xb1bcf8) returned 0x0
[0093.112] GdipMeasureString (graphics=0x1c621520, string="Unhandled exception has occurred in your application. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately.\r\n\r\nAccess to the path 'C:\\Windows\\System32\\LogonUI.exe' is denied.", length=266, font=0x1b40ebe0, layoutRect=0xb1bc88, stringFormat=0x0, boundingBox=0xb1bc78, codepointsFitted=0xb1bc70, linesFilled=0xb1bc68) returned 0x0
[0093.443] GdipDeleteGraphics (graphics=0x1c621520) returned 0x0
[0093.444] GetWindowTextLengthW (hWnd=0x70036) returned 16
[0093.444] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0093.444] GetSystemMetrics (nIndex=42) returned 0
[0093.444] GetWindowTextW (in: hWnd=0x70036, lpString=0xb1bb70, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0093.444] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xd, wParam=0x11, lParam=0xb1bb70) returned 0x10
[0093.444] GetWindowTextLengthW (hWnd=0x70036) returned 16
[0093.444] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0093.444] GetSystemMetrics (nIndex=42) returned 0
[0093.444] GetWindowTextW (in: hWnd=0x70036, lpString=0xb1bb70, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0093.444] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xd, wParam=0x11, lParam=0xb1bb70) returned 0x10
[0093.469] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0093.469] GetCursorPos (in: lpPoint=0x2825e70 | out: lpPoint=0x2825e70*(x=20, y=183)) returned 1
[0093.469] MonitorFromPoint (pt=0xb700000014, dwFlags=0x2) returned 0x10001
[0093.469] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xb1b830 | out: lpmi=0xb1b830) returned 1
[0093.469] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x1a0107b4
[0093.469] GetDeviceCaps (hdc=0x1a0107b4, index=12) returned 32
[0093.469] GetDeviceCaps (hdc=0x1a0107b4, index=14) returned 1
[0093.470] DeleteDC (hdc=0x1a0107b4) returned 1
[0093.470] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xb1b900 | out: lpmi=0xb1b900) returned 1
[0093.470] AdjustWindowRectEx (in: lpRect=0xb1bc00, dwStyle=0x2c80000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0xb1bc00) returned 1
[0093.470] GetSystemMetrics (nIndex=59) returned 1460
[0093.470] GetSystemMetrics (nIndex=60) returned 920
[0093.470] GetSystemMetrics (nIndex=34) returned 136
[0093.470] GetSystemMetrics (nIndex=35) returned 39
[0093.470] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0093.470] GetCursorPos (in: lpPoint=0x2826170 | out: lpPoint=0x2826170*(x=20, y=183)) returned 1
[0093.470] MonitorFromPoint (pt=0xb700000014, dwFlags=0x2) returned 0x10001
[0093.470] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xb1b5e0 | out: lpmi=0xb1b5e0) returned 1
[0093.471] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x1b0107b4
[0093.471] GetDeviceCaps (hdc=0x1b0107b4, index=12) returned 32
[0093.471] GetDeviceCaps (hdc=0x1b0107b4, index=14) returned 1
[0093.471] DeleteDC (hdc=0x1b0107b4) returned 1
[0093.471] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xb1b6b0 | out: lpmi=0xb1b6b0) returned 1
[0093.471] AdjustWindowRectEx (in: lpRect=0xb1b9c0, dwStyle=0x2c80000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0xb1b9c0) returned 1
[0093.496] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0093.496] AdjustWindowRectEx (in: lpRect=0xb1bba0, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0xb1bba0) returned 1
[0093.554] LoadIconW (hInstance=0x0, lpIconName=0x7f01) returned 0x1002d
[0094.091] GetIconInfo (in: hIcon=0x1002d, piconinfo=0x2826648 | out: piconinfo=0x2826648) returned 1
[0094.093] GetObjectW (in: h=0x2105065e, c=32, pv=0x2826678 | out: pv=0x2826678) returned 32
[0094.094] GdipCreateBitmapFromHBITMAP (hbm=0x2105065e, hpal=0x0, bitmap=0xb1bae0) returned 0x0
[0094.097] GdipGetImageWidth (image=0x1c62f9f0, width=0xb1bb28) returned 0x0
[0094.100] GdipGetImageHeight (image=0x1c62f9f0, height=0xb1bb28) returned 0x0
[0094.118] GdipGetImagePixelFormat (image=0x1c62f9f0, format=0xb1bb28) returned 0x0
[0094.119] GdipBitmapLockBits (bitmap=0x1c62f9f0, rect=0xb1bad0, flags=0x1, format=0x22009, lockedBitmapData=0x28267f8) returned 0x0
[0094.121] GdipCreateBitmapFromScan0 (width=32, height=32, stride=0, format=0x26200a, scan0=0x0, bitmap=0xb1bb18) returned 0x0
[0094.122] GdipBitmapLockBits (bitmap=0x1c62d170, rect=0xb1bad0, flags=0x2, format=0x26200a, lockedBitmapData=0x2826858) returned 0x0
[0094.122] RtlMoveMemory (in: Destination=0x1c636000, Source=0x1c62d0e0, Length=0x80 | out: Destination=0x1c636000)
[0094.122] RtlMoveMemory (in: Destination=0x1c636080, Source=0x1c62d060, Length=0x80 | out: Destination=0x1c636080)
[0094.122] RtlMoveMemory (in: Destination=0x1c636100, Source=0x1c62cfe0, Length=0x80 | out: Destination=0x1c636100)
[0094.122] RtlMoveMemory (in: Destination=0x1c636180, Source=0x1c62cf60, Length=0x80 | out: Destination=0x1c636180)
[0094.122] RtlMoveMemory (in: Destination=0x1c636200, Source=0x1c62cee0, Length=0x80 | out: Destination=0x1c636200)
[0094.122] RtlMoveMemory (in: Destination=0x1c636280, Source=0x1c62ce60, Length=0x80 | out: Destination=0x1c636280)
[0094.122] RtlMoveMemory (in: Destination=0x1c636300, Source=0x1c62cde0, Length=0x80 | out: Destination=0x1c636300)
[0094.122] RtlMoveMemory (in: Destination=0x1c636380, Source=0x1c62cd60, Length=0x80 | out: Destination=0x1c636380)
[0094.122] RtlMoveMemory (in: Destination=0x1c636400, Source=0x1c62cce0, Length=0x80 | out: Destination=0x1c636400)
[0094.122] RtlMoveMemory (in: Destination=0x1c636480, Source=0x1c62cc60, Length=0x80 | out: Destination=0x1c636480)
[0094.122] RtlMoveMemory (in: Destination=0x1c636500, Source=0x1c62cbe0, Length=0x80 | out: Destination=0x1c636500)
[0094.122] RtlMoveMemory (in: Destination=0x1c636580, Source=0x1c62cb60, Length=0x80 | out: Destination=0x1c636580)
[0094.122] RtlMoveMemory (in: Destination=0x1c636600, Source=0x1c62cae0, Length=0x80 | out: Destination=0x1c636600)
[0094.123] RtlMoveMemory (in: Destination=0x1c636680, Source=0x1c62ca60, Length=0x80 | out: Destination=0x1c636680)
[0094.123] RtlMoveMemory (in: Destination=0x1c636700, Source=0x1c62c9e0, Length=0x80 | out: Destination=0x1c636700)
[0094.123] RtlMoveMemory (in: Destination=0x1c636780, Source=0x1c62c960, Length=0x80 | out: Destination=0x1c636780)
[0094.123] RtlMoveMemory (in: Destination=0x1c636800, Source=0x1c62c8e0, Length=0x80 | out: Destination=0x1c636800)
[0094.123] RtlMoveMemory (in: Destination=0x1c636880, Source=0x1c62c860, Length=0x80 | out: Destination=0x1c636880)
[0094.123] RtlMoveMemory (in: Destination=0x1c636900, Source=0x1c62c7e0, Length=0x80 | out: Destination=0x1c636900)
[0094.123] RtlMoveMemory (in: Destination=0x1c636980, Source=0x1c62c760, Length=0x80 | out: Destination=0x1c636980)
[0094.123] RtlMoveMemory (in: Destination=0x1c636a00, Source=0x1c62c6e0, Length=0x80 | out: Destination=0x1c636a00)
[0094.123] RtlMoveMemory (in: Destination=0x1c636a80, Source=0x1c62c660, Length=0x80 | out: Destination=0x1c636a80)
[0094.123] RtlMoveMemory (in: Destination=0x1c636b00, Source=0x1c62c5e0, Length=0x80 | out: Destination=0x1c636b00)
[0094.123] RtlMoveMemory (in: Destination=0x1c636b80, Source=0x1c62c560, Length=0x80 | out: Destination=0x1c636b80)
[0094.123] RtlMoveMemory (in: Destination=0x1c636c00, Source=0x1c62c4e0, Length=0x80 | out: Destination=0x1c636c00)
[0094.123] RtlMoveMemory (in: Destination=0x1c636c80, Source=0x1c62c460, Length=0x80 | out: Destination=0x1c636c80)
[0094.123] RtlMoveMemory (in: Destination=0x1c636d00, Source=0x1c62c3e0, Length=0x80 | out: Destination=0x1c636d00)
[0094.123] RtlMoveMemory (in: Destination=0x1c636d80, Source=0x1c62c360, Length=0x80 | out: Destination=0x1c636d80)
[0094.123] RtlMoveMemory (in: Destination=0x1c636e00, Source=0x1c62c2e0, Length=0x80 | out: Destination=0x1c636e00)
[0094.123] RtlMoveMemory (in: Destination=0x1c636e80, Source=0x1c62c260, Length=0x80 | out: Destination=0x1c636e80)
[0094.123] RtlMoveMemory (in: Destination=0x1c636f00, Source=0x1c62c1e0, Length=0x80 | out: Destination=0x1c636f00)
[0094.123] RtlMoveMemory (in: Destination=0x1c636f80, Source=0x1c62c160, Length=0x80 | out: Destination=0x1c636f80)
[0094.125] GdipBitmapUnlockBits (bitmap=0x1c62f9f0, lockedBitmapData=0x28267f8) returned 0x0
[0094.125] GdipBitmapUnlockBits (bitmap=0x1c62d170, lockedBitmapData=0x2826858) returned 0x0
[0094.125] GdipDisposeImage (image=0x1c62f9f0) returned 0x0
[0094.125] DeleteObject (ho=0x2105065e) returned 1
[0094.125] DeleteObject (ho=0x1c0507b4) returned 1
[0094.128] GetCurrentThreadId () returned 0x11b4
[0094.128] GetCurrentThreadId () returned 0x11b4
[0094.134] SetWindowPos (hWnd=0x202cc, hWndInsertAfter=0x0, X=64, Y=8, cx=354, cy=68, uFlags=0x14) returned 1
[0094.134] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x46, wParam=0x0, lParam=0xb1baa0) returned 0x0
[0094.134] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x83, wParam=0x1, lParam=0xb1ba70) returned 0x0
[0094.135] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x47, wParam=0x0, lParam=0xb1baa0) returned 0x0
[0094.135] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x3, wParam=0x0, lParam=0x80040) returned 0x0
[0094.135] GetClientRect (in: hWnd=0x202cc, lpRect=0xb1a830 | out: lpRect=0xb1a830) returned 1
[0094.135] GetWindowRect (in: hWnd=0x202cc, lpRect=0xb1a830 | out: lpRect=0xb1a830) returned 1
[0094.135] GetParent (hWnd=0x202cc) returned 0x602c2
[0094.135] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x602c2, lpPoints=0xb1a830, cPoints=0x2 | out: lpPoints=0xb1a830) returned -1638403
[0094.135] InvalidateRect (hWnd=0x202cc, lpRect=0x0, bErase=1) returned 1
[0094.135] GetWindowTextLengthW (hWnd=0x202cc) returned 0
[0094.135] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0
[0094.135] GetSystemMetrics (nIndex=42) returned 0
[0094.135] GetWindowTextW (in: hWnd=0x202cc, lpString=0xb1a4d0, nMaxCount=1 | out: lpString="") returned 0
[0094.135] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0xd, wParam=0x1, lParam=0xb1a4d0) returned 0x0
[0094.136] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x5, wParam=0x0, lParam=0x440162) returned 0x0
[0094.136] GetClientRect (in: hWnd=0x202cc, lpRect=0xb1b430 | out: lpRect=0xb1b430) returned 1
[0094.136] GetWindowRect (in: hWnd=0x202cc, lpRect=0xb1b430 | out: lpRect=0xb1b430) returned 1
[0094.136] GetParent (hWnd=0x202cc) returned 0x602c2
[0094.136] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x602c2, lpPoints=0xb1b430, cPoints=0x2 | out: lpPoints=0xb1b430) returned -1638403
[0094.137] GetWindowTextLengthW (hWnd=0x202cc) returned 0
[0094.137] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0
[0094.137] GetSystemMetrics (nIndex=42) returned 0
[0094.137] GetWindowTextW (in: hWnd=0x202cc, lpString=0xb1bb40, nMaxCount=1 | out: lpString="") returned 0
[0094.137] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0xd, wParam=0x1, lParam=0xb1bb40) returned 0x0
[0094.137] GetWindowTextLengthW (hWnd=0x202cc) returned 0
[0094.137] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0
[0094.137] GetSystemMetrics (nIndex=42) returned 0
[0094.137] GetWindowTextW (in: hWnd=0x202cc, lpString=0xb1bae0, nMaxCount=1 | out: lpString="") returned 0
[0094.137] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0xd, wParam=0x1, lParam=0xb1bae0) returned 0x0
[0094.137] SetWindowTextW (hWnd=0x202cc, lpString="Unhandled exception has occurred in your application. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately.\r\n\r\nAccess to the path 'C:\\Windows\\System32\\LogonUI.exe' is denied.") returned 1
[0094.137] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0xc, wParam=0x0, lParam=0x2806d4c) returned 0x1
[0094.137] InvalidateRect (hWnd=0x202cc, lpRect=0x0, bErase=1) returned 1
[0094.138] GetCurrentThreadId () returned 0x11b4
[0094.138] GetWindowThreadProcessId (in: hWnd=0x202cc, lpdwProcessId=0xb1bc40 | out: lpdwProcessId=0xb1bc40) returned 0x11b4
[0094.155] GdipCreateBitmapFromStream (stream=0x1fb70020, bitmap=0xb1bcd0) returned 0x0
[0094.631] GdipImageForceValidation (image=0x1c62f9f0) returned 0x0
[0094.637] GdipGetImageRawFormat (image=0x1c62f9f0, format=0xb1bbd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0
[0094.643] GdipGetImageHeight (image=0x1c62f9f0, height=0xb1bc88) returned 0x0
[0094.643] GdipGetImageWidth (image=0x1c62f9f0, width=0xb1bc88) returned 0x0
[0094.643] GdipGetImageWidth (image=0x1c62f9f0, width=0xb1bc48) returned 0x0
[0094.643] GdipGetImageHeight (image=0x1c62f9f0, height=0xb1bc48) returned 0x0
[0094.643] GdipGetImageWidth (image=0x1c62f9f0, width=0xb1bc18) returned 0x0
[0094.643] GdipGetImageHeight (image=0x1c62f9f0, height=0xb1bc18) returned 0x0
[0094.643] GdipBitmapGetPixel (bitmap=0x1c62f9f0, x=0, y=15, color=0xb1bc78) returned 0x0
[0094.644] GdipGetImageRawFormat (image=0x1c62f9f0, format=0xb1baf0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0
[0094.644] GdipGetImageWidth (image=0x1c62f9f0, width=0xb1bab8) returned 0x0
[0094.644] GdipGetImageHeight (image=0x1c62f9f0, height=0xb1bab8) returned 0x0
[0094.644] GdipCreateBitmapFromScan0 (width=16, height=16, stride=0, format=0x26200a, scan0=0x0, bitmap=0xb1bae8) returned 0x0
[0094.645] GdipGetImagePixelFormat (image=0x1c629560, format=0xb1ba98) returned 0x0
[0094.645] GdipGetImageGraphicsContext (image=0x1c629560, graphics=0xb1baf8) returned 0x0
[0094.647] GdipGraphicsClear (graphics=0x1c629b50, color=0xffffff) returned 0x0
[0094.649] GdipCreateImageAttributes (imageattr=0xb1bb00) returned 0x0
[0094.649] GdipSetImageAttributesColorKeys (imageattr=0x1c6290f0, type=0x0, enableFlag=1, colorLow=0xffffffffffc0c0c0, colorHigh=0xffffffffffc0c0c0) returned 0x0
[0094.651] GdipDrawImageRectRectI (graphics=0x1c629b50, image=0x1c62f9f0, dstx=0, dsty=0, dstwidth=16, dstheight=16, srcx=0, srcy=0, srcwidth=16, srcheight=16, srcUnit=0x2, imageAttributes=0x1c6290f0, callback=0x0, callbackData=0x0) returned 0x0
[0094.652] GdipDisposeImageAttributes (imageattr=0x1c6290f0) returned 0x0
[0094.652] GdipDeleteGraphics (graphics=0x1c629b50) returned 0x0
[0094.652] GdipDisposeImage (image=0x1c62f9f0) returned 0x0
[0094.653] GdipCreateBitmapFromStream (stream=0x1fb7ffa0, bitmap=0xb1bcd0) returned 0x0
[0094.654] GdipImageForceValidation (image=0x1c62f9f0) returned 0x0
[0094.656] GdipGetImageRawFormat (image=0x1c62f9f0, format=0xb1bbd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0
[0094.656] GdipGetImageHeight (image=0x1c62f9f0, height=0xb1bc88) returned 0x0
[0094.656] GdipGetImageWidth (image=0x1c62f9f0, width=0xb1bc88) returned 0x0
[0094.656] GdipGetImageWidth (image=0x1c62f9f0, width=0xb1bc48) returned 0x0
[0094.656] GdipGetImageHeight (image=0x1c62f9f0, height=0xb1bc48) returned 0x0
[0094.656] GdipGetImageWidth (image=0x1c62f9f0, width=0xb1bc18) returned 0x0
[0094.656] GdipGetImageHeight (image=0x1c62f9f0, height=0xb1bc18) returned 0x0
[0094.656] GdipBitmapGetPixel (bitmap=0x1c62f9f0, x=0, y=15, color=0xb1bc78) returned 0x0
[0094.656] GdipGetImageRawFormat (image=0x1c62f9f0, format=0xb1baf0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0
[0094.656] GdipGetImageWidth (image=0x1c62f9f0, width=0xb1bab8) returned 0x0
[0094.656] GdipGetImageHeight (image=0x1c62f9f0, height=0xb1bab8) returned 0x0
[0094.656] GdipCreateBitmapFromScan0 (width=16, height=16, stride=0, format=0x26200a, scan0=0x0, bitmap=0xb1bae8) returned 0x0
[0094.657] GdipGetImagePixelFormat (image=0x1c62dc90, format=0xb1ba98) returned 0x0
[0094.657] GdipGetImageGraphicsContext (image=0x1c62dc90, graphics=0xb1baf8) returned 0x0
[0094.657] GdipGraphicsClear (graphics=0x1c6304b0, color=0xffffff) returned 0x0
[0094.657] GdipCreateImageAttributes (imageattr=0xb1bb00) returned 0x0
[0094.657] GdipSetImageAttributesColorKeys (imageattr=0x1c6290f0, type=0x0, enableFlag=1, colorLow=0xffffffffffc0c0c0, colorHigh=0xffffffffffc0c0c0) returned 0x0
[0094.657] GdipDrawImageRectRectI (graphics=0x1c6304b0, image=0x1c62f9f0, dstx=0, dsty=0, dstwidth=16, dstheight=16, srcx=0, srcy=0, srcwidth=16, srcheight=16, srcUnit=0x2, imageAttributes=0x1c6290f0, callback=0x0, callbackData=0x0) returned 0x0
[0094.657] GdipDisposeImageAttributes (imageattr=0x1c6290f0) returned 0x0
[0094.657] GdipDeleteGraphics (graphics=0x1c6304b0) returned 0x0
[0094.657] GdipDisposeImage (image=0x1c62f9f0) returned 0x0
[0094.658] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0094.658] AdjustWindowRectEx (in: lpRect=0xb1bbe0, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0xb1bbe0) returned 1
[0094.666] GetCurrentThreadId () returned 0x11b4
[0094.666] GetCurrentThreadId () returned 0x11b4
[0094.666] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0094.666] AdjustWindowRectEx (in: lpRect=0xb1bbe0, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0xb1bbe0) returned 1
[0094.666] GetCurrentThreadId () returned 0x11b4
[0094.666] GetCurrentThreadId () returned 0x11b4
[0094.667] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0094.667] AdjustWindowRectEx (in: lpRect=0xb1bbe0, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0xb1bbe0) returned 1
[0094.667] GetCurrentThreadId () returned 0x11b4
[0094.667] GetCurrentThreadId () returned 0x11b4
[0094.671] GetSystemMetrics (nIndex=5) returned 1
[0094.671] GetSystemMetrics (nIndex=6) returned 1
[0094.672] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0094.672] AdjustWindowRectEx (in: lpRect=0xb1bac0, dwStyle=0x56210044, bMenu=0, dwExStyle=0x200 | out: lpRect=0xb1bac0) returned 1
[0094.672] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0094.673] AdjustWindowRectEx (in: lpRect=0xb1bac0, dwStyle=0x56210044, bMenu=0, dwExStyle=0x200 | out: lpRect=0xb1bac0) returned 1
[0094.678] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0094.678] AdjustWindowRectEx (in: lpRect=0xb1bbe0, dwStyle=0x563008c4, bMenu=0, dwExStyle=0x200 | out: lpRect=0xb1bbe0) returned 1
[0094.678] GetCurrentThreadId () returned 0x11b4
[0094.678] GetCurrentThreadId () returned 0x11b4
[0094.683] GetProcessWindowStation () returned 0xe8
[0094.683] GetCurrentActCtx (in: lphActCtx=0xb1bb10 | out: lphActCtx=0xb1bb10*=0x0) returned 1
[0094.683] ActivateActCtx (in: hActCtx=0xdcfa08, lpCookie=0xb1bb50 | out: hActCtx=0xdcfa08, lpCookie=0xb1bb50) returned 1
[0094.683] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0094.683] AdjustWindowRectEx (in: lpRect=0xb1ba30, dwStyle=0x2c80000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0xb1ba30) returned 1
[0094.683] GetCursorPos (in: lpPoint=0x2828c08 | out: lpPoint=0x2828c08*(x=20, y=183)) returned 1
[0094.683] MonitorFromPoint (pt=0xb700000017, dwFlags=0x2) returned 0x10001
[0094.683] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xb1b7e0 | out: lpmi=0xb1b7e0) returned 1
[0094.684] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x46010790
[0094.684] GetDeviceCaps (hdc=0x46010790, index=12) returned 32
[0094.684] GetDeviceCaps (hdc=0x46010790, index=14) returned 1
[0094.684] DeleteDC (hdc=0x46010790) returned 1
[0094.684] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xb1b8b0 | out: lpmi=0xb1b8b0) returned 1
[0094.684] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0094.684] CreateWindowExW (dwExStyle=0x50001, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r6_ad1", lpWindowName="ff0953qpn7361bbu", dwStyle=0x2c80000, X=498, Y=353, nWidth=444, nHeight=154, hWndParent=0x0, hMenu=0x0, hInstance=0x790000, lpParam=0x0) returned 0x202c4
[0094.685] SetWindowLongPtrW (hWnd=0x202c4, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b34086c
[0094.685] GetWindowLongPtrW (hWnd=0x202c4, nIndex=-4) returned 0x7ffcea425090
[0094.685] SetWindowLongPtrW (hWnd=0x202c4, nIndex=-4, dwNewLong=0x1b3413dc) returned 0x7ffcea425090
[0094.685] GetWindowLongPtrW (hWnd=0x202c4, nIndex=-4) returned 0x1b3413dc
[0094.685] GetWindowLongPtrW (hWnd=0x202c4, nIndex=-16) returned 0x6c80000
[0094.686] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x81, wParam=0x0, lParam=0xb1b1b0) returned 0x1
[0094.686] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x83, wParam=0x0, lParam=0xb1b260) returned 0x0
[0094.687] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x1, wParam=0x0, lParam=0xb1b180) returned 0x0
[0094.687] GetClientRect (in: hWnd=0x202c4, lpRect=0xb1ab60 | out: lpRect=0xb1ab60) returned 1
[0094.687] GetWindowRect (in: hWnd=0x202c4, lpRect=0xb1ab60 | out: lpRect=0xb1ab60) returned 1
[0094.688] SetWindowTextW (hWnd=0x202c4, lpString="ff0953qpn7361bbu") returned 1
[0094.688] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xc, wParam=0x0, lParam=0x2825c74) returned 0x1
[0094.688] GetStartupInfoW (in: lpStartupInfo=0x2829090 | out: lpStartupInfo=0x2829090*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\FD1HVy\\Desktop\\8g4YJ5vYi5gsz9qg.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0))
[0094.689] GetParent (hWnd=0x202c4) returned 0x0
[0094.689] DeactivateActCtx (dwFlags=0x0, ulCookie=0x100260f200000005) returned 1
[0094.689] SetWindowLongPtrW (hWnd=0x202c4, nIndex=-8, dwNewLong=0x0) returned 0x0
[0094.689] SendMessageW (hWnd=0x202c4, Msg=0x80, wParam=0x0, lParam=0x0) returned 0x0
[0094.689] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x80, wParam=0x0, lParam=0x0) returned 0x0
[0094.689] SendMessageW (hWnd=0x202c4, Msg=0x80, wParam=0x1, lParam=0x0) returned 0x0
[0094.690] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x80, wParam=0x1, lParam=0x0) returned 0x0
[0094.690] GetSystemMenu (hWnd=0x202c4, bRevert=0) returned 0x501ed
[0094.690] GetWindowPlacement (in: hWnd=0x202c4, lpwndpl=0xb1bb10 | out: lpwndpl=0xb1bb10) returned 1
[0094.690] EnableMenuItem (hMenu=0x501ed, uIDEnableItem=0xf020, uEnable=0x1) returned 0
[0094.691] EnableMenuItem (hMenu=0x501ed, uIDEnableItem=0xf030, uEnable=0x1) returned 0
[0094.691] EnableMenuItem (hMenu=0x501ed, uIDEnableItem=0xf060, uEnable=0x0) returned 0
[0094.691] EnableMenuItem (hMenu=0x501ed, uIDEnableItem=0xf120, uEnable=0x1) returned 0
[0094.691] EnableMenuItem (hMenu=0x501ed, uIDEnableItem=0xf000, uEnable=0x1) returned 0
[0094.691] GetClientRect (in: hWnd=0x202c4, lpRect=0xb1bbe0 | out: lpRect=0xb1bbe0) returned 1
[0094.691] GetClientRect (in: hWnd=0x202c4, lpRect=0xb1bb00 | out: lpRect=0xb1bb00) returned 1
[0094.691] GetWindowRect (in: hWnd=0x202c4, lpRect=0xb1bb00 | out: lpRect=0xb1bb00) returned 1
[0094.691] SetWindowPos (hWnd=0x202c4, hWndInsertAfter=0xffffffffffffffff, X=0, Y=0, cx=0, cy=0, uFlags=0x3) returned 1
[0094.691] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x46, wParam=0x0, lParam=0xb1baa0) returned 0x0
[0094.691] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x86, wParam=0x0, lParam=0x202c4) returned 0x1
[0094.692] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x46, wParam=0x0, lParam=0xb1baa0) returned 0x0
[0094.692] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x86, wParam=0x1, lParam=0x70036) returned 0x1
[0094.693] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0
[0094.693] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0
[0094.693] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0
[0094.697] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x8, wParam=0x202c4, lParam=0x0) returned 0x0
[0094.698] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x281, wParam=0x0, lParam=0xc000000f) returned 0x0
[0094.699] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0
[0094.701] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0094.702] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x282, wParam=0x1, lParam=0x0) returned 0x0
[0094.703] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0094.703] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0
[0094.705] GetParent (hWnd=0x202c4) returned 0x0
[0094.705] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0094.705] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7, wParam=0x70036, lParam=0x0) returned 0x0
[0094.733] GetWindowPlacement (in: hWnd=0x202c4, lpwndpl=0xb1b5b0 | out: lpwndpl=0xb1b5b0) returned 1
[0094.734] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x47, wParam=0x0, lParam=0xb1baa0) returned 0x0
[0094.734] GetClientRect (in: hWnd=0x202c4, lpRect=0xb1b450 | out: lpRect=0xb1b450) returned 1
[0094.734] GetWindowRect (in: hWnd=0x202c4, lpRect=0xb1b450 | out: lpRect=0xb1b450) returned 1
[0094.734] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0
[0094.735] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0
[0094.735] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0
[0094.735] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc4420000
[0094.736] GetWindowLongPtrW (hWnd=0x202c4, nIndex=-16) returned 0x6c80000
[0094.736] GetWindowTextLengthW (hWnd=0x202c4) returned 16
[0094.736] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0094.736] GetSystemMetrics (nIndex=42) returned 0
[0094.736] GetWindowTextW (in: hWnd=0x202c4, lpString=0xb1b900, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0094.736] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xd, wParam=0x11, lParam=0xb1b900) returned 0x10
[0094.736] GetWindowTextLengthW (hWnd=0x202c4) returned 16
[0094.736] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0094.736] GetSystemMetrics (nIndex=42) returned 0
[0094.736] GetWindowTextW (in: hWnd=0x202c4, lpString=0xb1b900, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0094.736] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xd, wParam=0x11, lParam=0xb1b900) returned 0x10
[0094.736] GetCursorPos (in: lpPoint=0x2829428 | out: lpPoint=0x2829428*(x=20, y=183)) returned 1
[0094.736] MonitorFromPoint (pt=0xb700000014, dwFlags=0x2) returned 0x10001
[0094.736] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xb1b7b0 | out: lpmi=0xb1b7b0) returned 1
[0094.736] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x4f010790
[0094.736] GetDeviceCaps (hdc=0x4f010790, index=12) returned 32
[0094.736] GetDeviceCaps (hdc=0x4f010790, index=14) returned 1
[0094.737] DeleteDC (hdc=0x4f010790) returned 1
[0094.737] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xb1b880 | out: lpmi=0xb1b880) returned 1
[0094.737] GetWindowLongPtrW (hWnd=0x202c4, nIndex=-16) returned 0x6c80000
[0094.737] GetWindowLongPtrW (hWnd=0x202c4, nIndex=-20) returned 0x50109
[0094.737] SetWindowLongPtrW (hWnd=0x202c4, nIndex=-16, dwNewLong=0x2c80000) returned 0x6c80000
[0094.737] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7c, wParam=0xfffffffffffffff0, lParam=0xb1b9e0) returned 0x0
[0094.737] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7d, wParam=0xfffffffffffffff0, lParam=0xb1b9e0) returned 0x0
[0094.738] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0
[0094.738] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0
[0094.738] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0
[0094.738] SetWindowLongPtrW (hWnd=0x202c4, nIndex=-20, dwNewLong=0x50001) returned 0x50109
[0094.739] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7c, wParam=0xffffffffffffffec, lParam=0xb1b9e0) returned 0x0
[0094.739] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7d, wParam=0xffffffffffffffec, lParam=0xb1b9e0) returned 0x0
[0094.740] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0
[0094.740] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0
[0094.740] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0
[0094.740] SetWindowPos (hWnd=0x202c4, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1
[0094.740] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x46, wParam=0x0, lParam=0xb1ba40) returned 0x0
[0094.740] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x83, wParam=0x1, lParam=0xb1ba10) returned 0x0
[0094.741] GetWindowPlacement (in: hWnd=0x202c4, lpwndpl=0xb1b550 | out: lpwndpl=0xb1b550) returned 1
[0094.741] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x47, wParam=0x0, lParam=0xb1ba40) returned 0x0
[0094.741] GetClientRect (in: hWnd=0x202c4, lpRect=0xb1b3f0 | out: lpRect=0xb1b3f0) returned 1
[0094.741] GetWindowRect (in: hWnd=0x202c4, lpRect=0xb1b3f0 | out: lpRect=0xb1b3f0) returned 1
[0094.742] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0
[0094.742] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0
[0094.742] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0
[0094.742] RedrawWindow (hWnd=0x202c4, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1
[0094.745] GetSystemMenu (hWnd=0x202c4, bRevert=0) returned 0x501ed
[0094.746] GetWindowPlacement (in: hWnd=0x202c4, lpwndpl=0xb1bab0 | out: lpwndpl=0xb1bab0) returned 1
[0094.746] EnableMenuItem (hMenu=0x501ed, uIDEnableItem=0xf020, uEnable=0x1) returned 1
[0094.746] EnableMenuItem (hMenu=0x501ed, uIDEnableItem=0xf030, uEnable=0x1) returned 1
[0094.746] EnableMenuItem (hMenu=0x501ed, uIDEnableItem=0xf060, uEnable=0x0) returned 0
[0094.746] EnableMenuItem (hMenu=0x501ed, uIDEnableItem=0xf120, uEnable=0x1) returned 1
[0094.746] EnableMenuItem (hMenu=0x501ed, uIDEnableItem=0xf000, uEnable=0x1) returned 1
[0094.746] GetWindowLongPtrW (hWnd=0x70036, nIndex=-8) returned 0x70030
[0094.746] GetWindowLongPtrW (hWnd=0x202c4, nIndex=-8) returned 0x0
[0094.746] SetWindowLongPtrW (hWnd=0x202c4, nIndex=-8, dwNewLong=0x70036) returned 0x0
[0094.753] GetCurrentActCtx (in: lphActCtx=0xb1bc70 | out: lphActCtx=0xb1bc70*=0x0) returned 1
[0094.753] ActivateActCtx (in: hActCtx=0xdcfa08, lpCookie=0xb1bcb0 | out: hActCtx=0xdcfa08, lpCookie=0xb1bcb0) returned 1
[0094.753] GetProcessWindowStation () returned 0xe8
[0094.758] GetCurrentThreadId () returned 0x11b4
[0094.760] EnumThreadWindows (dwThreadId=0x11b4, lpfn=0x1b34142c, lParam=0x0) returned 1
[0094.761] IsWindowVisible (hWnd=0x202c4) returned 0
[0094.761] IsWindowVisible (hWnd=0x70036) returned 1
[0094.761] IsWindowEnabled (hWnd=0x70036) returned 1
[0094.761] IsWindowVisible (hWnd=0x70030) returned 0
[0094.762] IsWindowVisible (hWnd=0x6008c) returned 0
[0094.762] IsWindowVisible (hWnd=0x202c8) returned 0
[0094.762] IsWindowVisible (hWnd=0x7002e) returned 0
[0094.762] GetActiveWindow () returned 0x202c4
[0094.763] IsWindow (hWnd=0x70036) returned 1
[0094.765] EnableWindow (hWnd=0x70036, bEnable=0) returned 0
[0094.766] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x1f, wParam=0x0, lParam=0x0) returned 0x0
[0094.766] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xa, wParam=0x0, lParam=0x0) returned 0x0
[0094.767] GetWindowLongPtrW (hWnd=0x202c4, nIndex=-8) returned 0x70036
[0094.767] GetWindowThreadProcessId (in: hWnd=0x70036, lpdwProcessId=0xb1bae8 | out: lpdwProcessId=0xb1bae8) returned 0x11b4
[0094.767] GetCurrentThreadId () returned 0x11b4
[0094.767] GetWindowLongPtrW (hWnd=0x202c4, nIndex=-8) returned 0x70036
[0094.767] IsWindowEnabled (hWnd=0x70036) returned 0
[0094.767] IsWindowEnabled (hWnd=0x202c4) returned 1
[0094.767] ShowWindow (hWnd=0x202c4, nCmdShow=5) returned 0
[0094.767] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0094.767] GetCurrentActCtx (in: lphActCtx=0xb1b260 | out: lphActCtx=0xb1b260*=0xdcfa08) returned 1
[0094.768] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0094.770] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0094.771] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r6_ad1", lpWindowName=0x0, dwStyle=0x56000000, X=0, Y=0, nWidth=64, nHeight=64, hWndParent=0x202c4, hMenu=0x0, hInstance=0x790000, lpParam=0x0) returned 0x202c6
[0094.771] SetWindowLongPtrW (hWnd=0x202c6, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b34086c
[0094.771] GetWindowLongPtrW (hWnd=0x202c6, nIndex=-4) returned 0x7ffcea425090
[0094.771] SetWindowLongPtrW (hWnd=0x202c6, nIndex=-4, dwNewLong=0x1b34147c) returned 0x7ffcea425090
[0094.771] GetWindowLongPtrW (hWnd=0x202c6, nIndex=-4) returned 0x1b34147c
[0094.771] GetWindowLongPtrW (hWnd=0x202c6, nIndex=-16) returned 0x46000000
[0094.771] GetWindowLongPtrW (hWnd=0x202c6, nIndex=-12) returned 0x0
[0094.771] SetWindowLongPtrW (hWnd=0x202c6, nIndex=-12, dwNewLong=0x202c6) returned 0x0
[0094.771] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c6, Msg=0x81, wParam=0x0, lParam=0xb1a900) returned 0x1
[0094.772] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c6, Msg=0x83, wParam=0x0, lParam=0xb1a9b0) returned 0x0
[0094.772] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c6, Msg=0x1, wParam=0x0, lParam=0xb1a900) returned 0x0
[0094.773] GetWindow (hWnd=0x202c6, uCmd=0x3) returned 0x0
[0094.773] GetClientRect (in: hWnd=0x202c6, lpRect=0xb1a320 | out: lpRect=0xb1a320) returned 1
[0094.774] GetWindowRect (in: hWnd=0x202c6, lpRect=0xb1a320 | out: lpRect=0xb1a320) returned 1
[0094.774] GetParent (hWnd=0x202c6) returned 0x202c4
[0094.774] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x202c4, lpPoints=0xb1a320, cPoints=0x2 | out: lpPoints=0xb1a320) returned -24773109
[0094.775] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c6, Msg=0x5, wParam=0x0, lParam=0x400040) returned 0x0
[0094.775] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c6, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0
[0094.775] GetClientRect (in: hWnd=0x202c6, lpRect=0xb1a430 | out: lpRect=0xb1a430) returned 1
[0094.775] GetWindowRect (in: hWnd=0x202c6, lpRect=0xb1a430 | out: lpRect=0xb1a430) returned 1
[0094.775] GetParent (hWnd=0x202c6) returned 0x202c4
[0094.775] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x202c4, lpPoints=0xb1a430, cPoints=0x2 | out: lpPoints=0xb1a430) returned -24773109
[0094.775] SendMessageW (hWnd=0x202c6, Msg=0x2210, wParam=0x2c60001, lParam=0x202c6) returned 0x0
[0094.775] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c6, Msg=0x2210, wParam=0x2c60001, lParam=0x202c6) returned 0x0
[0094.775] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c6, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0094.775] GetParent (hWnd=0x202c6) returned 0x202c4
[0094.777] GetParent (hWnd=0x202cc) returned 0x602c2
[0094.777] SetParent (hWndChild=0x202cc, hWndNewParent=0x202c4) returned 0x602c2
[0094.777] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0
[0094.777] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x46, wParam=0x0, lParam=0xb1b270) returned 0x0
[0094.778] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0
[0094.778] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x47, wParam=0x0, lParam=0xb1b270) returned 0x0
[0094.778] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x3, wParam=0x0, lParam=0x80040) returned 0x0
[0094.778] GetClientRect (in: hWnd=0x202cc, lpRect=0xb1a000 | out: lpRect=0xb1a000) returned 1
[0094.778] GetWindowRect (in: hWnd=0x202cc, lpRect=0xb1a000 | out: lpRect=0xb1a000) returned 1
[0094.778] GetParent (hWnd=0x202cc) returned 0x202c4
[0094.778] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x202c4, lpPoints=0xb1a000, cPoints=0x2 | out: lpPoints=0xb1a000) returned -24773109
[0094.778] GetClientRect (in: hWnd=0x202cc, lpRect=0xb1ac00 | out: lpRect=0xb1ac00) returned 1
[0094.778] GetWindowRect (in: hWnd=0x202cc, lpRect=0xb1ac00 | out: lpRect=0xb1ac00) returned 1
[0094.778] GetParent (hWnd=0x202cc) returned 0x202c4
[0094.778] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x202c4, lpPoints=0xb1ac00, cPoints=0x2 | out: lpPoints=0xb1ac00) returned -24773109
[0094.778] GetParent (hWnd=0x202cc) returned 0x202c4
[0094.778] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0094.779] GetWindow (hWnd=0x202cc, uCmd=0x3) returned 0x0
[0094.779] SetWindowPos (hWnd=0x202cc, hWndInsertAfter=0x202c6, X=0, Y=0, cx=0, cy=0, uFlags=0x3) returned 1
[0094.779] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x46, wParam=0x0, lParam=0xb1b1c0) returned 0x0
[0094.780] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0
[0094.780] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x47, wParam=0x0, lParam=0xb1b1c0) returned 0x0
[0094.780] GetClientRect (in: hWnd=0x202cc, lpRect=0xb1ab50 | out: lpRect=0xb1ab50) returned 1
[0094.780] GetWindowRect (in: hWnd=0x202cc, lpRect=0xb1ab50 | out: lpRect=0xb1ab50) returned 1
[0094.780] GetParent (hWnd=0x202cc) returned 0x202c4
[0094.780] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x202c4, lpPoints=0xb1ab50, cPoints=0x2 | out: lpPoints=0xb1ab50) returned -24773109
[0094.780] GetParent (hWnd=0x202cc) returned 0x202c4
[0094.781] GetWindow (hWnd=0x202cc, uCmd=0x3) returned 0x202c6
[0094.781] GetWindowThreadProcessId (in: hWnd=0x202cc, lpdwProcessId=0xb1b3a8 | out: lpdwProcessId=0xb1b3a8) returned 0x11b4
[0094.782] GetCurrentActCtx (in: lphActCtx=0xb1b260 | out: lphActCtx=0xb1b260*=0xdcfa08) returned 1
[0094.783] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0094.783] GetClassInfoW (in: hInstance=0x0, lpClassName="BUTTON", lpWndClass=0x2829c48 | out: lpWndClass=0x2829c48) returned 1
[0094.784] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0094.785] CoTaskMemAlloc (cb=0x56) returned 0x1d04b940
[0094.785] RegisterClassW (lpWndClass=0xb1af50) returned 0xc1a2
[0094.785] CoTaskMemFree (pv=0x1d04b940)
[0094.785] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0094.785] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.BUTTON.app.0.141b42a_r6_ad1", lpWindowName="&Details", dwStyle=0x5601000b, X=8, Y=94, nWidth=100, nHeight=23, hWndParent=0x202c4, hMenu=0x0, hInstance=0x790000, lpParam=0x0) returned 0x102ce
[0094.786] SetWindowLongPtrW (hWnd=0x102ce, nIndex=-4, dwNewLong=0x7ffcdf0d4630) returned 0x1b34075c
[0094.787] GetWindowLongPtrW (hWnd=0x102ce, nIndex=-4) returned 0x7ffcdf0d4630
[0094.787] SetWindowLongPtrW (hWnd=0x102ce, nIndex=-4, dwNewLong=0x1b343bbc) returned 0x7ffcdf0d4630
[0094.787] GetWindowLongPtrW (hWnd=0x102ce, nIndex=-4) returned 0x1b343bbc
[0094.787] GetWindowLongPtrW (hWnd=0x102ce, nIndex=-16) returned 0x4601000b
[0094.787] GetWindowLongPtrW (hWnd=0x102ce, nIndex=-12) returned 0x0
[0094.787] SetWindowLongPtrW (hWnd=0x102ce, nIndex=-12, dwNewLong=0x102ce) returned 0x0
[0094.787] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0x81, wParam=0x0, lParam=0xb1a900) returned 0x1
[0094.789] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0x83, wParam=0x0, lParam=0xb1a9b0) returned 0x0
[0094.789] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0x1, wParam=0x0, lParam=0xb1a8e0) returned 0x0
[0094.790] SendMessageW (hWnd=0x102ce, Msg=0x2055, wParam=0x102ce, lParam=0x3) returned 0x2
[0094.790] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x0
[0094.790] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0x127, wParam=0x3, lParam=0x0) returned 0x0
[0094.791] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x127, wParam=0x30001, lParam=0x0) returned 0x0
[0094.791] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0
[0094.791] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c6, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0
[0094.791] RedrawWindow (hWnd=0x202c6, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1
[0094.791] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0
[0094.791] RedrawWindow (hWnd=0x202cc, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1
[0094.792] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0
[0094.792] RedrawWindow (hWnd=0x102ce, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1
[0094.792] RedrawWindow (hWnd=0x202c4, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1
[0094.792] GetWindow (hWnd=0x102ce, uCmd=0x3) returned 0x202cc
[0094.792] GetClientRect (in: hWnd=0x102ce, lpRect=0xb1a250 | out: lpRect=0xb1a250) returned 1
[0094.792] GetWindowRect (in: hWnd=0x102ce, lpRect=0xb1a250 | out: lpRect=0xb1a250) returned 1
[0094.792] GetParent (hWnd=0x102ce) returned 0x202c4
[0094.792] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x202c4, lpPoints=0xb1a250, cPoints=0x2 | out: lpPoints=0xb1a250) returned -24773109
[0094.793] SetWindowTextW (hWnd=0x102ce, lpString="&Details") returned 1
[0094.793] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0xc, wParam=0x0, lParam=0x2826fac) returned 0x1
[0094.793] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0x5, wParam=0x0, lParam=0x170064) returned 0x0
[0094.793] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0x3, wParam=0x0, lParam=0x5e0008) returned 0x0
[0094.793] GetClientRect (in: hWnd=0x102ce, lpRect=0xb1a380 | out: lpRect=0xb1a380) returned 1
[0094.793] GetWindowRect (in: hWnd=0x102ce, lpRect=0xb1a380 | out: lpRect=0xb1a380) returned 1
[0094.793] GetParent (hWnd=0x102ce) returned 0x202c4
[0094.794] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x202c4, lpPoints=0xb1a380, cPoints=0x2 | out: lpPoints=0xb1a380) returned -24773109
[0094.794] SendMessageW (hWnd=0x102ce, Msg=0x2210, wParam=0x2ce0001, lParam=0x102ce) returned 0x0
[0094.794] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0x2210, wParam=0x2ce0001, lParam=0x102ce) returned 0x0
[0094.794] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0094.794] GetParent (hWnd=0x102ce) returned 0x202c4
[0094.794] GetCurrentActCtx (in: lphActCtx=0xb1b260 | out: lphActCtx=0xb1b260*=0xdcfa08) returned 1
[0094.795] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0094.795] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0094.795] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.BUTTON.app.0.141b42a_r6_ad1", lpWindowName="&Continue", dwStyle=0x5601000b, X=225, Y=94, nWidth=100, nHeight=23, hWndParent=0x202c4, hMenu=0x0, hInstance=0x790000, lpParam=0x0) returned 0x102d0
[0094.795] SetWindowLongPtrW (hWnd=0x102d0, nIndex=-4, dwNewLong=0x7ffcdf0d4630) returned 0x1b34075c
[0094.795] GetWindowLongPtrW (hWnd=0x102d0, nIndex=-4) returned 0x7ffcdf0d4630
[0094.796] SetWindowLongPtrW (hWnd=0x102d0, nIndex=-4, dwNewLong=0x1b343c0c) returned 0x7ffcdf0d4630
[0094.796] GetWindowLongPtrW (hWnd=0x102d0, nIndex=-4) returned 0x1b343c0c
[0094.796] GetWindowLongPtrW (hWnd=0x102d0, nIndex=-16) returned 0x4601000b
[0094.796] GetWindowLongPtrW (hWnd=0x102d0, nIndex=-12) returned 0x0
[0094.796] SetWindowLongPtrW (hWnd=0x102d0, nIndex=-12, dwNewLong=0x102d0) returned 0x0
[0094.796] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x81, wParam=0x0, lParam=0xb1a900) returned 0x1
[0094.796] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x83, wParam=0x0, lParam=0xb1a9b0) returned 0x0
[0094.797] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x1, wParam=0x0, lParam=0xb1a8e0) returned 0x0
[0094.797] SendMessageW (hWnd=0x102d0, Msg=0x2055, wParam=0x102d0, lParam=0x3) returned 0x2
[0094.797] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x3
[0094.797] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x127, wParam=0x3, lParam=0x0) returned 0x0
[0094.797] GetWindow (hWnd=0x102d0, uCmd=0x3) returned 0x102ce
[0094.797] GetClientRect (in: hWnd=0x102d0, lpRect=0xb1a250 | out: lpRect=0xb1a250) returned 1
[0094.798] GetWindowRect (in: hWnd=0x102d0, lpRect=0xb1a250 | out: lpRect=0xb1a250) returned 1
[0094.798] GetParent (hWnd=0x102d0) returned 0x202c4
[0094.798] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x202c4, lpPoints=0xb1a250, cPoints=0x2 | out: lpPoints=0xb1a250) returned -24773109
[0094.798] SetWindowTextW (hWnd=0x102d0, lpString="&Continue") returned 1
[0094.798] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0xc, wParam=0x0, lParam=0x2826df4) returned 0x1
[0094.799] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x5, wParam=0x0, lParam=0x170064) returned 0x0
[0094.799] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x3, wParam=0x0, lParam=0x5e00e1) returned 0x0
[0094.799] GetClientRect (in: hWnd=0x102d0, lpRect=0xb1a380 | out: lpRect=0xb1a380) returned 1
[0094.799] GetWindowRect (in: hWnd=0x102d0, lpRect=0xb1a380 | out: lpRect=0xb1a380) returned 1
[0094.799] GetParent (hWnd=0x102d0) returned 0x202c4
[0094.799] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x202c4, lpPoints=0xb1a380, cPoints=0x2 | out: lpPoints=0xb1a380) returned -24773109
[0094.799] SendMessageW (hWnd=0x102d0, Msg=0x2210, wParam=0x2d00001, lParam=0x102d0) returned 0x0
[0094.799] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x2210, wParam=0x2d00001, lParam=0x102d0) returned 0x0
[0094.799] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0094.800] GetParent (hWnd=0x102d0) returned 0x202c4
[0094.800] GetCurrentActCtx (in: lphActCtx=0xb1b260 | out: lphActCtx=0xb1b260*=0xdcfa08) returned 1
[0094.800] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0094.800] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0094.800] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.BUTTON.app.0.141b42a_r6_ad1", lpWindowName="&Quit", dwStyle=0x5601000b, X=330, Y=94, nWidth=100, nHeight=23, hWndParent=0x202c4, hMenu=0x0, hInstance=0x790000, lpParam=0x0) returned 0x102d2
[0094.801] SetWindowLongPtrW (hWnd=0x102d2, nIndex=-4, dwNewLong=0x7ffcdf0d4630) returned 0x1b34075c
[0094.801] GetWindowLongPtrW (hWnd=0x102d2, nIndex=-4) returned 0x7ffcdf0d4630
[0094.801] SetWindowLongPtrW (hWnd=0x102d2, nIndex=-4, dwNewLong=0x1b343f2c) returned 0x7ffcdf0d4630
[0094.801] GetWindowLongPtrW (hWnd=0x102d2, nIndex=-4) returned 0x1b343f2c
[0094.801] GetWindowLongPtrW (hWnd=0x102d2, nIndex=-16) returned 0x4601000b
[0094.801] GetWindowLongPtrW (hWnd=0x102d2, nIndex=-12) returned 0x0
[0094.801] SetWindowLongPtrW (hWnd=0x102d2, nIndex=-12, dwNewLong=0x102d2) returned 0x0
[0094.801] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d2, Msg=0x81, wParam=0x0, lParam=0xb1a900) returned 0x1
[0094.802] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d2, Msg=0x83, wParam=0x0, lParam=0xb1a9b0) returned 0x0
[0094.802] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d2, Msg=0x1, wParam=0x0, lParam=0xb1a8e0) returned 0x0
[0094.803] SendMessageW (hWnd=0x102d2, Msg=0x2055, wParam=0x102d2, lParam=0x3) returned 0x2
[0094.803] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x3
[0094.803] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d2, Msg=0x127, wParam=0x3, lParam=0x0) returned 0x0
[0094.803] GetWindow (hWnd=0x102d2, uCmd=0x3) returned 0x102d0
[0094.803] GetClientRect (in: hWnd=0x102d2, lpRect=0xb1a250 | out: lpRect=0xb1a250) returned 1
[0094.803] GetWindowRect (in: hWnd=0x102d2, lpRect=0xb1a250 | out: lpRect=0xb1a250) returned 1
[0094.803] GetParent (hWnd=0x102d2) returned 0x202c4
[0094.803] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x202c4, lpPoints=0xb1a250, cPoints=0x2 | out: lpPoints=0xb1a250) returned -24773109
[0094.804] SetWindowTextW (hWnd=0x102d2, lpString="&Quit") returned 1
[0094.804] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d2, Msg=0xc, wParam=0x0, lParam=0x2826e8c) returned 0x1
[0094.804] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d2, Msg=0x5, wParam=0x0, lParam=0x170064) returned 0x0
[0094.804] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d2, Msg=0x3, wParam=0x0, lParam=0x5e014a) returned 0x0
[0094.804] GetClientRect (in: hWnd=0x102d2, lpRect=0xb1a380 | out: lpRect=0xb1a380) returned 1
[0094.804] GetWindowRect (in: hWnd=0x102d2, lpRect=0xb1a380 | out: lpRect=0xb1a380) returned 1
[0094.804] GetParent (hWnd=0x102d2) returned 0x202c4
[0094.804] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x202c4, lpPoints=0xb1a380, cPoints=0x2 | out: lpPoints=0xb1a380) returned -24773109
[0094.805] SendMessageW (hWnd=0x102d2, Msg=0x2210, wParam=0x2d20001, lParam=0x102d2) returned 0x0
[0094.805] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d2, Msg=0x2210, wParam=0x2d20001, lParam=0x102d2) returned 0x0
[0094.805] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d2, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0094.805] GetParent (hWnd=0x102d2) returned 0x202c4
[0094.805] GetCurrentActCtx (in: lphActCtx=0xb1b220 | out: lphActCtx=0xb1b220*=0xdcfa08) returned 1
[0094.805] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0094.805] GetClassInfoW (in: hInstance=0x0, lpClassName="EDIT", lpWndClass=0x282a4e8 | out: lpWndClass=0x282a4e8) returned 1
[0094.806] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0094.806] CoTaskMemAlloc (cb=0x52) returned 0x1d04c000
[0094.806] RegisterClassW (lpWndClass=0xb1af10) returned 0xc1a4
[0094.806] CoTaskMemFree (pv=0x1d04c000)
[0094.807] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0094.807] CreateWindowExW (dwExStyle=0x200, lpClassName="WindowsForms10.EDIT.app.0.141b42a_r6_ad1", lpWindowName="See the end of this message for details on invoking \r\njust-in-time (JIT) debugging instead of this dialog box.\r\n\r\n************** Exception Text **************\r\nSystem.UnauthorizedAccessException: Access to the path 'C:\\Windows\\System32\\LogonUI.exe' is denied.\r\n at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)\r\n at System.IO.File.InternalDelete(String path, Boolean checkHost)\r\n at SysWOW64.Worm_patch.cmd_get_Tick(Object sender, EventArgs e)\r\n at System.Windows.Forms.Timer.OnTick(EventArgs e)\r\n at System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m)\r\n at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)\r\n\r\n\r\n************** Loaded Assemblies **************\r\nmscorlib\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2102.0 built by: NET47REL1LAST\r\n CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v4.0.30319/mscorlib.dll\r\n----------------------------------------\r\nIZI\r\n Assembly Version: 1.0.0.0\r\n Win32 Version: 1.0.0.0\r\n CodeBase: file:///C:/Users/FD1HVy/Desktop/8g4YJ5vYi5gsz9qg.exe\r\n----------------------------------------\r\nSystem.Windows.Forms\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2104.0 built by: NET47REL1LAST\r\n CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll\r\n----------------------------------------\r\nSystem\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2103.2 built by: NET47REL1LAST\r\n CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll\r\n----------------------------------------\r\nSystem.Drawing\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2046.0 built by: NET47REL1\r\n CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll\r\n----------------------------------------\r\nSystem.Configuration\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2046.0 built by: NET47REL1\r\n CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll\r\n----------------------------------------\r\nSystem.Core\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2102.0 built by: NET47REL1LAST\r\n CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll\r\n----------------------------------------\r\nSystem.Xml\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2102.0 built by: NET47REL1LAST\r\n CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll\r\n----------------------------------------\r\n\r\n************** JIT Debugging **************\r\nTo enable just-in-time (JIT) debugging, the .config file for this\r\napplication or computer (machine.config) must have the\r\njitDebugging value set in the system.windows.forms section.\r\nThe application must also be compiled with debugging\r\nenabled.\r\n\r\nFor example:\r\n\r\n\r\n \r\n\r\n\r\nWhen JIT debugging is enabled, any unhandled exception\r\nwill be sent to the JIT debugger registered on the computer\r\nrather than be handled by this dialog box.\r\n\r\n\r\n", dwStyle=0x563008c4, X=8, Y=125, nWidth=422, nHeight=154, hWndParent=0x202c4, hMenu=0x0, hInstance=0x790000, lpParam=0x0) returned 0x102d4
[0094.807] SetWindowLongPtrW (hWnd=0x102d4, nIndex=-4, dwNewLong=0x7ffcdf0c2450) returned 0x1b343e3c
[0094.807] GetWindowLongPtrW (hWnd=0x102d4, nIndex=-4) returned 0x7ffcdf0c2450
[0094.807] SetWindowLongPtrW (hWnd=0x102d4, nIndex=-4, dwNewLong=0x1b343b1c) returned 0x7ffcdf0c2450
[0094.807] GetWindowLongPtrW (hWnd=0x102d4, nIndex=-4) returned 0x1b343b1c
[0094.807] GetWindowLongPtrW (hWnd=0x102d4, nIndex=-16) returned 0x463008c4
[0094.807] GetWindowLongPtrW (hWnd=0x102d4, nIndex=-12) returned 0x0
[0094.807] SetWindowLongPtrW (hWnd=0x102d4, nIndex=-12, dwNewLong=0x102d4) returned 0x0
[0094.808] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x102d4, Msg=0x81, wParam=0x0, lParam=0xb1a8c0) returned 0x1
[0094.809] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x102d4, Msg=0x83, wParam=0x0, lParam=0xb1a970) returned 0x0
[0094.810] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x102d4, Msg=0x1, wParam=0x0, lParam=0xb1a910) returned 0x1
[0094.844] GetWindow (hWnd=0x102d4, uCmd=0x3) returned 0x102d2
[0094.844] GetClientRect (in: hWnd=0x102d4, lpRect=0xb1a2e0 | out: lpRect=0xb1a2e0) returned 1
[0094.844] GetWindowRect (in: hWnd=0x102d4, lpRect=0xb1a2e0 | out: lpRect=0xb1a2e0) returned 1
[0094.844] GetParent (hWnd=0x102d4) returned 0x202c4
[0094.844] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x202c4, lpPoints=0xb1a2e0, cPoints=0x2 | out: lpPoints=0xb1a2e0) returned -24773109
[0094.846] GetWindowTextLengthW (hWnd=0x202c4) returned 16
[0094.846] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0094.846] GetSystemMetrics (nIndex=42) returned 0
[0094.846] GetWindowTextW (in: hWnd=0x202c4, lpString=0xb19ff0, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0094.846] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xd, wParam=0x11, lParam=0xb19ff0) returned 0x10
[0094.847] SendMessageW (hWnd=0x102d4, Msg=0x30, wParam=0x550a0545, lParam=0x0) returned 0x1
[0094.847] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x102d4, Msg=0x30, wParam=0x550a0545, lParam=0x0) returned 0x1
[0094.908] SetWindowTextW (hWnd=0x102d4, lpString="See the end of this message for details on invoking \r\njust-in-time (JIT) debugging instead of this dialog box.\r\n\r\n************** Exception Text **************\r\nSystem.UnauthorizedAccessException: Access to the path 'C:\\Windows\\System32\\LogonUI.exe' is denied.\r\n at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)\r\n at System.IO.File.InternalDelete(String path, Boolean checkHost)\r\n at SysWOW64.Worm_patch.cmd_get_Tick(Object sender, EventArgs e)\r\n at System.Windows.Forms.Timer.OnTick(EventArgs e)\r\n at System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m)\r\n at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)\r\n\r\n\r\n************** Loaded Assemblies **************\r\nmscorlib\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2102.0 built by: NET47REL1LAST\r\n CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v4.0.30319/mscorlib.dll\r\n----------------------------------------\r\nIZI\r\n Assembly Version: 1.0.0.0\r\n Win32 Version: 1.0.0.0\r\n CodeBase: file:///C:/Users/FD1HVy/Desktop/8g4YJ5vYi5gsz9qg.exe\r\n----------------------------------------\r\nSystem.Windows.Forms\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2104.0 built by: NET47REL1LAST\r\n CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll\r\n----------------------------------------\r\nSystem\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2103.2 built by: NET47REL1LAST\r\n CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll\r\n----------------------------------------\r\nSystem.Drawing\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2046.0 built by: NET47REL1\r\n CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll\r\n----------------------------------------\r\nSystem.Configuration\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2046.0 built by: NET47REL1\r\n CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll\r\n----------------------------------------\r\nSystem.Core\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2102.0 built by: NET47REL1LAST\r\n CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll\r\n----------------------------------------\r\nSystem.Xml\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2102.0 built by: NET47REL1LAST\r\n CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll\r\n----------------------------------------\r\n\r\n************** JIT Debugging **************\r\nTo enable just-in-time (JIT) debugging, the .config file for this\r\napplication or computer (machine.config) must have the\r\njitDebugging value set in the system.windows.forms section.\r\nThe application must also be compiled with debugging\r\nenabled.\r\n\r\nFor example:\r\n\r\n\r\n \r\n\r\n\r\nWhen JIT debugging is enabled, any unhandled exception\r\nwill be sent to the JIT debugger registered on the computer\r\nrather than be handled by this dialog box.\r\n\r\n\r\n") returned 1
[0094.908] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x102d4, Msg=0xc, wParam=0x0, lParam=0x282338c) returned 0x1
[0094.910] GetSystemMetrics (nIndex=5) returned 1
[0094.910] GetSystemMetrics (nIndex=6) returned 1
[0094.910] SendMessageW (hWnd=0x102d4, Msg=0xc5, wParam=0x7fff, lParam=0x0) returned 0x1
[0094.910] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x102d4, Msg=0xc5, wParam=0x7fff, lParam=0x0) returned 0x1
[0094.911] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x102d4, Msg=0x5, wParam=0x0, lParam=0x850191) returned 0x1
[0094.911] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x102d4, Msg=0x3, wParam=0x0, lParam=0x7f000a) returned 0x0
[0094.911] GetClientRect (in: hWnd=0x102d4, lpRect=0xb1a3a0 | out: lpRect=0xb1a3a0) returned 1
[0094.911] GetWindowRect (in: hWnd=0x102d4, lpRect=0xb1a3a0 | out: lpRect=0xb1a3a0) returned 1
[0094.911] GetParent (hWnd=0x102d4) returned 0x202c4
[0094.912] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x202c4, lpPoints=0xb1a3a0, cPoints=0x2 | out: lpPoints=0xb1a3a0) returned -24773109
[0094.912] SendMessageW (hWnd=0x102d4, Msg=0x2210, wParam=0x2d40001, lParam=0x102d4) returned 0x0
[0094.912] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x102d4, Msg=0x2210, wParam=0x2d40001, lParam=0x102d4) returned 0x0
[0094.912] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x102d4, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0094.912] GetParent (hWnd=0x102d4) returned 0x202c4
[0094.912] GetWindowLongPtrW (hWnd=0x202c4, nIndex=-8) returned 0x70036
[0094.912] MonitorFromWindow (hwnd=0x70036, dwFlags=0x2) returned 0x10001
[0094.913] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xb1b0e0 | out: lpmi=0xb1b0e0) returned 1
[0094.913] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x58010790
[0094.913] GetDeviceCaps (hdc=0x58010790, index=12) returned 32
[0094.913] GetDeviceCaps (hdc=0x58010790, index=14) returned 1
[0094.913] DeleteDC (hdc=0x58010790) returned 1
[0094.913] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xb1b150 | out: lpmi=0xb1b150) returned 1
[0094.913] GetWindowThreadProcessId (in: hWnd=0x202c4, lpdwProcessId=0xb1b2a0 | out: lpdwProcessId=0xb1b2a0) returned 0x11b4
[0094.913] GetCurrentThreadId () returned 0x11b4
[0094.913] PostMessageW (hWnd=0x202c4, Msg=0xc19f, wParam=0x0, lParam=0x0) returned 1
[0094.913] GetWindowTextLengthW (hWnd=0x202c4) returned 16
[0094.913] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0094.913] GetSystemMetrics (nIndex=42) returned 0
[0094.913] GetWindowTextW (in: hWnd=0x202c4, lpString=0xb1b190, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0094.913] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xd, wParam=0x11, lParam=0xb1b190) returned 0x10
[0094.915] GdipImageGetFrameDimensionsCount (image=0x1c62d170, count=0xb1b1a0) returned 0x0
[0094.915] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x1d046610
[0094.916] GdipImageGetFrameDimensionsList (image=0x1c62d170, dimensionIDs=0x1d046610*(Data1=0x450058, Data2=0x3b, Data3=0x2e, Data4=([0]=0x42, [1]=0x0, [2]=0x41, [3]=0x0, [4]=0x54, [5]=0x0, [6]=0x3b, [7]=0x0)), count=0x1) returned 0x0
[0094.918] LocalFree (hMem=0x1d046610) returned 0x0
[0094.921] GdipImageGetFrameDimensionsCount (image=0x1c629560, count=0xb1b1a0) returned 0x0
[0094.921] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x1d046770
[0094.921] GdipImageGetFrameDimensionsList (image=0x1c629560, dimensionIDs=0x1d046770*(Data1=0x48746547, Data2=0x7361, Data3=0x4368, Data4=([0]=0x6f, [1]=0x64, [2]=0x65, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), count=0x1) returned 0x0
[0094.921] LocalFree (hMem=0x1d046770) returned 0x0
[0094.922] SystemParametersInfoW (in: uiAction=0x5f, uiParam=0x0, pvParam=0xb1b3d0, fWinIni=0x0 | out: pvParam=0xb1b3d0) returned 1
[0094.922] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x46, wParam=0x0, lParam=0xb1ba50) returned 0x0
[0094.922] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x46, wParam=0x0, lParam=0xb1ba50) returned 0x0
[0094.922] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70030, Msg=0x46, wParam=0x0, lParam=0xb1ba50) returned 0x0
[0094.928] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0
[0094.929] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0
[0094.929] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0
[0094.929] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0
[0094.929] GetWindowPlacement (in: hWnd=0x202c4, lpwndpl=0xb1b580 | out: lpwndpl=0xb1b580) returned 1
[0094.929] GetClientRect (in: hWnd=0x202c4, lpRect=0xb1b4a0 | out: lpRect=0xb1b4a0) returned 1
[0094.929] GetWindowTextLengthW (hWnd=0x202c4) returned 16
[0094.929] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0094.930] GetSystemMetrics (nIndex=42) returned 0
[0094.930] GetWindowTextW (in: hWnd=0x202c4, lpString=0xb1b1e0, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0094.930] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xd, wParam=0x11, lParam=0xb1b1e0) returned 0x10
[0094.930] GetClientRect (in: hWnd=0x202c4, lpRect=0xb1b268 | out: lpRect=0xb1b268) returned 1
[0094.930] GetCurrentObject (hdc=0xd0104fe, type=0x1) returned 0xb00017
[0094.930] GetCurrentObject (hdc=0xd0104fe, type=0x2) returned 0x900010
[0094.930] GetCurrentObject (hdc=0xd0104fe, type=0x7) returned 0x1c05065f
[0094.930] GetCurrentObject (hdc=0xd0104fe, type=0x6) returned 0x8a01c2
[0094.930] SaveDC (hdc=0xd0104fe) returned 1
[0094.930] GetNearestColor (hdc=0xd0104fe, color=0xf0f0f0) returned 0xf0f0f0
[0094.930] CreateSolidBrush (color=0xf0f0f0) returned 0x7d1007c4
[0094.930] FillRect (hDC=0xd0104fe, lprc=0xb1af50, hbr=0x7d1007c4) returned 1
[0094.930] DeleteObject (ho=0x7d1007c4) returned 1
[0094.930] RestoreDC (hdc=0xd0104fe, nSavedDC=-1) returned 1
[0094.930] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c6, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0
[0094.931] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0
[0094.931] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0
[0094.931] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0x14, wParam=0x10105d6, lParam=0x0) returned 0x1
[0094.931] GetStockObject (i=5) returned 0x900015
[0094.931] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0
[0094.931] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x14, wParam=0xd0104fe, lParam=0x0) returned 0x1
[0094.931] GetStockObject (i=5) returned 0x900015
[0094.931] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d2, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0
[0094.932] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d2, Msg=0x14, wParam=0x10105d6, lParam=0x0) returned 0x1
[0094.932] GetStockObject (i=5) returned 0x900015
[0094.932] GetWindowPlacement (in: hWnd=0x202c4, lpwndpl=0xb1b560 | out: lpwndpl=0xb1b560) returned 1
[0094.932] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x47, wParam=0x0, lParam=0xb1ba50) returned 0x0
[0094.932] GetClientRect (in: hWnd=0x202c4, lpRect=0xb1b400 | out: lpRect=0xb1b400) returned 1
[0094.932] GetWindowRect (in: hWnd=0x202c4, lpRect=0xb1b400 | out: lpRect=0xb1b400) returned 1
[0094.933] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0
[0094.933] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0
[0094.933] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0
[0094.933] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70030, Msg=0x47, wParam=0x0, lParam=0xb1ba50) returned 0x0
[0094.934] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x5, wParam=0x0, lParam=0x7d01b6) returned 0x0
[0094.934] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x3, wParam=0x0, lParam=0x17b01f5) returned 0x0
[0094.934] GetClientRect (in: hWnd=0x202c4, lpRect=0xb1b490 | out: lpRect=0xb1b490) returned 1
[0094.934] GetWindowRect (in: hWnd=0x202c4, lpRect=0xb1b490 | out: lpRect=0xb1b490) returned 1
[0094.941] InvalidateRect (hWnd=0x102d0, lpRect=0x0, bErase=0) returned 1
[0094.943] InvalidateRect (hWnd=0x102ce, lpRect=0x0, bErase=0) returned 1
[0094.945] GetFocus () returned 0x202c4
[0094.945] GetFocus () returned 0x202c4
[0094.945] SetFocus (hWnd=0x102ce) returned 0x202c4
[0094.945] GetFocus () returned 0x102ce
[0094.945] IsChild (hWndParent=0x202c4, hWnd=0x102ce) returned 1
[0094.945] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x8, wParam=0x102ce, lParam=0x0) returned 0x0
[0094.946] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x281, wParam=0x0, lParam=0xc000000f) returned 0x0
[0094.947] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0
[0094.949] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0094.955] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0x7, wParam=0x202c4, lParam=0x0) returned 0x0
[0094.955] GetStockObject (i=5) returned 0x900015
[0094.955] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0094.955] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0xd, wParam=0x9, lParam=0x1d046c30) returned 0x8
[0094.956] GetDlgItem (hDlg=0x202c4, nIDDlgItem=66254) returned 0x102ce
[0094.956] SendMessageW (hWnd=0x102ce, Msg=0x202b, wParam=0x102ce, lParam=0xb1ae30) returned 0x0
[0094.956] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0x202b, wParam=0x102ce, lParam=0xb1ae30) returned 0x0
[0094.957] InvalidateRect (hWnd=0x102ce, lpRect=0x0, bErase=0) returned 1
[0094.959] GetFocus () returned 0x102ce
[0094.959] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.960] IsWindowUnicode (hWnd=0x18001c) returned 1
[0094.960] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.960] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0094.960] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0094.960] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.960] IsWindowUnicode (hWnd=0x18001c) returned 1
[0094.960] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.960] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0094.960] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0094.960] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.960] IsWindowUnicode (hWnd=0x202c4) returned 1
[0094.961] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.961] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0094.961] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0094.961] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0
[0094.961] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.961] IsWindowUnicode (hWnd=0x202c4) returned 1
[0094.961] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.961] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0094.961] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0094.961] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.963] IsWindowUnicode (hWnd=0x202c4) returned 1
[0094.963] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.963] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0094.963] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0094.964] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.964] IsWindowUnicode (hWnd=0x18001c) returned 1
[0094.964] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.964] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0094.964] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0094.964] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.964] IsWindowUnicode (hWnd=0x18001c) returned 1
[0094.964] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.964] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0094.964] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0094.964] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.964] IsWindowUnicode (hWnd=0x18001c) returned 1
[0094.964] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.965] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0094.965] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0094.965] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.965] IsWindowUnicode (hWnd=0x18001c) returned 1
[0094.965] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.965] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0094.965] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0094.965] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.965] IsWindowUnicode (hWnd=0x18001c) returned 1
[0094.965] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.966] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0094.966] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0094.966] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.966] IsWindowUnicode (hWnd=0x18001c) returned 1
[0094.966] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.966] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0094.966] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0094.967] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.967] IsWindowUnicode (hWnd=0x18001c) returned 1
[0094.967] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.967] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0094.967] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0094.967] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.967] IsWindowUnicode (hWnd=0x18001c) returned 1
[0094.967] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.967] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0094.967] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0094.968] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.968] IsWindowUnicode (hWnd=0x18001c) returned 1
[0094.968] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.968] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0094.968] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0094.968] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.968] IsWindowUnicode (hWnd=0x202c4) returned 1
[0094.968] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.968] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0094.968] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0094.969] BeginPaint (in: hWnd=0x202c4, lpPaint=0xb1b238 | out: lpPaint=0xb1b238) returned 0xd0104fe
[0094.969] SelectPalette (hdc=0xd0104fe, hPal=0x630807c0, bForceBkgd=1) returned 0x88000b
[0094.969] GetWindowTextLengthW (hWnd=0x202c4) returned 16
[0094.969] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0094.969] GetSystemMetrics (nIndex=42) returned 0
[0094.969] GetWindowTextW (in: hWnd=0x202c4, lpString=0xb1b0b0, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0094.969] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xd, wParam=0x11, lParam=0xb1b0b0) returned 0x10
[0094.969] SelectPalette (hdc=0xd0104fe, hPal=0x88000b, bForceBkgd=0) returned 0x630807c0
[0094.969] EndPaint (hWnd=0x202c4, lpPaint=0xb1b1d8) returned 1
[0094.969] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.969] IsWindowUnicode (hWnd=0x202c6) returned 1
[0094.969] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0094.969] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0094.969] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0094.970] BeginPaint (in: hWnd=0x202c6, lpPaint=0xb1b298 | out: lpPaint=0xb1b298) returned 0x60100ce
[0094.970] SelectPalette (hdc=0x60100ce, hPal=0x630807c0, bForceBkgd=1) returned 0x88000b
[0094.970] CreateCompatibleDC (hdc=0x60100ce) returned 0x70010790
[0094.971] GetObjectType (h=0x60100ce) returned 0x3
[0094.971] CreateCompatibleBitmap (hdc=0x60100ce, cx=1, cy=1) returned 0x250507b4
[0094.972] GetDIBits (in: hdc=0x60100ce, hbm=0x250507b4, start=0x0, cLines=0x0, lpvBits=0x0, lpbmi=0xb1ac18, usage=0x0 | out: lpvBits=0x0, lpbmi=0xb1ac18) returned 1
[0094.972] GetDIBits (in: hdc=0x60100ce, hbm=0x250507b4, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0xb1ac18, usage=0x0 | out: lpvBits=0x0, lpbmi=0xb1ac18) returned 1
[0094.972] DeleteObject (ho=0x250507b4) returned 1
[0094.972] CreateDIBSection (in: hdc=0x60100ce, lpbmi=0xb1acd8, usage=0x0, ppvBits=0xb1b290, hSection=0x0, offset=0x0 | out: ppvBits=0xb1b290) returned 0x200507a8
[0094.972] SelectObject (hdc=0x70010790, h=0x200507a8) returned 0x85000f
[0094.972] GdipCreateFromHDC (hdc=0x70010790, graphics=0xb1b218) returned 0x0
[0094.975] GdipTranslateWorldTransform (graphics=0x1c62e510, dx=0x7ffcc71dec22, dy=0x4ca1bf869dac, order=0x0) returned 0x0
[0094.976] GdipSetClipRectI (graphics=0x1c62e510, x=0, y=0, width=64, height=64, combineMode=0x0) returned 0x0
[0094.979] GdipCreateMatrix (matrix=0xb1b240) returned 0x0
[0094.980] GdipGetWorldTransform (graphics=0x1c62e510, matrix=0x1c6290f0) returned 0x0
[0094.981] GdipIsMatrixIdentity (matrix=0x1c6290f0, result=0xb1b2a8) returned 0x0
[0094.988] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1d03b770
[0094.989] GdipGetMatrixElements (matrix=0x1c6290f0, matrixOut=0x1d03b770) returned 0x0
[0094.989] LocalFree (hMem=0x1d03b770) returned 0x0
[0094.989] GdipDeleteMatrix (matrix=0x1c6290f0) returned 0x0
[0094.991] GdipCreateRegion (region=0xb1b240) returned 0x0
[0095.147] GdipGetClip (graphics=0x1c62e510, region=0x1c628a90) returned 0x0
[0095.148] GdipIsInfiniteRegion (region=0x1c628a90, graphics=0x1c62e510, result=0xb1b2a0) returned 0x0
[0095.149] GdipSaveGraphics (graphics=0x1c62e510, state=0xb1b340) returned 0x0
[0095.151] GetWindowTextLengthW (hWnd=0x202c6) returned 0
[0095.151] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c6, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0
[0095.151] GetSystemMetrics (nIndex=42) returned 0
[0095.151] GetWindowTextW (in: hWnd=0x202c6, lpString=0xb1b130, nMaxCount=1 | out: lpString="") returned 0
[0095.151] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c6, Msg=0xd, wParam=0x1, lParam=0xb1b130) returned 0x0
[0095.151] GetClientRect (in: hWnd=0x202c6, lpRect=0xb1b2d8 | out: lpRect=0xb1b2d8) returned 1
[0095.152] GdipCreateRegion (region=0xb1aeb0) returned 0x0
[0095.152] GdipGetClip (graphics=0x1c62e510, region=0x1c62e8e0) returned 0x0
[0095.152] GdipCreateMatrix (matrix=0xb1aeb0) returned 0x0
[0095.152] GdipGetWorldTransform (graphics=0x1c62e510, matrix=0x1c62e9a0) returned 0x0
[0095.154] GdipIsMatrixIdentity (matrix=0x1c62e9a0, result=0xb1af18) returned 0x0
[0095.154] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1d03af30
[0095.154] GdipGetMatrixElements (matrix=0x1c62e9a0, matrixOut=0x1d03af30) returned 0x0
[0095.154] LocalFree (hMem=0x1d03af30) returned 0x0
[0095.155] GdipCombineRegionRegion (region=0x1c62e8e0, region2=0x1c628a90, combineMode=0x1) returned 0x0
[0095.155] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1d03b370
[0095.155] GdipGetMatrixElements (matrix=0x1c62e9a0, matrixOut=0x1d03b370) returned 0x0
[0095.155] LocalFree (hMem=0x1d03b370) returned 0x0
[0095.155] GdipDeleteMatrix (matrix=0x1c62e9a0) returned 0x0
[0095.155] GdipIsInfiniteRegion (region=0x1c62e8e0, graphics=0x1c62e510, result=0xb1af80) returned 0x0
[0095.157] GdipIsInfiniteRegion (region=0x1c62e8e0, graphics=0x1c62e510, result=0xb1af40) returned 0x0
[0095.158] GdipGetRegionHRgn (region=0x1c62e8e0, graphics=0x1c62e510, hRgn=0xb1af40) returned 0x0
[0095.177] GdipDeleteRegion (region=0x1c62e8e0) returned 0x0
[0095.178] GdipGetDC (graphics=0x1c62e510, hdc=0xb1af88) returned 0x0
[0095.178] GetCurrentObject (hdc=0x70010790, type=0x1) returned 0xb00017
[0095.178] GetCurrentObject (hdc=0x70010790, type=0x2) returned 0x900010
[0095.178] GetCurrentObject (hdc=0x70010790, type=0x7) returned 0x200507a8
[0095.178] GetCurrentObject (hdc=0x70010790, type=0x6) returned 0x8a01c2
[0095.178] SaveDC (hdc=0x70010790) returned 1
[0095.183] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xac0407b3
[0095.183] GetClipRgn (hdc=0x70010790, hrgn=0xac0407b3) returned 0
[0095.183] SelectClipRgn (hdc=0x70010790, hrgn=0x3e040668) returned 2
[0095.183] DeleteObject (ho=0xac0407b3) returned 1
[0095.184] DeleteObject (ho=0x3e040668) returned 1
[0095.185] OffsetViewportOrgEx (in: hdc=0x70010790, x=0, y=0, lppt=0x282d630 | out: lppt=0x282d630) returned 1
[0095.185] GetNearestColor (hdc=0x70010790, color=0xf0f0f0) returned 0xf0f0f0
[0095.185] CreateSolidBrush (color=0xf0f0f0) returned 0x7e1007c4
[0095.185] FillRect (hDC=0x70010790, lprc=0xb1afc0, hbr=0x7e1007c4) returned 1
[0095.185] DeleteObject (ho=0x7e1007c4) returned 1
[0095.185] RestoreDC (hdc=0x70010790, nSavedDC=-1) returned 1
[0095.186] GdipReleaseDC (graphics=0x1c62e510, hdc=0x70010790) returned 0x0
[0095.187] GdipRestoreGraphics (graphics=0x1c62e510, state=0xfffffffffdb40dbd) returned 0x0
[0095.187] GdipDeleteRegion (region=0x1c628a90) returned 0x0
[0095.187] GetWindowTextLengthW (hWnd=0x202c6) returned 0
[0095.187] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c6, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0
[0095.188] GetSystemMetrics (nIndex=42) returned 0
[0095.188] GetWindowTextW (in: hWnd=0x202c6, lpString=0xb1b130, nMaxCount=1 | out: lpString="") returned 0
[0095.188] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c6, Msg=0xd, wParam=0x1, lParam=0xb1b130) returned 0x0
[0095.188] GdipGetImageWidth (image=0x1c62d170, width=0xb1b168) returned 0x0
[0095.188] GdipGetImageHeight (image=0x1c62d170, height=0xb1b168) returned 0x0
[0095.189] GdipGetImageWidth (image=0x1c62d170, width=0xb1b128) returned 0x0
[0095.189] GdipGetImageHeight (image=0x1c62d170, height=0xb1b128) returned 0x0
[0095.190] GdipDrawImageRectI (graphics=0x1c62e510, image=0x1c62d170, x=16, y=16, width=32, height=32) returned 0x0
[0095.191] GdipGetDC (graphics=0x1c62e510, hdc=0xb1b258) returned 0x0
[0095.191] BitBlt (hdc=0x60100ce, x=0, y=0, cx=64, cy=64, hdcSrc=0x70010790, x1=0, y1=0, rop=0xcc0020) returned 1
[0095.191] GdipReleaseDC (graphics=0x1c62e510, hdc=0x70010790) returned 0x0
[0095.191] SelectPalette (hdc=0x60100ce, hPal=0x88000b, bForceBkgd=0) returned 0x630807c0
[0095.192] SelectObject (hdc=0x70010790, h=0x85000f) returned 0x200507a8
[0095.192] DeleteDC (hdc=0x70010790) returned 1
[0095.192] GdipDeleteGraphics (graphics=0x1c62e510) returned 0x0
[0095.192] EndPaint (hWnd=0x202c6, lpPaint=0xb1b238) returned 1
[0095.192] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.192] IsWindowUnicode (hWnd=0x18001c) returned 1
[0095.192] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.192] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0095.192] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0095.193] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.193] IsWindowUnicode (hWnd=0x18001c) returned 1
[0095.193] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.193] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0095.193] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0095.193] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.194] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x84, wParam=0x0, lParam=0x1de031d) returned 0x1
[0095.194] IsWindowUnicode (hWnd=0x102d0) returned 1
[0095.194] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.194] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0095.194] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0095.194] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.194] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x84, wParam=0x0, lParam=0x1de031d) returned 0x1
[0095.194] IsWindowUnicode (hWnd=0x102d0) returned 1
[0095.194] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.194] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x84, wParam=0x0, lParam=0x1de031d) returned 0x1
[0095.195] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0095.195] SetCursor (hCursor=0x10003) returned 0x10007
[0095.196] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0095.196] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0095.256] _TrackMouseEvent (in: lpEventTrack=0x282d7e0 | out: lpEventTrack=0x282d7e0) returned 1
[0095.257] SendMessageW (hWnd=0x102d0, Msg=0xc19a, wParam=0x0, lParam=0x0) returned 0x0
[0095.257] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0xc19a, wParam=0x0, lParam=0x0) returned 0x0
[0095.257] InvalidateRect (hWnd=0x102d0, lpRect=0x0, bErase=0) returned 1
[0095.258] GetKeyState (nVirtKey=2) returned 0
[0095.258] GetKeyState (nVirtKey=4) returned 0
[0095.258] GetKeyState (nVirtKey=5) returned 0
[0095.258] GetKeyState (nVirtKey=6) returned 0
[0095.259] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.259] IsWindowUnicode (hWnd=0x202cc) returned 1
[0095.259] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.259] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0095.259] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0095.259] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.260] IsWindowUnicode (hWnd=0x202cc) returned 1
[0095.260] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.260] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0095.260] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0095.260] BeginPaint (in: hWnd=0x202cc, lpPaint=0xb1b218 | out: lpPaint=0xb1b218) returned 0xf0105ee
[0095.263] SelectPalette (hdc=0xf0105ee, hPal=0x630807c0, bForceBkgd=1) returned 0x88000b
[0095.263] CreateCompatibleDC (hdc=0xf0105ee) returned 0x70107d7
[0095.263] GetObjectType (h=0xf0105ee) returned 0x3
[0095.263] CreateCompatibleBitmap (hdc=0xf0105ee, cx=1, cy=1) returned 0x73050790
[0095.263] GetDIBits (in: hdc=0xf0105ee, hbm=0x73050790, start=0x0, cLines=0x0, lpvBits=0x0, lpbmi=0xb1ab18, usage=0x0 | out: lpvBits=0x0, lpbmi=0xb1ab18) returned 1
[0095.263] GetDIBits (in: hdc=0xf0105ee, hbm=0x73050790, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0xb1ab18, usage=0x0 | out: lpvBits=0x0, lpbmi=0xb1ab18) returned 1
[0095.263] DeleteObject (ho=0x73050790) returned 1
[0095.264] CreateDIBSection (in: hdc=0xf0105ee, lpbmi=0xb1abd8, usage=0x0, ppvBits=0xb1b190, hSection=0x0, offset=0x0 | out: ppvBits=0xb1b190) returned 0x2605065e
[0095.264] SelectObject (hdc=0x70107d7, h=0x2605065e) returned 0x85000f
[0095.264] GdipCreateFromHDC (hdc=0x70107d7, graphics=0xb1b118) returned 0x0
[0095.264] GdipTranslateWorldTransform (graphics=0x1c62e510, dx=0x7ffcc71dec22, dy=0x4ca1bf869dac, order=0x0) returned 0x0
[0095.264] GdipSetClipRectI (graphics=0x1c62e510, x=0, y=0, width=354, height=68, combineMode=0x0) returned 0x0
[0095.264] GdipCreateMatrix (matrix=0xb1b1c0) returned 0x0
[0095.265] GdipGetWorldTransform (graphics=0x1c62e510, matrix=0x1c6290f0) returned 0x0
[0095.265] GdipIsMatrixIdentity (matrix=0x1c6290f0, result=0xb1b228) returned 0x0
[0095.265] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1d03ba70
[0095.265] GdipGetMatrixElements (matrix=0x1c6290f0, matrixOut=0x1d03ba70) returned 0x0
[0095.265] LocalFree (hMem=0x1d03ba70) returned 0x0
[0095.265] GdipDeleteMatrix (matrix=0x1c6290f0) returned 0x0
[0095.265] GdipCreateRegion (region=0xb1b1c0) returned 0x0
[0095.265] GdipGetClip (graphics=0x1c62e510, region=0x1c628a90) returned 0x0
[0095.265] GdipIsInfiniteRegion (region=0x1c628a90, graphics=0x1c62e510, result=0xb1b220) returned 0x0
[0095.265] GdipSaveGraphics (graphics=0x1c62e510, state=0xb1b2c0) returned 0x0
[0095.265] GetWindowTextLengthW (hWnd=0x202cc) returned 266
[0095.265] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10a
[0095.265] GetSystemMetrics (nIndex=42) returned 0
[0095.265] CoTaskMemAlloc (cb=0x21a) returned 0x1d0269d0
[0095.265] GetWindowTextW (in: hWnd=0x202cc, lpString=0x1d0269d0, nMaxCount=267 | out: lpString="Unhandled exception has occurred in your application. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately.\r\n\r\nAccess to the path 'C:\\Windows\\System32\\LogonUI.exe' is denied.") returned 266
[0095.265] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0xd, wParam=0x10b, lParam=0x1d0269d0) returned 0x10a
[0095.266] CoTaskMemFree (pv=0x1d0269d0)
[0095.266] GetClientRect (in: hWnd=0x202cc, lpRect=0xb1b258 | out: lpRect=0xb1b258) returned 1
[0095.266] GdipCreateRegion (region=0xb1ae30) returned 0x0
[0095.266] GdipGetClip (graphics=0x1c62e510, region=0x1c62e8e0) returned 0x0
[0095.266] GdipCreateMatrix (matrix=0xb1ae30) returned 0x0
[0095.266] GdipGetWorldTransform (graphics=0x1c62e510, matrix=0x1c62e9a0) returned 0x0
[0095.266] GdipIsMatrixIdentity (matrix=0x1c62e9a0, result=0xb1ae98) returned 0x0
[0095.266] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1d03b770
[0095.266] GdipGetMatrixElements (matrix=0x1c62e9a0, matrixOut=0x1d03b770) returned 0x0
[0095.266] LocalFree (hMem=0x1d03b770) returned 0x0
[0095.266] GdipCombineRegionRegion (region=0x1c62e8e0, region2=0x1c628a90, combineMode=0x1) returned 0x0
[0095.266] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1d03b370
[0095.266] GdipGetMatrixElements (matrix=0x1c62e9a0, matrixOut=0x1d03b370) returned 0x0
[0095.266] LocalFree (hMem=0x1d03b370) returned 0x0
[0095.266] GdipDeleteMatrix (matrix=0x1c62e9a0) returned 0x0
[0095.266] GdipIsInfiniteRegion (region=0x1c62e8e0, graphics=0x1c62e510, result=0xb1af00) returned 0x0
[0095.267] GdipIsInfiniteRegion (region=0x1c62e8e0, graphics=0x1c62e510, result=0xb1aec0) returned 0x0
[0095.267] GdipGetRegionHRgn (region=0x1c62e8e0, graphics=0x1c62e510, hRgn=0xb1aec0) returned 0x0
[0095.267] GdipDeleteRegion (region=0x1c62e8e0) returned 0x0
[0095.267] GdipGetDC (graphics=0x1c62e510, hdc=0xb1af08) returned 0x0
[0095.267] GetCurrentObject (hdc=0x70107d7, type=0x1) returned 0xb00017
[0095.267] GetCurrentObject (hdc=0x70107d7, type=0x2) returned 0x900010
[0095.267] GetCurrentObject (hdc=0x70107d7, type=0x7) returned 0x2605065e
[0095.267] GetCurrentObject (hdc=0x70107d7, type=0x6) returned 0x8a01c2
[0095.267] SaveDC (hdc=0x70107d7) returned 1
[0095.267] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3f040668
[0095.267] GetClipRgn (hdc=0x70107d7, hrgn=0x3f040668) returned 0
[0095.267] SelectClipRgn (hdc=0x70107d7, hrgn=0xad0407b3) returned 2
[0095.267] DeleteObject (ho=0x3f040668) returned 1
[0095.267] DeleteObject (ho=0xad0407b3) returned 1
[0095.267] OffsetViewportOrgEx (in: hdc=0x70107d7, x=0, y=0, lppt=0x282f528 | out: lppt=0x282f528) returned 1
[0095.267] GetNearestColor (hdc=0x70107d7, color=0xf0f0f0) returned 0xf0f0f0
[0095.267] CreateSolidBrush (color=0xf0f0f0) returned 0x7f1007c4
[0095.268] FillRect (hDC=0x70107d7, lprc=0xb1af40, hbr=0x7f1007c4) returned 1
[0095.268] DeleteObject (ho=0x7f1007c4) returned 1
[0095.268] RestoreDC (hdc=0x70107d7, nSavedDC=-1) returned 1
[0095.268] GdipReleaseDC (graphics=0x1c62e510, hdc=0x70107d7) returned 0x0
[0095.268] GdipRestoreGraphics (graphics=0x1c62e510, state=0xfffffffffdb20dbd) returned 0x0
[0095.268] GdipDeleteRegion (region=0x1c628a90) returned 0x0
[0095.269] GetWindowTextLengthW (hWnd=0x202cc) returned 266
[0095.269] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10a
[0095.269] GetSystemMetrics (nIndex=42) returned 0
[0095.269] CoTaskMemAlloc (cb=0x21a) returned 0x1d025620
[0095.269] GetWindowTextW (in: hWnd=0x202cc, lpString=0x1d025620, nMaxCount=267 | out: lpString="Unhandled exception has occurred in your application. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately.\r\n\r\nAccess to the path 'C:\\Windows\\System32\\LogonUI.exe' is denied.") returned 266
[0095.269] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0xd, wParam=0x10b, lParam=0x1d025620) returned 0x10a
[0095.269] CoTaskMemFree (pv=0x1d025620)
[0095.269] GdipGetDC (graphics=0x1c62e510, hdc=0xb1b0a8) returned 0x0
[0095.269] GetCurrentObject (hdc=0x70107d7, type=0x1) returned 0xb00017
[0095.269] GetCurrentObject (hdc=0x70107d7, type=0x2) returned 0x900010
[0095.269] GetCurrentObject (hdc=0x70107d7, type=0x7) returned 0x2605065e
[0095.269] GetCurrentObject (hdc=0x70107d7, type=0x6) returned 0x8a01c2
[0095.269] SaveDC (hdc=0x70107d7) returned 1
[0095.269] GetNearestColor (hdc=0x70107d7, color=0x0) returned 0x0
[0095.269] RestoreDC (hdc=0x70107d7, nSavedDC=-1) returned 1
[0095.269] GdipReleaseDC (graphics=0x1c62e510, hdc=0x70107d7) returned 0x0
[0095.271] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0095.271] AdjustWindowRectEx (in: lpRect=0xb1af60, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xb1af60) returned 1
[0095.278] GdipGetFamilyName (in: family=0x1b40a440, name=0xb1ac90, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0095.280] CreateCompatibleDC (hdc=0x0) returned 0xb0107d8
[0095.280] GetCurrentObject (hdc=0xb0107d8, type=0x1) returned 0xb00017
[0095.280] GetCurrentObject (hdc=0xb0107d8, type=0x2) returned 0x900010
[0095.280] GetCurrentObject (hdc=0xb0107d8, type=0x7) returned 0x85000f
[0095.280] GetCurrentObject (hdc=0xb0107d8, type=0x6) returned 0x8a01c2
[0095.280] SaveDC (hdc=0xb0107d8) returned 1
[0095.281] GetDeviceCaps (hdc=0xb0107d8, index=90) returned 96
[0095.283] CoTaskMemAlloc (cb=0x5c) returned 0x1d039e10
[0095.283] CreateFontIndirectW (lplf=0x1d039e10) returned 0x40a07da
[0095.283] CoTaskMemFree (pv=0x1d039e10)
[0095.283] GetObjectW (in: h=0x40a07da, c=92, pv=0xb1ac50 | out: pv=0xb1ac50) returned 92
[0095.295] GetCurrentObject (hdc=0xb0107d8, type=0x6) returned 0x8a01c2
[0095.295] GetObjectW (in: h=0x8a01c2, c=92, pv=0xb1aa70 | out: pv=0xb1aa70) returned 92
[0095.298] SelectObject (hdc=0xb0107d8, h=0x40a07da) returned 0x8a01c2
[0095.300] GetMapMode (hdc=0xb0107d8) returned 1
[0095.300] GetTextMetricsW (in: hdc=0xb0107d8, lptm=0xb1acc0 | out: lptm=0xb1acc0) returned 1
[0095.301] DrawTextExW (in: hdc=0xb0107d8, lpchText="Unhandled exception has occurred in your application. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately.\r\n\r\nAccess to the path 'C:\\Windows\\System32\\LogonUI.exe' is denied.", cchText=266, lprc=0xb1aec8, format=0x102400, lpdtp=0x28307b8 | out: lpchText="Unhandled exception has occurred in your application. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately.\r\n\r\nAccess to the path 'C:\\Windows\\System32\\LogonUI.exe' is denied.", lprc=0xb1aec8) returned 39
[0095.305] GdipGetTextRenderingHint (graphics=0x1c62e510, mode=0xb1afb8) returned 0x0
[0095.306] GdipGetDC (graphics=0x1c62e510, hdc=0xb1af98) returned 0x0
[0095.306] GetCurrentObject (hdc=0x70107d7, type=0x1) returned 0xb00017
[0095.306] GetCurrentObject (hdc=0x70107d7, type=0x2) returned 0x900010
[0095.306] GetCurrentObject (hdc=0x70107d7, type=0x7) returned 0x2605065e
[0095.306] GetCurrentObject (hdc=0x70107d7, type=0x6) returned 0x8a01c2
[0095.306] SaveDC (hdc=0x70107d7) returned 1
[0095.310] GetTextAlign (hdc=0x70107d7) returned 0x0
[0095.311] GetTextColor (hdc=0x70107d7) returned 0x0
[0095.311] GetCurrentObject (hdc=0x70107d7, type=0x6) returned 0x8a01c2
[0095.311] GetObjectW (in: h=0x8a01c2, c=92, pv=0xb1aaa0 | out: pv=0xb1aaa0) returned 92
[0095.311] SelectObject (hdc=0x70107d7, h=0x40a07da) returned 0x8a01c2
[0095.312] GetBkMode (hdc=0x70107d7) returned 2
[0095.313] SetBkMode (hdc=0x70107d7, mode=1) returned 2
[0095.313] DrawTextExW (in: hdc=0x70107d7, lpchText="Unhandled exception has occurred in your application. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately.\r\n\r\nAccess to the path 'C:\\Windows\\System32\\LogonUI.exe' is denied.", cchText=266, lprc=0xb1af28, format=0x102010, lpdtp=0x2830bb8 | out: lpchText="Unhandled exception has occurred in your application. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately.\r\n\r\nAccess to the path 'C:\\Windows\\System32\\LogonUI.exe' is denied.", lprc=0xb1af28) returned 65
[0095.323] RestoreDC (hdc=0x70107d7, nSavedDC=-1) returned 1
[0095.323] GdipReleaseDC (graphics=0x1c62e510, hdc=0x70107d7) returned 0x0
[0095.323] GdipGetDC (graphics=0x1c62e510, hdc=0xb1b1d8) returned 0x0
[0095.323] BitBlt (hdc=0xf0105ee, x=0, y=0, cx=354, cy=68, hdcSrc=0x70107d7, x1=0, y1=0, rop=0xcc0020) returned 1
[0095.323] GdipReleaseDC (graphics=0x1c62e510, hdc=0x70107d7) returned 0x0
[0095.323] SelectPalette (hdc=0xf0105ee, hPal=0x88000b, bForceBkgd=0) returned 0x630807c0
[0095.323] SelectObject (hdc=0x70107d7, h=0x85000f) returned 0x2605065e
[0095.324] DeleteDC (hdc=0x70107d7) returned 1
[0095.324] GdipDeleteGraphics (graphics=0x1c62e510) returned 0x0
[0095.324] DeleteObject (ho=0x2605065e) returned 1
[0095.324] EndPaint (hWnd=0x202cc, lpPaint=0xb1b1b8) returned 1
[0095.324] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.324] IsWindowUnicode (hWnd=0x102ce) returned 1
[0095.324] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.324] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0095.324] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0095.324] BeginPaint (in: hWnd=0x102ce, lpPaint=0xb1b1e8 | out: lpPaint=0xb1b1e8) returned 0xd0104fe
[0095.324] SelectPalette (hdc=0xd0104fe, hPal=0x630807c0, bForceBkgd=1) returned 0x88000b
[0095.324] CreateCompatibleDC (hdc=0xd0104fe) returned 0x76010790
[0095.325] DeleteObject (ho=0x200507a8) returned 1
[0095.325] GetObjectType (h=0xd0104fe) returned 0x3
[0095.325] CreateCompatibleBitmap (hdc=0xd0104fe, cx=1, cy=1) returned 0x270507b4
[0095.325] GetDIBits (in: hdc=0xd0104fe, hbm=0x270507b4, start=0x0, cLines=0x0, lpvBits=0x0, lpbmi=0xb1ab68, usage=0x0 | out: lpvBits=0x0, lpbmi=0xb1ab68) returned 1
[0095.325] GetDIBits (in: hdc=0xd0104fe, hbm=0x270507b4, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0xb1ab68, usage=0x0 | out: lpvBits=0x0, lpbmi=0xb1ab68) returned 1
[0095.325] DeleteObject (ho=0x270507b4) returned 1
[0095.325] CreateDIBSection (in: hdc=0xd0104fe, lpbmi=0xb1ac28, usage=0x0, ppvBits=0xb1b1e0, hSection=0x0, offset=0x0 | out: ppvBits=0xb1b1e0) returned 0x210507a8
[0095.325] SelectObject (hdc=0x76010790, h=0x210507a8) returned 0x85000f
[0095.325] GdipCreateFromHDC (hdc=0x76010790, graphics=0xb1b168) returned 0x0
[0095.325] GdipTranslateWorldTransform (graphics=0x1c62e510, dx=0x7ffcc71dec22, dy=0x4ca1bf869dac, order=0x0) returned 0x0
[0095.325] GdipSetClipRectI (graphics=0x1c62e510, x=0, y=0, width=100, height=23, combineMode=0x0) returned 0x0
[0095.326] GdipCreateMatrix (matrix=0xb1b190) returned 0x0
[0095.326] GdipGetWorldTransform (graphics=0x1c62e510, matrix=0x1c6290f0) returned 0x0
[0095.326] GdipIsMatrixIdentity (matrix=0x1c6290f0, result=0xb1b1f8) returned 0x0
[0095.326] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1d03b370
[0095.326] GdipGetMatrixElements (matrix=0x1c6290f0, matrixOut=0x1d03b370) returned 0x0
[0095.326] LocalFree (hMem=0x1d03b370) returned 0x0
[0095.326] GdipDeleteMatrix (matrix=0x1c6290f0) returned 0x0
[0095.326] GdipCreateRegion (region=0xb1b190) returned 0x0
[0095.326] GdipGetClip (graphics=0x1c62e510, region=0x1c628a90) returned 0x0
[0095.326] GdipIsInfiniteRegion (region=0x1c628a90, graphics=0x1c62e510, result=0xb1b1f0) returned 0x0
[0095.326] GdipSaveGraphics (graphics=0x1c62e510, state=0xb1b290) returned 0x0
[0095.326] GdipRestoreGraphics (graphics=0x1c62e510, state=0xfffffffffdb00dbd) returned 0x0
[0095.326] GdipDeleteRegion (region=0x1c628a90) returned 0x0
[0095.328] SystemParametersInfoW (in: uiAction=0x42, uiParam=0x10, pvParam=0xb1afe8, fWinIni=0x0 | out: pvParam=0xb1afe8) returned 1
[0095.330] GdipGetDC (graphics=0x1c62e510, hdc=0xb1af08) returned 0x0
[0095.330] GetCurrentObject (hdc=0x76010790, type=0x1) returned 0xb00017
[0095.330] GetCurrentObject (hdc=0x76010790, type=0x2) returned 0x900010
[0095.330] GetCurrentObject (hdc=0x76010790, type=0x7) returned 0x210507a8
[0095.330] GetCurrentObject (hdc=0x76010790, type=0x6) returned 0x8a01c2
[0095.330] SaveDC (hdc=0x76010790) returned 1
[0095.330] GetNearestColor (hdc=0x76010790, color=0xf0f0f0) returned 0xf0f0f0
[0095.330] GetNearestColor (hdc=0x76010790, color=0xa0a0a0) returned 0xa0a0a0
[0095.330] GetNearestColor (hdc=0x76010790, color=0x696969) returned 0x696969
[0095.330] GetNearestColor (hdc=0x76010790, color=0xa0a0a0) returned 0xa0a0a0
[0095.330] GetNearestColor (hdc=0x76010790, color=0x0) returned 0x0
[0095.330] GetNearestColor (hdc=0x76010790, color=0xffffff) returned 0xffffff
[0095.330] GetNearestColor (hdc=0x76010790, color=0xe5e5e5) returned 0xe5e5e5
[0095.330] GetNearestColor (hdc=0x76010790, color=0xd8d8d8) returned 0xd8d8d8
[0095.330] GetNearestColor (hdc=0x76010790, color=0x0) returned 0x0
[0095.330] RestoreDC (hdc=0x76010790, nSavedDC=-1) returned 1
[0095.331] GdipReleaseDC (graphics=0x1c62e510, hdc=0x76010790) returned 0x0
[0095.333] IsAppThemed () returned 0x1
[0095.334] GetThemeAppProperties () returned 0x3
[0095.334] OpenThemeData () returned 0x10003
[0095.341] GdipGetImageWidth (image=0x1c629560, width=0xb1afa8) returned 0x0
[0095.341] GdipGetImageHeight (image=0x1c629560, height=0xb1afa8) returned 0x0
[0095.347] IsAppThemed () returned 0x1
[0095.347] GetThemeAppProperties () returned 0x3
[0095.347] GetThemeAppProperties () returned 0x3
[0095.347] DrawTextExW (in: hdc=0xb0107d8, lpchText="&Details", cchText=8, lprc=0xb1ac48, format=0x102415, lpdtp=0x2832d48 | out: lpchText="&Details", lprc=0xb1ac48) returned 13
[0095.348] IsAppThemed () returned 0x1
[0095.348] GetThemeAppProperties () returned 0x3
[0095.348] GetThemeAppProperties () returned 0x3
[0095.348] IsAppThemed () returned 0x1
[0095.348] GetThemeAppProperties () returned 0x3
[0095.348] GetThemeAppProperties () returned 0x3
[0095.348] GetFocus () returned 0x102ce
[0095.350] IsAppThemed () returned 0x1
[0095.350] GetThemeAppProperties () returned 0x3
[0095.350] GetThemeAppProperties () returned 0x3
[0095.350] IsAppThemed () returned 0x1
[0095.350] GetThemeAppProperties () returned 0x3
[0095.350] GetThemeAppProperties () returned 0x3
[0095.350] IsThemePartDefined () returned 0x1
[0095.350] IsAppThemed () returned 0x1
[0095.350] GetThemeAppProperties () returned 0x3
[0095.350] GetThemeAppProperties () returned 0x3
[0095.350] IsThemeBackgroundPartiallyTransparent () returned 0x1
[0095.351] IsAppThemed () returned 0x1
[0095.351] GetThemeAppProperties () returned 0x3
[0095.351] GetThemeAppProperties () returned 0x3
[0095.351] IsAppThemed () returned 0x1
[0095.351] GetThemeAppProperties () returned 0x3
[0095.351] GetThemeAppProperties () returned 0x3
[0095.351] IsThemePartDefined () returned 0x1
[0095.351] GdipCreateRegion (region=0xb1ac80) returned 0x0
[0095.351] GdipGetClip (graphics=0x1c62e510, region=0x1c628a90) returned 0x0
[0095.351] GdipCreateMatrix (matrix=0xb1ac80) returned 0x0
[0095.351] GdipGetWorldTransform (graphics=0x1c62e510, matrix=0x1b40ef90) returned 0x0
[0095.351] GdipIsMatrixIdentity (matrix=0x1b40ef90, result=0xb1ace8) returned 0x0
[0095.351] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1d03b4b0
[0095.351] GdipGetMatrixElements (matrix=0x1b40ef90, matrixOut=0x1d03b4b0) returned 0x0
[0095.352] LocalFree (hMem=0x1d03b4b0) returned 0x0
[0095.352] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1d03b030
[0095.352] GdipGetMatrixElements (matrix=0x1b40ef90, matrixOut=0x1d03b030) returned 0x0
[0095.352] LocalFree (hMem=0x1d03b030) returned 0x0
[0095.352] GdipDeleteMatrix (matrix=0x1b40ef90) returned 0x0
[0095.352] GdipIsInfiniteRegion (region=0x1c628a90, graphics=0x1c62e510, result=0xb1ad50) returned 0x0
[0095.352] GdipIsInfiniteRegion (region=0x1c628a90, graphics=0x1c62e510, result=0xb1ad10) returned 0x0
[0095.352] GdipGetRegionHRgn (region=0x1c628a90, graphics=0x1c62e510, hRgn=0xb1ad10) returned 0x0
[0095.352] GdipDeleteRegion (region=0x1c628a90) returned 0x0
[0095.352] GdipGetDC (graphics=0x1c62e510, hdc=0xb1ad58) returned 0x0
[0095.352] GetCurrentObject (hdc=0x76010790, type=0x1) returned 0xb00017
[0095.352] GetCurrentObject (hdc=0x76010790, type=0x2) returned 0x900010
[0095.352] GetCurrentObject (hdc=0x76010790, type=0x7) returned 0x210507a8
[0095.352] GetCurrentObject (hdc=0x76010790, type=0x6) returned 0x8a01c2
[0095.352] SaveDC (hdc=0x76010790) returned 1
[0095.352] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xae0407b3
[0095.352] GetClipRgn (hdc=0x76010790, hrgn=0xae0407b3) returned 0
[0095.352] SelectClipRgn (hdc=0x76010790, hrgn=0x43040668) returned 2
[0095.353] DeleteObject (ho=0xae0407b3) returned 1
[0095.353] DeleteObject (ho=0x43040668) returned 1
[0095.353] OffsetViewportOrgEx (in: hdc=0x76010790, x=0, y=0, lppt=0x2833778 | out: lppt=0x2833778) returned 1
[0095.353] DrawThemeParentBackground () returned 0x0
[0095.353] GetWindowPlacement (in: hWnd=0x202c4, lpwndpl=0xb1a810 | out: lpwndpl=0xb1a810) returned 1
[0095.353] GetClientRect (in: hWnd=0x202c4, lpRect=0xb1a730 | out: lpRect=0xb1a730) returned 1
[0095.353] GetWindowTextLengthW (hWnd=0x202c4) returned 16
[0095.353] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0095.353] GetSystemMetrics (nIndex=42) returned 0
[0095.353] GetWindowTextW (in: hWnd=0x202c4, lpString=0xb1a470, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0095.353] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xd, wParam=0x11, lParam=0xb1a470) returned 0x10
[0095.354] GetClientRect (in: hWnd=0x202c4, lpRect=0xb1a4f8 | out: lpRect=0xb1a4f8) returned 1
[0095.355] GetCurrentObject (hdc=0x76010790, type=0x1) returned 0xb00017
[0095.355] GetCurrentObject (hdc=0x76010790, type=0x2) returned 0x900010
[0095.355] GetCurrentObject (hdc=0x76010790, type=0x7) returned 0x210507a8
[0095.355] GetCurrentObject (hdc=0x76010790, type=0x6) returned 0x8a01c2
[0095.355] SaveDC (hdc=0x76010790) returned 2
[0095.355] GetNearestColor (hdc=0x76010790, color=0xf0f0f0) returned 0xf0f0f0
[0095.355] CreateSolidBrush (color=0xf0f0f0) returned 0x801007c4
[0095.355] FillRect (hDC=0x76010790, lprc=0xb1a1e0, hbr=0x801007c4) returned 1
[0095.355] DeleteObject (ho=0x801007c4) returned 1
[0095.355] RestoreDC (hdc=0x76010790, nSavedDC=-1) returned 1
[0095.355] GetWindowTextLengthW (hWnd=0x202c4) returned 16
[0095.355] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0095.355] GetSystemMetrics (nIndex=42) returned 0
[0095.355] GetWindowTextW (in: hWnd=0x202c4, lpString=0xb1a3a0, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0095.355] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xd, wParam=0x11, lParam=0xb1a3a0) returned 0x10
[0095.356] GetClientRect (in: hWnd=0x202c4, lpRect=0xb1a428 | out: lpRect=0xb1a428) returned 1
[0095.356] GetCurrentObject (hdc=0x76010790, type=0x1) returned 0xb00017
[0095.356] GetCurrentObject (hdc=0x76010790, type=0x2) returned 0x900010
[0095.356] GetCurrentObject (hdc=0x76010790, type=0x7) returned 0x210507a8
[0095.356] GetCurrentObject (hdc=0x76010790, type=0x6) returned 0x8a01c2
[0095.356] SaveDC (hdc=0x76010790) returned 2
[0095.356] GetNearestColor (hdc=0x76010790, color=0xf0f0f0) returned 0xf0f0f0
[0095.356] CreateSolidBrush (color=0xf0f0f0) returned 0x811007c4
[0095.356] FillRect (hDC=0x76010790, lprc=0xb1a110, hbr=0x811007c4) returned 1
[0095.356] DeleteObject (ho=0x811007c4) returned 1
[0095.356] RestoreDC (hdc=0x76010790, nSavedDC=-1) returned 1
[0095.356] GetWindowTextLengthW (hWnd=0x202c4) returned 16
[0095.356] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0095.356] GetSystemMetrics (nIndex=42) returned 0
[0095.356] GetWindowTextW (in: hWnd=0x202c4, lpString=0xb1a3a0, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0095.357] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xd, wParam=0x11, lParam=0xb1a3a0) returned 0x10
[0095.419] RestoreDC (hdc=0x76010790, nSavedDC=-1) returned 1
[0095.419] GdipReleaseDC (graphics=0x1c62e510, hdc=0x76010790) returned 0x0
[0095.419] IsAppThemed () returned 0x1
[0095.419] GetThemeAppProperties () returned 0x3
[0095.419] GetThemeAppProperties () returned 0x3
[0095.419] IsAppThemed () returned 0x1
[0095.419] GetThemeAppProperties () returned 0x3
[0095.420] GetThemeAppProperties () returned 0x3
[0095.420] IsThemePartDefined () returned 0x1
[0095.420] GdipCreateRegion (region=0xb1ac00) returned 0x0
[0095.420] GdipGetClip (graphics=0x1c62e510, region=0x1c628a90) returned 0x0
[0095.420] GdipCreateMatrix (matrix=0xb1ac00) returned 0x0
[0095.420] GdipGetWorldTransform (graphics=0x1c62e510, matrix=0x1c6290f0) returned 0x0
[0095.420] GdipIsMatrixIdentity (matrix=0x1c6290f0, result=0xb1ac68) returned 0x0
[0095.420] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1d03b030
[0095.420] GdipGetMatrixElements (matrix=0x1c6290f0, matrixOut=0x1d03b030) returned 0x0
[0095.420] LocalFree (hMem=0x1d03b030) returned 0x0
[0095.420] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1d03b370
[0095.420] GdipGetMatrixElements (matrix=0x1c6290f0, matrixOut=0x1d03b370) returned 0x0
[0095.420] LocalFree (hMem=0x1d03b370) returned 0x0
[0095.420] GdipDeleteMatrix (matrix=0x1c6290f0) returned 0x0
[0095.420] GdipIsInfiniteRegion (region=0x1c628a90, graphics=0x1c62e510, result=0xb1acd0) returned 0x0
[0095.420] GdipIsInfiniteRegion (region=0x1c628a90, graphics=0x1c62e510, result=0xb1ac90) returned 0x0
[0095.420] GdipGetRegionHRgn (region=0x1c628a90, graphics=0x1c62e510, hRgn=0xb1ac90) returned 0x0
[0095.420] GdipDeleteRegion (region=0x1c628a90) returned 0x0
[0095.420] GdipGetDC (graphics=0x1c62e510, hdc=0xb1acd8) returned 0x0
[0095.420] GetCurrentObject (hdc=0x76010790, type=0x1) returned 0xb00017
[0095.420] GetCurrentObject (hdc=0x76010790, type=0x2) returned 0x900010
[0095.421] GetCurrentObject (hdc=0x76010790, type=0x7) returned 0x210507a8
[0095.421] GetCurrentObject (hdc=0x76010790, type=0x6) returned 0x8a01c2
[0095.421] SaveDC (hdc=0x76010790) returned 1
[0095.421] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x44040668
[0095.421] GetClipRgn (hdc=0x76010790, hrgn=0x44040668) returned 0
[0095.421] SelectClipRgn (hdc=0x76010790, hrgn=0xb00407b3) returned 2
[0095.421] DeleteObject (ho=0x44040668) returned 1
[0095.421] DeleteObject (ho=0xb00407b3) returned 1
[0095.421] OffsetViewportOrgEx (in: hdc=0x76010790, x=0, y=0, lppt=0x2834688 | out: lppt=0x2834688) returned 1
[0095.421] IsAppThemed () returned 0x1
[0095.421] GetThemeAppProperties () returned 0x3
[0095.421] GetThemeAppProperties () returned 0x3
[0095.421] DrawThemeBackground () returned 0x0
[0095.422] RestoreDC (hdc=0x76010790, nSavedDC=-1) returned 1
[0095.422] GdipReleaseDC (graphics=0x1c62e510, hdc=0x76010790) returned 0x0
[0095.422] GdipCreateRegion (region=0xb1ac00) returned 0x0
[0095.422] GdipGetClip (graphics=0x1c62e510, region=0x1c628a90) returned 0x0
[0095.422] GdipCreateMatrix (matrix=0xb1ac00) returned 0x0
[0095.422] GdipGetWorldTransform (graphics=0x1c62e510, matrix=0x1b40ef90) returned 0x0
[0095.422] GdipIsMatrixIdentity (matrix=0x1b40ef90, result=0xb1ac68) returned 0x0
[0095.422] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1d03b230
[0095.422] GdipGetMatrixElements (matrix=0x1b40ef90, matrixOut=0x1d03b230) returned 0x0
[0095.422] LocalFree (hMem=0x1d03b230) returned 0x0
[0095.422] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1d03af30
[0095.422] GdipGetMatrixElements (matrix=0x1b40ef90, matrixOut=0x1d03af30) returned 0x0
[0095.422] LocalFree (hMem=0x1d03af30) returned 0x0
[0095.422] GdipDeleteMatrix (matrix=0x1b40ef90) returned 0x0
[0095.422] GdipIsInfiniteRegion (region=0x1c628a90, graphics=0x1c62e510, result=0xb1acd0) returned 0x0
[0095.422] GdipIsInfiniteRegion (region=0x1c628a90, graphics=0x1c62e510, result=0xb1ac90) returned 0x0
[0095.422] GdipGetRegionHRgn (region=0x1c628a90, graphics=0x1c62e510, hRgn=0xb1ac90) returned 0x0
[0095.422] GdipDeleteRegion (region=0x1c628a90) returned 0x0
[0095.422] GdipGetDC (graphics=0x1c62e510, hdc=0xb1acd8) returned 0x0
[0095.423] GetCurrentObject (hdc=0x76010790, type=0x1) returned 0xb00017
[0095.423] GetCurrentObject (hdc=0x76010790, type=0x2) returned 0x900010
[0095.423] GetCurrentObject (hdc=0x76010790, type=0x7) returned 0x210507a8
[0095.423] GetCurrentObject (hdc=0x76010790, type=0x6) returned 0x8a01c2
[0095.423] SaveDC (hdc=0x76010790) returned 1
[0095.423] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xb10407b3
[0095.423] GetClipRgn (hdc=0x76010790, hrgn=0xb10407b3) returned 0
[0095.423] SelectClipRgn (hdc=0x76010790, hrgn=0x45040668) returned 2
[0095.423] DeleteObject (ho=0xb10407b3) returned 1
[0095.423] DeleteObject (ho=0x45040668) returned 1
[0095.423] OffsetViewportOrgEx (in: hdc=0x76010790, x=0, y=0, lppt=0x2834b60 | out: lppt=0x2834b60) returned 1
[0095.423] IsAppThemed () returned 0x1
[0095.423] GetThemeAppProperties () returned 0x3
[0095.423] GetThemeAppProperties () returned 0x3
[0095.423] GetThemeBackgroundContentRect () returned 0x0
[0095.423] RestoreDC (hdc=0x76010790, nSavedDC=-1) returned 1
[0095.424] GdipReleaseDC (graphics=0x1c62e510, hdc=0x76010790) returned 0x0
[0095.427] GdipCreateRegion (region=0xb1af50) returned 0x0
[0095.427] GdipGetClip (graphics=0x1c62e510, region=0x1c628a90) returned 0x0
[0095.430] GdipCloneRegion (region=0x1c628a90, cloneRegion=0xb1afb8) returned 0x0
[0095.433] GdipCombineRegionRectI (region=0x1c62e8e0, rect=0xb1afb0, combineMode=0x1) returned 0x0
[0095.433] GdipCombineRegionRectI (region=0x1c62e8e0, rect=0xb1afb0, combineMode=0x1) returned 0x0
[0095.434] GdipSetClipRegion (graphics=0x1c62e510, region=0x1c62e8e0, combineMode=0x0) returned 0x0
[0095.434] GdipGetImageWidth (image=0x1c629560, width=0xb1afb8) returned 0x0
[0095.435] GdipGetImageHeight (image=0x1c629560, height=0xb1afb8) returned 0x0
[0095.436] GdipDrawImageRectI (graphics=0x1c62e510, image=0x1c629560, x=4, y=4, width=16, height=16) returned 0x0
[0095.436] GdipSetClipRegion (graphics=0x1c62e510, region=0x1c628a90, combineMode=0x0) returned 0x0
[0095.436] IsAppThemed () returned 0x1
[0095.436] GetThemeAppProperties () returned 0x3
[0095.436] GetThemeAppProperties () returned 0x3
[0095.436] GdipGetTextRenderingHint (graphics=0x1c62e510, mode=0xb1aea8) returned 0x0
[0095.436] GdipGetDC (graphics=0x1c62e510, hdc=0xb1ae88) returned 0x0
[0095.436] GetCurrentObject (hdc=0x76010790, type=0x1) returned 0xb00017
[0095.436] GetCurrentObject (hdc=0x76010790, type=0x2) returned 0x900010
[0095.436] GetCurrentObject (hdc=0x76010790, type=0x7) returned 0x210507a8
[0095.436] GetCurrentObject (hdc=0x76010790, type=0x6) returned 0x8a01c2
[0095.437] SaveDC (hdc=0x76010790) returned 1
[0095.437] GetTextAlign (hdc=0x76010790) returned 0x0
[0095.437] GetTextColor (hdc=0x76010790) returned 0x0
[0095.437] GetCurrentObject (hdc=0x76010790, type=0x6) returned 0x8a01c2
[0095.437] GetObjectW (in: h=0x8a01c2, c=92, pv=0xb1a990 | out: pv=0xb1a990) returned 92
[0095.437] SelectObject (hdc=0x76010790, h=0x40a07da) returned 0x8a01c2
[0095.437] GetBkMode (hdc=0x76010790) returned 2
[0095.437] SetBkMode (hdc=0x76010790, mode=1) returned 2
[0095.437] DrawTextExW (in: hdc=0x76010790, lpchText="&Details", cchText=8, lprc=0xb1ac00, format=0x102415, lpdtp=0x2835198 | out: lpchText="&Details", lprc=0xb1ac00) returned 13
[0095.437] DrawTextExW (in: hdc=0x76010790, lpchText="&Details", cchText=8, lprc=0xb1ae18, format=0x102015, lpdtp=0x2835198 | out: lpchText="&Details", lprc=0xb1ae18) returned 13
[0095.439] RestoreDC (hdc=0x76010790, nSavedDC=-1) returned 1
[0095.439] GdipReleaseDC (graphics=0x1c62e510, hdc=0x76010790) returned 0x0
[0095.439] GetFocus () returned 0x102ce
[0095.440] IsAppThemed () returned 0x1
[0095.440] GetThemeAppProperties () returned 0x3
[0095.440] GetThemeAppProperties () returned 0x3
[0095.440] GdipGetDC (graphics=0x1c62e510, hdc=0xb1b1a8) returned 0x0
[0095.440] BitBlt (hdc=0xd0104fe, x=0, y=0, cx=100, cy=23, hdcSrc=0x76010790, x1=0, y1=0, rop=0xcc0020) returned 1
[0095.440] GdipReleaseDC (graphics=0x1c62e510, hdc=0x76010790) returned 0x0
[0095.440] SelectPalette (hdc=0xd0104fe, hPal=0x88000b, bForceBkgd=0) returned 0x630807c0
[0095.440] SelectObject (hdc=0x76010790, h=0x85000f) returned 0x210507a8
[0095.440] DeleteDC (hdc=0x76010790) returned 1
[0095.440] GdipDeleteGraphics (graphics=0x1c62e510) returned 0x0
[0095.440] EndPaint (hWnd=0x102ce, lpPaint=0xb1b188) returned 1
[0095.440] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.441] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x1, lParam=0x60) returned 0x0
[0095.441] IsWindowUnicode (hWnd=0x18001c) returned 1
[0095.441] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.441] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0095.441] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0095.441] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.441] IsWindowUnicode (hWnd=0x18001c) returned 1
[0095.441] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.441] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0095.442] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0095.443] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.443] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x2, lParam=0x60) returned 0x0
[0095.443] IsWindowUnicode (hWnd=0x18001c) returned 1
[0095.443] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.444] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0095.444] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0095.444] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.444] IsWindowUnicode (hWnd=0x18001c) returned 1
[0095.444] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.444] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0095.444] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0095.445] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.445] IsWindowUnicode (hWnd=0x18001c) returned 1
[0095.445] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.445] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0095.445] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0095.445] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.445] IsWindowUnicode (hWnd=0x18001c) returned 1
[0095.445] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.445] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0095.445] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0095.446] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.446] IsWindowUnicode (hWnd=0x18001c) returned 1
[0095.446] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.446] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0095.446] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0095.446] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.446] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x84, wParam=0x0, lParam=0x1de031d) returned 0x1
[0095.446] IsWindowUnicode (hWnd=0x102d0) returned 1
[0095.446] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.446] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x84, wParam=0x0, lParam=0x1de031d) returned 0x1
[0095.447] GetDlgItem (hDlg=0x202c4, nIDDlgItem=0) returned 0x0
[0095.447] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x210, wParam=0x201, lParam=0x630128) returned 0x0
[0095.447] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x21, wParam=0x202c4, lParam=0x2010001) returned 0x1
[0095.447] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x21, wParam=0x202c4, lParam=0x2010001) returned 0x1
[0095.447] SetCursor (hCursor=0x10003) returned 0x10003
[0095.447] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0095.447] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0095.447] GetKeyState (nVirtKey=1) returned -127
[0095.447] GetKeyState (nVirtKey=2) returned 0
[0095.447] GetKeyState (nVirtKey=4) returned 0
[0095.447] GetKeyState (nVirtKey=5) returned 0
[0095.447] GetKeyState (nVirtKey=6) returned 0
[0095.447] IsWindowVisible (hWnd=0x102d0) returned 1
[0095.447] IsWindowEnabled (hWnd=0x102d0) returned 1
[0095.447] SetFocus (hWnd=0x102d0) returned 0x102ce
[0095.450] GetFocus () returned 0x102d0
[0095.450] IsChild (hWndParent=0x202c4, hWnd=0x102d0) returned 1
[0095.450] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0x8, wParam=0x102d0, lParam=0x0) returned 0x0
[0095.451] GetCapture () returned 0x0
[0095.451] InvalidateRect (hWnd=0x102ce, lpRect=0x0, bErase=0) returned 1
[0095.451] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0x281, wParam=0x0, lParam=0xc000000f) returned 0x0
[0095.453] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0
[0095.454] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0095.468] InvalidateRect (hWnd=0x102ce, lpRect=0x0, bErase=0) returned 1
[0095.468] InvalidateRect (hWnd=0x102d0, lpRect=0x0, bErase=0) returned 1
[0095.468] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x7, wParam=0x102ce, lParam=0x0) returned 0x0
[0095.468] GetStockObject (i=5) returned 0x900015
[0095.468] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9
[0095.468] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0xd, wParam=0xa, lParam=0x1d046770) returned 0x9
[0095.468] GetDlgItem (hDlg=0x202c4, nIDDlgItem=66256) returned 0x102d0
[0095.468] SendMessageW (hWnd=0x102d0, Msg=0x202b, wParam=0x102d0, lParam=0xb1a8f0) returned 0x0
[0095.468] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x202b, wParam=0x102d0, lParam=0xb1a8f0) returned 0x0
[0095.468] InvalidateRect (hWnd=0x102d0, lpRect=0x0, bErase=0) returned 1
[0095.470] GetFocus () returned 0x102d0
[0095.470] GetFocus () returned 0x102d0
[0095.471] GetFocus () returned 0x102d0
[0095.471] GetKeyState (nVirtKey=1) returned -127
[0095.471] GetKeyState (nVirtKey=2) returned 0
[0095.471] GetKeyState (nVirtKey=4) returned 0
[0095.471] GetKeyState (nVirtKey=5) returned 0
[0095.471] GetKeyState (nVirtKey=6) returned 0
[0095.471] GetCapture () returned 0x0
[0095.471] SetCapture (hWnd=0x102d0) returned 0x0
[0095.471] GetKeyState (nVirtKey=1) returned -127
[0095.471] GetKeyState (nVirtKey=2) returned 0
[0095.471] GetKeyState (nVirtKey=4) returned 0
[0095.471] GetKeyState (nVirtKey=5) returned 0
[0095.471] GetKeyState (nVirtKey=6) returned 0
[0095.471] NotifyWinEvent (event=0x800a, hwnd=0x102d0, idObject=-4, idChild=0)
[0095.472] InvalidateRect (hWnd=0x102d0, lpRect=0xb1b470, bErase=0) returned 1
[0095.472] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.472] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x0, lParam=0x60) returned 0x0
[0095.472] IsWindowUnicode (hWnd=0x102d0) returned 1
[0095.472] GetMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.472] TranslateMessage (lpMsg=0xb1bbc0) returned 0
[0095.472] DispatchMessageW (lpMsg=0xb1bbc0) returned 0x0
[0095.472] MapWindowPoints (in: hWndFrom=0x102d0, hWndTo=0x0, lpPoints=0x2835488, cPoints=0x1 | out: lpPoints=0x2835488) returned 30999254
[0095.472] NotifyWinEvent (event=0x800a, hwnd=0x102d0, idObject=-4, idChild=0)
[0095.472] InvalidateRect (hWnd=0x102d0, lpRect=0xb1b3f0, bErase=0) returned 1
[0095.473] UpdateWindow (hWnd=0x102d0) returned 1
[0095.473] BeginPaint (in: hWnd=0x102d0, lpPaint=0xb1aaf8 | out: lpPaint=0xb1aaf8) returned 0xf0105ee
[0095.473] SelectPalette (hdc=0xf0105ee, hPal=0x630807c0, bForceBkgd=1) returned 0x88000b
[0095.473] CreateCompatibleDC (hdc=0xf0105ee) returned 0x1a01079b
[0095.473] SelectObject (hdc=0x1a01079b, h=0x210507a8) returned 0x85000f
[0095.473] GdipCreateFromHDC (hdc=0x1a01079b, graphics=0xb1aa78) returned 0x0
[0095.473] GdipTranslateWorldTransform (graphics=0x1c62e510, dx=0x7ffcc71dec22, dy=0x4ca1bf869dac, order=0x0) returned 0x0
[0095.473] GdipSetClipRectI (graphics=0x1c62e510, x=0, y=0, width=100, height=23, combineMode=0x0) returned 0x0
[0095.473] GdipCreateMatrix (matrix=0xb1aaa0) returned 0x0
[0095.473] GdipGetWorldTransform (graphics=0x1c62e510, matrix=0x1c62e9a0) returned 0x0
[0095.473] GdipIsMatrixIdentity (matrix=0x1c62e9a0, result=0xb1ab08) returned 0x0
[0095.473] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1d03bbf0
[0095.474] GdipGetMatrixElements (matrix=0x1c62e9a0, matrixOut=0x1d03bbf0) returned 0x0
[0095.474] LocalFree (hMem=0x1d03bbf0) returned 0x0
[0095.474] GdipDeleteMatrix (matrix=0x1c62e9a0) returned 0x0
[0095.474] GdipCreateRegion (region=0xb1aaa0) returned 0x0
[0095.474] GdipGetClip (graphics=0x1c62e510, region=0x1c627350) returned 0x0
[0095.474] GdipIsInfiniteRegion (region=0x1c627350, graphics=0x1c62e510, result=0xb1ab00) returned 0x0
[0095.474] GdipSaveGraphics (graphics=0x1c62e510, state=0xb1aba0) returned 0x0
[0095.474] GdipRestoreGraphics (graphics=0x1c62e510, state=0xfffffffffdae0dbd) returned 0x0
[0095.474] GdipDeleteRegion (region=0x1c627350) returned 0x0
[0095.477] GdipGetDC (graphics=0x1c62e510, hdc=0xb1a818) returned 0x0
[0095.477] GetCurrentObject (hdc=0x1a01079b, type=0x1) returned 0xb00017
[0095.477] GetCurrentObject (hdc=0x1a01079b, type=0x2) returned 0x900010
[0095.477] GetCurrentObject (hdc=0x1a01079b, type=0x7) returned 0x210507a8
[0095.477] GetCurrentObject (hdc=0x1a01079b, type=0x6) returned 0x8a01c2
[0095.477] SaveDC (hdc=0x1a01079b) returned 1
[0095.477] GetNearestColor (hdc=0x1a01079b, color=0xf0f0f0) returned 0xf0f0f0
[0095.477] GetNearestColor (hdc=0x1a01079b, color=0xa0a0a0) returned 0xa0a0a0
[0095.477] GetNearestColor (hdc=0x1a01079b, color=0x696969) returned 0x696969
[0095.477] GetNearestColor (hdc=0x1a01079b, color=0xa0a0a0) returned 0xa0a0a0
[0095.477] GetNearestColor (hdc=0x1a01079b, color=0x0) returned 0x0
[0095.477] GetNearestColor (hdc=0x1a01079b, color=0xffffff) returned 0xffffff
[0095.477] GetNearestColor (hdc=0x1a01079b, color=0xe5e5e5) returned 0xe5e5e5
[0095.478] GetNearestColor (hdc=0x1a01079b, color=0xd8d8d8) returned 0xd8d8d8
[0095.478] GetNearestColor (hdc=0x1a01079b, color=0x0) returned 0x0
[0095.478] RestoreDC (hdc=0x1a01079b, nSavedDC=-1) returned 1
[0095.478] GdipReleaseDC (graphics=0x1c62e510, hdc=0x1a01079b) returned 0x0
[0095.478] IsAppThemed () returned 0x1
[0095.478] GetThemeAppProperties () returned 0x3
[0095.478] GetThemeAppProperties () returned 0x3
[0095.478] SystemParametersInfoW (in: uiAction=0x100a, uiParam=0x0, pvParam=0xb1a8a8, fWinIni=0x0 | out: pvParam=0xb1a8a8) returned 1
[0095.478] SendMessageW (hWnd=0x202c4, Msg=0x127, wParam=0x30001, lParam=0x0) returned 0x0
[0095.478] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x127, wParam=0x30001, lParam=0x0) returned 0x0
[0095.478] IsAppThemed () returned 0x1
[0095.478] GetThemeAppProperties () returned 0x3
[0095.478] GetThemeAppProperties () returned 0x3
[0095.479] DrawTextExW (in: hdc=0xb0107d8, lpchText="&Continue", cchText=9, lprc=0xb1a558, format=0x102415, lpdtp=0x2836078 | out: lpchText="&Continue", lprc=0xb1a558) returned 13
[0095.479] IsAppThemed () returned 0x1
[0095.479] GetThemeAppProperties () returned 0x3
[0095.479] GetThemeAppProperties () returned 0x3
[0095.479] IsAppThemed () returned 0x1
[0095.479] GetThemeAppProperties () returned 0x3
[0095.479] GetThemeAppProperties () returned 0x3
[0095.480] IsAppThemed () returned 0x1
[0095.480] GetThemeAppProperties () returned 0x3
[0095.480] GetThemeAppProperties () returned 0x3
[0095.480] IsAppThemed () returned 0x1
[0095.480] GetThemeAppProperties () returned 0x3
[0095.480] GetThemeAppProperties () returned 0x3
[0095.480] IsThemePartDefined () returned 0x1
[0095.480] IsAppThemed () returned 0x1
[0095.480] GetThemeAppProperties () returned 0x3
[0095.480] GetThemeAppProperties () returned 0x3
[0095.480] IsThemeBackgroundPartiallyTransparent () returned 0x1
[0095.480] IsAppThemed () returned 0x1
[0095.480] GetThemeAppProperties () returned 0x3
[0095.480] GetThemeAppProperties () returned 0x3
[0095.480] IsAppThemed () returned 0x1
[0095.480] GetThemeAppProperties () returned 0x3
[0095.480] GetThemeAppProperties () returned 0x3
[0095.480] IsThemePartDefined () returned 0x1
[0095.480] GdipCreateRegion (region=0xb1a590) returned 0x0
[0095.480] GdipGetClip (graphics=0x1c62e510, region=0x1c627350) returned 0x0
[0095.480] GdipCreateMatrix (matrix=0xb1a590) returned 0x0
[0095.480] GdipGetWorldTransform (graphics=0x1c62e510, matrix=0x1b40ef90) returned 0x0
[0095.480] GdipIsMatrixIdentity (matrix=0x1b40ef90, result=0xb1a5f8) returned 0x0
[0095.480] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1d03b770
[0095.481] GdipGetMatrixElements (matrix=0x1b40ef90, matrixOut=0x1d03b770) returned 0x0
[0095.481] LocalFree (hMem=0x1d03b770) returned 0x0
[0095.481] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1d03b770
[0095.481] GdipGetMatrixElements (matrix=0x1b40ef90, matrixOut=0x1d03b770) returned 0x0
[0095.481] LocalFree (hMem=0x1d03b770) returned 0x0
[0095.481] GdipDeleteMatrix (matrix=0x1b40ef90) returned 0x0
[0095.481] GdipIsInfiniteRegion (region=0x1c627350, graphics=0x1c62e510, result=0xb1a660) returned 0x0
[0095.481] GdipIsInfiniteRegion (region=0x1c627350, graphics=0x1c62e510, result=0xb1a620) returned 0x0
[0095.481] GdipGetRegionHRgn (region=0x1c627350, graphics=0x1c62e510, hRgn=0xb1a620) returned 0x0
[0095.481] GdipDeleteRegion (region=0x1c627350) returned 0x0
[0095.481] GdipGetDC (graphics=0x1c62e510, hdc=0xb1a668) returned 0x0
[0095.481] GetCurrentObject (hdc=0x1a01079b, type=0x1) returned 0xb00017
[0095.481] GetCurrentObject (hdc=0x1a01079b, type=0x2) returned 0x900010
[0095.481] GetCurrentObject (hdc=0x1a01079b, type=0x7) returned 0x210507a8
[0095.481] GetCurrentObject (hdc=0x1a01079b, type=0x6) returned 0x8a01c2
[0095.481] SaveDC (hdc=0x1a01079b) returned 1
[0095.481] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x46040668
[0095.481] GetClipRgn (hdc=0x1a01079b, hrgn=0x46040668) returned 0
[0095.481] SelectClipRgn (hdc=0x1a01079b, hrgn=0xb50407b3) returned 2
[0095.481] DeleteObject (ho=0x46040668) returned 1
[0095.482] DeleteObject (ho=0xb50407b3) returned 1
[0095.482] OffsetViewportOrgEx (in: hdc=0x1a01079b, x=0, y=0, lppt=0x2836a60 | out: lppt=0x2836a60) returned 1
[0095.482] DrawThemeParentBackground () returned 0x0
[0095.482] GetWindowPlacement (in: hWnd=0x202c4, lpwndpl=0xb1a120 | out: lpwndpl=0xb1a120) returned 1
[0095.482] GetClientRect (in: hWnd=0x202c4, lpRect=0xb1a040 | out: lpRect=0xb1a040) returned 1
[0095.482] GetWindowTextLengthW (hWnd=0x202c4) returned 16
[0095.482] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0095.482] GetSystemMetrics (nIndex=42) returned 0
[0095.482] GetWindowTextW (in: hWnd=0x202c4, lpString=0xb19d80, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0095.482] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xd, wParam=0x11, lParam=0xb19d80) returned 0x10
[0095.482] GetClientRect (in: hWnd=0x202c4, lpRect=0xb19e08 | out: lpRect=0xb19e08) returned 1
[0095.482] GetCurrentObject (hdc=0x1a01079b, type=0x1) returned 0xb00017
[0095.482] GetCurrentObject (hdc=0x1a01079b, type=0x2) returned 0x900010
[0095.482] GetCurrentObject (hdc=0x1a01079b, type=0x7) returned 0x210507a8
[0095.482] GetCurrentObject (hdc=0x1a01079b, type=0x6) returned 0x8a01c2
[0095.482] SaveDC (hdc=0x1a01079b) returned 2
[0095.482] GetNearestColor (hdc=0x1a01079b, color=0xf0f0f0) returned 0xf0f0f0
[0095.482] CreateSolidBrush (color=0xf0f0f0) returned 0x821007c4
[0095.482] FillRect (hDC=0x1a01079b, lprc=0xb19af0, hbr=0x821007c4) returned 1
[0095.483] DeleteObject (ho=0x821007c4) returned 1
[0095.483] RestoreDC (hdc=0x1a01079b, nSavedDC=-1) returned 1
[0095.483] GetWindowTextLengthW (hWnd=0x202c4) returned 16
[0095.483] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0095.483] GetSystemMetrics (nIndex=42) returned 0
[0095.483] GetWindowTextW (in: hWnd=0x202c4, lpString=0xb19cb0, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0095.483] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xd, wParam=0x11, lParam=0xb19cb0) returned 0x10
[0095.483] GetClientRect (in: hWnd=0x202c4, lpRect=0xb19d38 | out: lpRect=0xb19d38) returned 1
[0095.483] GetCurrentObject (hdc=0x1a01079b, type=0x1) returned 0xb00017
[0095.483] GetCurrentObject (hdc=0x1a01079b, type=0x2) returned 0x900010
[0095.483] GetCurrentObject (hdc=0x1a01079b, type=0x7) returned 0x210507a8
[0095.483] GetCurrentObject (hdc=0x1a01079b, type=0x6) returned 0x8a01c2
[0095.483] SaveDC (hdc=0x1a01079b) returned 2
[0095.483] GetNearestColor (hdc=0x1a01079b, color=0xf0f0f0) returned 0xf0f0f0
[0095.483] CreateSolidBrush (color=0xf0f0f0) returned 0x831007c4
[0095.483] FillRect (hDC=0x1a01079b, lprc=0xb19a20, hbr=0x831007c4) returned 1
[0095.483] DeleteObject (ho=0x831007c4) returned 1
[0095.483] RestoreDC (hdc=0x1a01079b, nSavedDC=-1) returned 1
[0095.484] GetWindowTextLengthW (hWnd=0x202c4) returned 16
[0095.484] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0095.484] GetSystemMetrics (nIndex=42) returned 0
[0095.484] GetWindowTextW (in: hWnd=0x202c4, lpString=0xb19cb0, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0095.484] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xd, wParam=0x11, lParam=0xb19cb0) returned 0x10
[0095.484] RestoreDC (hdc=0x1a01079b, nSavedDC=-1) returned 1
[0095.484] GdipReleaseDC (graphics=0x1c62e510, hdc=0x1a01079b) returned 0x0
[0095.484] IsAppThemed () returned 0x1
[0095.484] GetThemeAppProperties () returned 0x3
[0095.484] GetThemeAppProperties () returned 0x3
[0095.484] IsAppThemed () returned 0x1
[0095.484] GetThemeAppProperties () returned 0x3
[0095.484] GetThemeAppProperties () returned 0x3
[0095.484] IsThemePartDefined () returned 0x1
[0095.484] GdipCreateRegion (region=0xb1a510) returned 0x0
[0095.484] GdipGetClip (graphics=0x1c62e510, region=0x1c627350) returned 0x0
[0095.484] GdipCreateMatrix (matrix=0xb1a510) returned 0x0
[0095.484] GdipGetWorldTransform (graphics=0x1c62e510, matrix=0x1c62e9a0) returned 0x0
[0095.484] GdipIsMatrixIdentity (matrix=0x1c62e9a0, result=0xb1a578) returned 0x0
[0095.484] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1d03af30
[0095.484] GdipGetMatrixElements (matrix=0x1c62e9a0, matrixOut=0x1d03af30) returned 0x0
[0095.484] LocalFree (hMem=0x1d03af30) returned 0x0
[0095.485] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1d03ba70
[0095.485] GdipGetMatrixElements (matrix=0x1c62e9a0, matrixOut=0x1d03ba70) returned 0x0
[0095.485] LocalFree (hMem=0x1d03ba70) returned 0x0
[0095.485] GdipDeleteMatrix (matrix=0x1c62e9a0) returned 0x0
[0095.485] GdipIsInfiniteRegion (region=0x1c627350, graphics=0x1c62e510, result=0xb1a5e0) returned 0x0
[0095.485] GdipIsInfiniteRegion (region=0x1c627350, graphics=0x1c62e510, result=0xb1a5a0) returned 0x0
[0095.485] GdipGetRegionHRgn (region=0x1c627350, graphics=0x1c62e510, hRgn=0xb1a5a0) returned 0x0
[0095.485] GdipDeleteRegion (region=0x1c627350) returned 0x0
[0095.485] GdipGetDC (graphics=0x1c62e510, hdc=0xb1a5e8) returned 0x0
[0095.485] GetCurrentObject (hdc=0x1a01079b, type=0x1) returned 0xb00017
[0095.485] GetCurrentObject (hdc=0x1a01079b, type=0x2) returned 0x900010
[0095.485] GetCurrentObject (hdc=0x1a01079b, type=0x7) returned 0x210507a8
[0095.485] GetCurrentObject (hdc=0x1a01079b, type=0x6) returned 0x8a01c2
[0095.485] SaveDC (hdc=0x1a01079b) returned 1
[0095.485] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xb60407b3
[0095.485] GetClipRgn (hdc=0x1a01079b, hrgn=0xb60407b3) returned 0
[0095.485] SelectClipRgn (hdc=0x1a01079b, hrgn=0x48040668) returned 2
[0095.485] DeleteObject (ho=0xb60407b3) returned 1
[0095.485] DeleteObject (ho=0x48040668) returned 1
[0095.485] OffsetViewportOrgEx (in: hdc=0x1a01079b, x=0, y=0, lppt=0x2837970 | out: lppt=0x2837970) returned 1
[0095.486] IsAppThemed () returned 0x1
[0095.486] GetThemeAppProperties () returned 0x3
[0095.486] GetThemeAppProperties () returned 0x3
[0095.486] DrawThemeBackground () returned 0x0
[0095.486] RestoreDC (hdc=0x1a01079b, nSavedDC=-1) returned 1
[0095.486] GdipReleaseDC (graphics=0x1c62e510, hdc=0x1a01079b) returned 0x0
[0095.486] GdipCreateRegion (region=0xb1a510) returned 0x0
[0095.486] GdipGetClip (graphics=0x1c62e510, region=0x1c627350) returned 0x0
[0095.486] GdipCreateMatrix (matrix=0xb1a510) returned 0x0
[0095.486] GdipGetWorldTransform (graphics=0x1c62e510, matrix=0x1b40ef90) returned 0x0
[0095.486] GdipIsMatrixIdentity (matrix=0x1b40ef90, result=0xb1a578) returned 0x0
[0095.486] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1d03ba70
[0095.486] GdipGetMatrixElements (matrix=0x1b40ef90, matrixOut=0x1d03ba70) returned 0x0
[0095.486] LocalFree (hMem=0x1d03ba70) returned 0x0
[0095.486] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1d03b230
[0095.486] GdipGetMatrixElements (matrix=0x1b40ef90, matrixOut=0x1d03b230) returned 0x0
[0095.486] LocalFree (hMem=0x1d03b230) returned 0x0
[0095.486] GdipDeleteMatrix (matrix=0x1b40ef90) returned 0x0
[0095.486] GdipIsInfiniteRegion (region=0x1c627350, graphics=0x1c62e510, result=0xb1a5e0) returned 0x0
[0095.486] GdipIsInfiniteRegion (region=0x1c627350, graphics=0x1c62e510, result=0xb1a5a0) returned 0x0
[0095.486] GdipGetRegionHRgn (region=0x1c627350, graphics=0x1c62e510, hRgn=0xb1a5a0) returned 0x0
[0095.487] GdipDeleteRegion (region=0x1c627350) returned 0x0
[0095.487] GdipGetDC (graphics=0x1c62e510, hdc=0xb1a5e8) returned 0x0
[0095.487] GetCurrentObject (hdc=0x1a01079b, type=0x1) returned 0xb00017
[0095.487] GetCurrentObject (hdc=0x1a01079b, type=0x2) returned 0x900010
[0095.487] GetCurrentObject (hdc=0x1a01079b, type=0x7) returned 0x210507a8
[0095.487] GetCurrentObject (hdc=0x1a01079b, type=0x6) returned 0x8a01c2
[0095.487] SaveDC (hdc=0x1a01079b) returned 1
[0095.487] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x49040668
[0095.487] GetClipRgn (hdc=0x1a01079b, hrgn=0x49040668) returned 0
[0095.487] SelectClipRgn (hdc=0x1a01079b, hrgn=0xb70407b3) returned 2
[0095.487] DeleteObject (ho=0x49040668) returned 1
[0095.487] DeleteObject (ho=0xb70407b3) returned 1
[0095.487] OffsetViewportOrgEx (in: hdc=0x1a01079b, x=0, y=0, lppt=0x2837e48 | out: lppt=0x2837e48) returned 1
[0095.487] IsAppThemed () returned 0x1
[0095.487] GetThemeAppProperties () returned 0x3
[0095.487] GetThemeAppProperties () returned 0x3
[0095.487] GetThemeBackgroundContentRect () returned 0x0
[0095.487] RestoreDC (hdc=0x1a01079b, nSavedDC=-1) returned 1
[0095.487] GdipReleaseDC (graphics=0x1c62e510, hdc=0x1a01079b) returned 0x0
[0095.488] IsAppThemed () returned 0x1
[0095.488] GetThemeAppProperties () returned 0x3
[0095.488] GetThemeAppProperties () returned 0x3
[0095.488] GdipGetTextRenderingHint (graphics=0x1c62e510, mode=0xb1a7b8) returned 0x0
[0095.488] GdipGetDC (graphics=0x1c62e510, hdc=0xb1a798) returned 0x0
[0095.488] GetCurrentObject (hdc=0x1a01079b, type=0x1) returned 0xb00017
[0095.488] GetCurrentObject (hdc=0x1a01079b, type=0x2) returned 0x900010
[0095.488] GetCurrentObject (hdc=0x1a01079b, type=0x7) returned 0x210507a8
[0095.488] GetCurrentObject (hdc=0x1a01079b, type=0x6) returned 0x8a01c2
[0095.488] SaveDC (hdc=0x1a01079b) returned 1
[0095.488] GetTextAlign (hdc=0x1a01079b) returned 0x0
[0095.488] GetTextColor (hdc=0x1a01079b) returned 0x0
[0095.488] GetCurrentObject (hdc=0x1a01079b, type=0x6) returned 0x8a01c2
[0095.488] GetObjectW (in: h=0x8a01c2, c=92, pv=0xb1a2a0 | out: pv=0xb1a2a0) returned 92
[0095.488] SelectObject (hdc=0x1a01079b, h=0x40a07da) returned 0x8a01c2
[0095.489] GetBkMode (hdc=0x1a01079b) returned 2
[0095.489] SetBkMode (hdc=0x1a01079b, mode=1) returned 2
[0095.489] DrawTextExW (in: hdc=0x1a01079b, lpchText="&Continue", cchText=9, lprc=0xb1a510, format=0x102415, lpdtp=0x2838440 | out: lpchText="&Continue", lprc=0xb1a510) returned 13
[0095.489] DrawTextExW (in: hdc=0x1a01079b, lpchText="&Continue", cchText=9, lprc=0xb1a728, format=0x102015, lpdtp=0x2838440 | out: lpchText="&Continue", lprc=0xb1a728) returned 13
[0095.489] RestoreDC (hdc=0x1a01079b, nSavedDC=-1) returned 1
[0095.489] GdipReleaseDC (graphics=0x1c62e510, hdc=0x1a01079b) returned 0x0
[0095.489] GetFocus () returned 0x102d0
[0095.489] SystemParametersInfoW (in: uiAction=0x100a, uiParam=0x0, pvParam=0xb1a908, fWinIni=0x0 | out: pvParam=0xb1a908) returned 1
[0095.489] SendMessageW (hWnd=0x202c4, Msg=0x127, wParam=0x30001, lParam=0x0) returned 0x0
[0095.489] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x127, wParam=0x30001, lParam=0x0) returned 0x0
[0095.489] IsAppThemed () returned 0x1
[0095.490] GetThemeAppProperties () returned 0x3
[0095.490] GetThemeAppProperties () returned 0x3
[0095.490] GdipGetDC (graphics=0x1c62e510, hdc=0xb1aab8) returned 0x0
[0095.490] BitBlt (hdc=0xf0105ee, x=0, y=0, cx=100, cy=23, hdcSrc=0x1a01079b, x1=0, y1=0, rop=0xcc0020) returned 1
[0095.490] GdipReleaseDC (graphics=0x1c62e510, hdc=0x1a01079b) returned 0x0
[0095.490] SelectPalette (hdc=0xf0105ee, hPal=0x88000b, bForceBkgd=0) returned 0x630807c0
[0095.490] SelectObject (hdc=0x1a01079b, h=0x85000f) returned 0x210507a8
[0095.490] DeleteDC (hdc=0x1a01079b) returned 1
[0095.490] GdipDeleteGraphics (graphics=0x1c62e510) returned 0x0
[0095.490] EndPaint (hWnd=0x102d0, lpPaint=0xb1aa98) returned 1
[0095.490] MapWindowPoints (in: hWndFrom=0x102d0, hWndTo=0x0, lpPoints=0x28385a8, cPoints=0x1 | out: lpPoints=0x28385a8) returned 30999254
[0095.490] WindowFromPoint (Point=0x1de0000031d) returned 0x102d0
[0095.490] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x84, wParam=0x0, lParam=0x1de031d) returned 0x1
[0095.491] NotifyWinEvent (event=0x800a, hwnd=0x102d0, idObject=-4, idChild=0)
[0095.491] NotifyWinEvent (event=0x800c, hwnd=0x102d0, idObject=-4, idChild=0)
[0095.491] GetCapture () returned 0x102d0
[0095.492] ReleaseCapture () returned 1
[0095.492] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0
[0095.492] PeekMessageW (in: lpMsg=0xb1bbc0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1bbc0) returned 1
[0095.492] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x84, wParam=0x0, lParam=0x1de031d) returned 0x1
[0095.497] IsWindow (hWnd=0x70036) returned 1
[0095.497] EnableWindow (hWnd=0x70036, bEnable=1) returned 1
[0095.498] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0xa, wParam=0x1, lParam=0x0) returned 0x0
[0095.498] IsWindow (hWnd=0x202c4) returned 1
[0095.498] SetActiveWindow (hWnd=0x202c4) returned 0x202c4
[0095.498] IsWindow (hWnd=0x202c4) returned 1
[0095.498] SetFocus (hWnd=0x202c4) returned 0x102d0
[0095.499] GetFocus () returned 0x202c4
[0095.499] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x8, wParam=0x202c4, lParam=0x0) returned 0x0
[0095.499] GetCapture () returned 0x0
[0095.499] InvalidateRect (hWnd=0x102d0, lpRect=0x0, bErase=0) returned 1
[0095.500] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x281, wParam=0x0, lParam=0xc000000f) returned 0x0
[0095.501] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0
[0095.502] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0095.502] GetFocus () returned 0x202c4
[0095.502] SetFocus (hWnd=0x102d0) returned 0x202c4
[0095.502] GetFocus () returned 0x102d0
[0095.502] IsChild (hWndParent=0x202c4, hWnd=0x102d0) returned 1
[0095.502] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x8, wParam=0x102d0, lParam=0x0) returned 0x0
[0095.503] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x281, wParam=0x0, lParam=0xc000000f) returned 0x0
[0095.504] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0
[0095.505] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0095.505] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x7, wParam=0x202c4, lParam=0x0) returned 0x0
[0095.505] GetStockObject (i=5) returned 0x900015
[0095.505] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9
[0095.506] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0xd, wParam=0xa, lParam=0x1d046bf0) returned 0x9
[0095.506] GetDlgItem (hDlg=0x202c4, nIDDlgItem=66256) returned 0x102d0
[0095.506] SendMessageW (hWnd=0x102d0, Msg=0x202b, wParam=0x102d0, lParam=0xb1a840) returned 0x0
[0095.506] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x202b, wParam=0x102d0, lParam=0xb1a840) returned 0x0
[0095.506] InvalidateRect (hWnd=0x102d0, lpRect=0x0, bErase=0) returned 1
[0095.507] GetWindowLongPtrW (hWnd=0x202c4, nIndex=-8) returned 0x70036
[0095.507] GetWindowThreadProcessId (in: hWnd=0x70036, lpdwProcessId=0xb1bac8 | out: lpdwProcessId=0xb1bac8) returned 0x11b4
[0095.507] GetCurrentThreadId () returned 0x11b4
[0095.508] DeactivateActCtx (dwFlags=0x0, ulCookie=0x100260f200000006) returned 1
[0095.508] IsWindow (hWnd=0x70036) returned 1
[0095.508] IsWindow (hWnd=0x70036) returned 1
[0095.508] IsWindowVisible (hWnd=0x70036) returned 1
[0095.508] SetActiveWindow (hWnd=0x70036) returned 0x202c4
[0095.508] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x86, wParam=0x0, lParam=0x70036) returned 0x0
[0095.510] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0
[0095.514] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0
[0095.514] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0
[0095.514] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x46, wParam=0x0, lParam=0xb1bbe0) returned 0x0
[0095.514] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x46, wParam=0x0, lParam=0xb1bbe0) returned 0x0
[0095.514] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70030, Msg=0x46, wParam=0x0, lParam=0xb1bbe0) returned 0x0
[0095.514] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x86, wParam=0x1, lParam=0x202c4) returned 0x1
[0095.515] SetFocus (hWnd=0x70036) returned 0x102d0
[0095.515] GetFocus () returned 0x70036
[0095.515] IsChild (hWndParent=0x202c4, hWnd=0x70036) returned 0
[0095.515] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x8, wParam=0x70036, lParam=0x0) returned 0x0
[0095.515] GetCapture () returned 0x0
[0095.515] InvalidateRect (hWnd=0x102d0, lpRect=0x0, bErase=0) returned 1
[0095.516] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x281, wParam=0x0, lParam=0xc000000f) returned 0x0
[0095.517] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0
[0095.518] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0095.518] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x282, wParam=0x1, lParam=0x0) returned 0x0
[0095.518] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0095.518] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0
[0095.519] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0095.519] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x7, wParam=0x102d0, lParam=0x0) returned 0x0
[0095.520] GetFocus () returned 0x70036
[0095.521] IsChild (hWndParent=0x202c4, hWnd=0x70036) returned 0
[0095.521] ShowWindow (hWnd=0x202c4, nCmdShow=0) returned 1
[0095.521] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0
[0095.521] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x46, wParam=0x0, lParam=0xb1bad0) returned 0x0
[0095.522] GetWindowPlacement (in: hWnd=0x202c4, lpwndpl=0xb1b5e0 | out: lpwndpl=0xb1b5e0) returned 1
[0095.522] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x47, wParam=0x0, lParam=0xb1bad0) returned 0x0
[0095.522] GetClientRect (in: hWnd=0x202c4, lpRect=0xb1b480 | out: lpRect=0xb1b480) returned 1
[0095.522] GetWindowRect (in: hWnd=0x202c4, lpRect=0xb1b480 | out: lpRect=0xb1b480) returned 1
[0095.523] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0
[0095.523] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0
[0095.523] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0
[0095.524] GetWindowLongPtrW (hWnd=0x202c4, nIndex=-20) returned 0x50109
[0095.524] DestroyWindow (hWnd=0x202c4) returned 1
[0095.524] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0095.543] GetWindowTextLengthW (hWnd=0x202c4) returned 16
[0095.543] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10
[0095.543] GetSystemMetrics (nIndex=42) returned 0
[0095.543] GetWindowTextW (in: hWnd=0x202c4, lpString=0xb1b200, nMaxCount=17 | out: lpString="ff0953qpn7361bbu") returned 16
[0095.543] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0xd, wParam=0x11, lParam=0xb1b200) returned 0x10
[0095.543] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0095.544] GetWindowTextLengthW (hWnd=0x202c6) returned 0
[0095.544] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c6, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0
[0095.544] GetSystemMetrics (nIndex=42) returned 0
[0095.544] GetWindowTextW (in: hWnd=0x202c6, lpString=0xb1b270, nMaxCount=1 | out: lpString="") returned 0
[0095.544] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c6, Msg=0xd, wParam=0x1, lParam=0xb1b270) returned 0x0
[0095.544] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c6, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0095.545] GetWindowThreadProcessId (in: hWnd=0x602c2, lpdwProcessId=0xb1b308 | out: lpdwProcessId=0xb1b308) returned 0x11b4
[0095.546] GetWindow (hWnd=0x602c2, uCmd=0x5) returned 0x0
[0095.546] GetWindowLongPtrW (hWnd=0x602c2, nIndex=-20) returned 0x10100
[0095.546] DestroyWindow (hWnd=0x602c2) returned 1
[0095.546] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x602c2, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0095.546] GetWindowTextLengthW (hWnd=0x602c2) returned 25
[0095.546] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x602c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x19
[0095.546] GetSystemMetrics (nIndex=42) returned 0
[0095.546] GetWindowTextW (in: hWnd=0x602c2, lpString=0xb1a7f0, nMaxCount=26 | out: lpString="WindowsFormsParkingWindow") returned 25
[0095.546] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x602c2, Msg=0xd, wParam=0x1a, lParam=0xb1a7f0) returned 0x19
[0095.546] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x602c2, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0095.547] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x602c2, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0095.549] GetWindowTextLengthW (hWnd=0x202cc) returned 266
[0095.549] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x10a
[0095.549] GetSystemMetrics (nIndex=42) returned 0
[0095.549] CoTaskMemAlloc (cb=0x21a) returned 0x1d0267a0
[0095.549] GetWindowTextW (in: hWnd=0x202cc, lpString=0x1d0267a0, nMaxCount=267 | out: lpString="Unhandled exception has occurred in your application. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately.\r\n\r\nAccess to the path 'C:\\Windows\\System32\\LogonUI.exe' is denied.") returned 266
[0095.549] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0xd, wParam=0x10b, lParam=0x1d0267a0) returned 0x10a
[0095.549] CoTaskMemFree (pv=0x1d0267a0)
[0095.549] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0095.549] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0095.549] InvalidateRect (hWnd=0x102d0, lpRect=0x0, bErase=0) returned 1
[0095.549] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0095.549] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d2, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0095.549] SendMessageW (hWnd=0x102d4, Msg=0xb8, wParam=0x0, lParam=0x0) returned 0x0
[0095.549] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x102d4, Msg=0xb8, wParam=0x0, lParam=0x0) returned 0x0
[0095.550] SendMessageW (hWnd=0x102d4, Msg=0xb0, wParam=0x2804590, lParam=0xb1b3e0) returned 0x0
[0095.550] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x102d4, Msg=0xb0, wParam=0x2804590, lParam=0xb1b3e0) returned 0x0
[0095.550] GetWindowTextLengthW (hWnd=0x102d4) returned 3350
[0095.550] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x102d4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xd16
[0095.550] GetSystemMetrics (nIndex=42) returned 0
[0095.550] CoTaskMemAlloc (cb=0x1a32) returned 0x1d057f00
[0095.550] GetWindowTextW (in: hWnd=0x102d4, lpString=0x1d057f00, nMaxCount=3351 | out: lpString="See the end of this message for details on invoking \r\njust-in-time (JIT) debugging instead of this dialog box.\r\n\r\n************** Exception Text **************\r\nSystem.UnauthorizedAccessException: Access to the path 'C:\\Windows\\System32\\LogonUI.exe' is denied.\r\n at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)\r\n at System.IO.File.InternalDelete(String path, Boolean checkHost)\r\n at SysWOW64.Worm_patch.cmd_get_Tick(Object sender, EventArgs e)\r\n at System.Windows.Forms.Timer.OnTick(EventArgs e)\r\n at System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m)\r\n at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)\r\n\r\n\r\n************** Loaded Assemblies **************\r\nmscorlib\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2102.0 built by: NET47REL1LAST\r\n CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v4.0.30319/mscorlib.dll\r\n----------------------------------------\r\nIZI\r\n Assembly Version: 1.0.0.0\r\n Win32 Version: 1.0.0.0\r\n CodeBase: file:///C:/Users/FD1HVy/Desktop/8g4YJ5vYi5gsz9qg.exe\r\n----------------------------------------\r\nSystem.Windows.Forms\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2104.0 built by: NET47REL1LAST\r\n CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll\r\n----------------------------------------\r\nSystem\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2103.2 built by: NET47REL1LAST\r\n CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll\r\n----------------------------------------\r\nSystem.Drawing\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2046.0 built by: NET47REL1\r\n CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll\r\n----------------------------------------\r\nSystem.Configuration\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2046.0 built by: NET47REL1\r\n CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll\r\n----------------------------------------\r\nSystem.Core\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2102.0 built by: NET47REL1LAST\r\n CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll\r\n----------------------------------------\r\nSystem.Xml\r\n Assembly Version: 4.0.0.0\r\n Win32 Version: 4.7.2102.0 built by: NET47REL1LAST\r\n CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll\r\n----------------------------------------\r\n\r\n************** JIT Debugging **************\r\nTo enable just-in-time (JIT) debugging, the .config file for this\r\napplication or computer (machine.config) must have the\r\njitDebugging value set in the system.windows.forms section.\r\nThe application must also be compiled with debugging\r\nenabled.\r\n\r\nFor example:\r\n\r\n\r\n \r\n\r\n\r\nWhen JIT debugging is enabled, any unhandled exception\r\nwill be sent to the JIT debugger registered on the computer\r\nrather than be handled by this dialog box.\r\n\r\n\r\n") returned 3350
[0095.550] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x102d4, Msg=0xd, wParam=0xd17, lParam=0x1d057f00) returned 0xd16
[0095.550] CoTaskMemFree (pv=0x1d057f00)
[0095.550] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x102d4, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x1
[0095.551] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c6, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0095.552] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202cc, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0095.554] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102ce, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0095.556] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d0, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0095.560] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x102d2, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0095.562] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x102d4, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0095.564] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x202c4, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0095.567] PeekMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1ef10) returned 1
[0095.567] IsWindowUnicode (hWnd=0x18001c) returned 1
[0095.567] GetMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1ef10) returned 1
[0095.568] TranslateMessage (lpMsg=0xb1ef10) returned 0
[0095.568] DispatchMessageW (lpMsg=0xb1ef10) returned 0x0
[0095.568] PeekMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1ef10) returned 1
[0095.568] IsWindowUnicode (hWnd=0x18001c) returned 1
[0095.568] GetMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1ef10) returned 1
[0095.568] TranslateMessage (lpMsg=0xb1ef10) returned 0
[0095.568] DispatchMessageW (lpMsg=0xb1ef10) returned 0x0
[0095.568] PeekMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1ef10) returned 1
[0095.568] IsWindowUnicode (hWnd=0x302ca) returned 1
[0095.568] GetMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1ef10) returned 1
[0095.569] TranslateMessage (lpMsg=0xb1ef10) returned 0
[0095.569] DispatchMessageW (lpMsg=0xb1ef10) returned 0x0
[0095.696] GetWindowThreadProcessId (in: hWnd=0x302ca, lpdwProcessId=0xb1e8a0 | out: lpdwProcessId=0xb1e8a0) returned 0x11b4
[0095.696] GetCurrentThreadId () returned 0x11b4
[0095.696] IsWindow (hWnd=0x302ca) returned 1
[0095.696] KillTimer (hWnd=0x302ca, uIDEvent=0x4) returned 1
[0095.696] DestroyWindow (hWnd=0x302ca) returned 1
[0095.696] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302ca, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0095.696] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302ca, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0095.697] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302ca, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0095.700] LocalAlloc (uFlags=0x0, uBytes=0x4c) returned 0x1d04c000
[0095.700] ShellExecuteExW (in: pExecInfo=0x283f450*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Windows\\System32\\WormLocker2.0.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x283f450*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Windows\\System32\\WormLocker2.0.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x5ec)) returned 1
[0095.785] LocalFree (hMem=0x1d04c000) returned 0x0
[0095.786] SendMessageW (hWnd=0x70036, Msg=0x10, wParam=0x0, lParam=0x0) returned 0x0
[0095.830] GetWindowLongPtrW (hWnd=0x70036, nIndex=-20) returned 0x90008
[0095.830] DestroyWindow (hWnd=0x70036) returned 1
[0095.831] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0095.831] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x46, wParam=0x0, lParam=0xb1dfa0) returned 0x0
[0095.832] GetWindowPlacement (in: hWnd=0x70036, lpwndpl=0xb1dab0 | out: lpwndpl=0xb1dab0) returned 1
[0095.833] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x47, wParam=0x0, lParam=0xb1dfa0) returned 0x0
[0095.833] GetClientRect (in: hWnd=0x70036, lpRect=0xb1d950 | out: lpRect=0xb1d950) returned 1
[0095.833] GetWindowRect (in: hWnd=0x70036, lpRect=0xb1d950 | out: lpRect=0xb1d950) returned 1
[0095.845] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x86, wParam=0x0, lParam=0x0) returned 0x1
[0095.847] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x1c, wParam=0x0, lParam=0x104c) returned 0x0
[0095.847] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70030, Msg=0x1c, wParam=0x0, lParam=0x104c) returned 0x0
[0095.847] NtdllDefWindowProc_W (hWnd=0x6008c, Msg=0x1c, wParam=0x0, lParam=0x104c) returned 0x0
[0095.847] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x8, wParam=0x0, lParam=0x0) returned 0x0
[0095.849] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x281, wParam=0x0, lParam=0xc000000f) returned 0x0
[0095.849] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0095.849] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x282, wParam=0x1, lParam=0x0) returned 0x0
[0095.851] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0095.851] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70036, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0095.851] DestroyWindow (hWnd=0x70030) returned 1
[0095.852] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70030, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0095.852] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70030, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0095.852] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x70030, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0095.879] PostThreadMessageW (idThread=0x11b4, Msg=0x12, wParam=0x0, lParam=0x0) returned 1
[0095.879] PeekMessageW (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xb1ef10) returned 1
[0095.880] GetMessageA (in: lpMsg=0xb1ef10, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb1ef10) returned 0
[0095.882] GetCurrentThreadId () returned 0x11b4
[0095.882] EnumThreadWindows (dwThreadId=0x11b4, lpfn=0x1b343e8c, lParam=0x0) returned 1
[0095.883] IsWindowVisible (hWnd=0x6008c) returned 0
[0095.883] IsWindowVisible (hWnd=0x202c8) returned 0
[0095.883] IsWindowVisible (hWnd=0x7002e) returned 0
[0095.884] GetCurrentThreadId () returned 0x11b4
[0095.884] GetCurrentThreadId () returned 0x11b4
[0095.884] EnumThreadWindows (dwThreadId=0x11b4, lpfn=0x1b343dec, lParam=0x0) returned 1
[0095.884] IsWindowVisible (hWnd=0x6008c) returned 0
[0095.885] IsWindowVisible (hWnd=0x202c8) returned 0
[0095.885] IsWindowVisible (hWnd=0x7002e) returned 0
[0095.891] OleUninitialize ()
[0095.891] CloseHandle (hObject=0x294) returned 1
[0095.892] DeactivateActCtx (dwFlags=0x0, ulCookie=0x100260f200000002) returned 1
[0095.892] CoGetContextToken (in: pToken=0xb1fc10 | out: pToken=0xb1fc10) returned 0x0
[0095.892] CObjectContext::QueryInterface () returned 0x0
[0095.893] CObjectContext::GetCurrentThreadType () returned 0x0
[0095.893] Release () returned 0x3
[0095.893] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0xd542d0*=0x144, lpdwindex=0xb1fa04 | out: lpdwindex=0xb1fa04) returned 0x0
Thread:
id = 2
os_tid = 0x11b8
Thread:
id = 3
os_tid = 0x11d0
Thread:
id = 4
os_tid = 0x11e4
[0069.037] CoGetContextToken (in: pToken=0x1ad2f630 | out: pToken=0x1ad2f630) returned 0x800401f0
[0069.037] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0069.037] RoInitialize () returned 0x1
[0069.037] RoUninitialize () returned 0x0
[0095.976] SetWindowLongPtrW (hWnd=0x302bc, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b3408bc
[0095.977] SetClassLongPtrW (hWnd=0x302bc, nIndex=-24, dwNewLong=0x7ffcea425090) returned 0x1b34086c
[0095.977] PostMessageW (hWnd=0x302bc, Msg=0x10, wParam=0x0, lParam=0x0) returned 1
[0095.977] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0095.978] UnregisterClassW (lpClassName="WindowsForms10.EDIT.app.0.141b42a_r6_ad1", hInstance=0x790000) returned 1
[0095.978] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0095.978] UnregisterClassW (lpClassName="WindowsForms10.BUTTON.app.0.141b42a_r6_ad1", hInstance=0x790000) returned 1
[0095.978] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0095.978] UnregisterClassW (lpClassName="WindowsForms10.STATIC.app.0.141b42a_r6_ad1", hInstance=0x790000) returned 1
[0095.979] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0095.981] UnregisterClassW (lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", hInstance=0x790000) returned 1
[0095.981] GetModuleHandleW (lpModuleName=0x0) returned 0x790000
[0095.982] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.141b42a_r6_ad1", hInstance=0x790000) returned 0
[0095.988] IsWindow (hWnd=0x6008c) returned 1
[0095.990] GetModuleHandleW (lpModuleName="user32.dll") returned 0x7ffce9280000
[0095.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x1ad2f090, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW", lpUsedDefaultChar=0x0) returned 14
[0095.991] GetProcAddress (hModule=0x7ffce9280000, lpProcName="DefWindowProcW") returned 0x7ffcea425090
[0096.119] SetWindowLongPtrW (hWnd=0x6008c, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b340a4c
[0096.119] SetClassLongPtrW (hWnd=0x6008c, nIndex=-24, dwNewLong=0x7ffcea425090) returned 0x1b340a4c
[0096.121] IsWindow (hWnd=0x6008c) returned 1
[0096.121] DestroyWindow (hWnd=0x6008c) returned 0
[0096.122] PostMessageW (hWnd=0x6008c, Msg=0x10, wParam=0x0, lParam=0x0) returned 1
[0096.122] SetConsoleCtrlHandler (HandlerRoutine=0x1b3409fc, Add=0) returned 1
[0096.122] DeleteObject (ho=0x630807c0) returned 1
[0096.122] EtwEventUnregister (RegHandle=0x6300001d0318c0) returned 0x0
[0096.122] DeleteObject (ho=0x210507a8) returned 1
[0096.139] GdipDeleteRegion (region=0x1c62e8e0) returned 0x0
[0096.139] GdipDeleteRegion (region=0x1c628a90) returned 0x0
[0096.141] CloseThemeData () returned 0x0
[0096.142] RestoreDC (hdc=0xb0107d8, nSavedDC=-1) returned 1
[0096.143] DeleteDC (hdc=0xb0107d8) returned 1
[0096.143] DeleteObject (ho=0x40a07da) returned 1
[0096.145] GdipDisposeImage (image=0x1c62dc90) returned 0x0
[0096.145] GdipDisposeImage (image=0x1c629560) returned 0x0
[0096.145] GdipDisposeImage (image=0x1c62d170) returned 0x0
[0096.153] DestroyCursor (hCursor=0x170097) returned 1
[0096.153] GdipDeleteFont (font=0x1b40ebe0) returned 0x0
[0096.154] DeleteObject (ho=0x550a0545) returned 1
[0096.155] RegCloseKey (hKey=0xffffffff80000004) returned 0x0
[0096.156] CloseHandle (hObject=0x5ec) returned 1
[0096.156] RegCloseKey (hKey=0x43c) returned 0x0
[0096.157] CloseHandle (hObject=0x514) returned 1
[0096.157] CloseHandle (hObject=0x28c) returned 1
[0096.157] CloseHandle (hObject=0x288) returned 1
[0096.158] CloseHandle (hObject=0x284) returned 1
[0096.158] CloseHandle (hObject=0x280) returned 1
[0096.158] CloseHandle (hObject=0x27c) returned 1
[0096.159] CloseHandle (hObject=0x278) returned 1
[0096.159] CloseHandle (hObject=0x88) returned 1
[0096.160] CloseHandle (hObject=0x274) returned 1
[0096.162] SleepEx (dwMilliseconds=0xffffffff, bAlertable=0)
Thread:
id = 5
os_tid = 0xd28
Thread:
id = 6
os_tid = 0x1274
Thread:
id = 7
os_tid = 0xa50
Thread:
id = 8
os_tid = 0x900
Thread:
id = 9
os_tid = 0xef8
Thread:
id = 10
os_tid = 0x1330
Thread:
id = 11
os_tid = 0x132c
Thread:
id = 30
os_tid = 0x390
Process:
id = "2"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x4c27d000"
os_pid = "0x5b0"
os_integrity_level = "0x4000"
os_privileges = "0x260814080"
monitor_reason = "rpc_server"
parent_id = "1"
os_parent_pid = "0x23c"
cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k appmodel"
cur_dir = "C:\\WINDOWS\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EntAppSvc" [0xa], "NT SERVICE\\StateRepository" [0xe], "NT SERVICE\\tiledatamodelsvc" [0xa], "NT SERVICE\\WalletService" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000f8bc" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Thread:
id = 12
os_tid = 0x9bc
Thread:
id = 13
os_tid = 0x7ec
Thread:
id = 14
os_tid = 0x770
Thread:
id = 15
os_tid = 0x7d8
Thread:
id = 16
os_tid = 0x698
Thread:
id = 17
os_tid = 0x690
Thread:
id = 18
os_tid = 0x5fc
Thread:
id = 19
os_tid = 0x5f8
Thread:
id = 20
os_tid = 0x5f4
Thread:
id = 21
os_tid = 0x5b4
Thread:
id = 57
os_tid = 0xcf4
Process:
id = "3"
image_name = "cmd.exe"
filename = "c:\\windows\\system32\\cmd.exe"
page_root = "0x1ab00000"
os_pid = "0xf84"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0x11b0"
cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /k takeown /f C:\\Windows\\System32 && icacls C:\\Windows\\System32 /grant \"%username%:F\""
cur_dir = "C:\\Users\\FD1HVy\\Desktop\\"
os_username = "NQDPDE\\FD1HVy"
bitness = "32"
os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Thread:
id = 22
os_tid = 0x994
[0093.510] GetModuleHandleW (lpModuleName=0x0) returned 0x7ff726ec0000
[0093.510] __set_app_type (_Type=0x1)
[0093.510] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x7ff726ed6d00) returned 0x0
[0093.510] __getmainargs (in: _Argc=0x7ff726ef9200, _Argv=0x7ff726ef9208, _Env=0x7ff726ef9210, _DoWildCard=0, _StartInfo=0x7ff726ef921c | out: _Argc=0x7ff726ef9200, _Argv=0x7ff726ef9208, _Env=0x7ff726ef9210) returned 0
[0093.510] _onexit (_Func=0x7ff726ed7fd0) returned 0x7ff726ed7fd0
[0093.510] _onexit (_Func=0x7ff726ed7fe0) returned 0x7ff726ed7fe0
[0093.511] _onexit (_Func=0x7ff726ed7ff0) returned 0x7ff726ed7ff0
[0093.511] _onexit (_Func=0x7ff726ed8000) returned 0x7ff726ed8000
[0093.511] _onexit (_Func=0x7ff726ed8010) returned 0x7ff726ed8010
[0093.511] _onexit (_Func=0x7ff726ed8020) returned 0x7ff726ed8020
[0093.512] GetCurrentThreadId () returned 0x994
[0093.512] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x994) returned 0x7c
[0093.513] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x7ffce9120000
[0093.513] GetProcAddress (hModule=0x7ffce9120000, lpProcName="SetThreadUILanguage") returned 0x7ffce913a990
[0093.513] SetThreadUILanguage (LangId=0x0) returned 0x409
[0093.619] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0093.619] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x6bc22ff9e8 | out: phkResult=0x6bc22ff9e8*=0x0) returned 0x2
[0093.619] VirtualQuery (in: lpAddress=0x6bc22ff9d4, lpBuffer=0x6bc22ff950, dwLength=0x30 | out: lpBuffer=0x6bc22ff950*(BaseAddress=0x6bc22ff000, AllocationBase=0x6bc2200000, AllocationProtect=0x4, __alignment1=0xffff9302, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0093.619] VirtualQuery (in: lpAddress=0x6bc2200000, lpBuffer=0x6bc22ff950, dwLength=0x30 | out: lpBuffer=0x6bc22ff950*(BaseAddress=0x6bc2200000, AllocationBase=0x6bc2200000, AllocationProtect=0x4, __alignment1=0xffff9302, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30
[0093.619] VirtualQuery (in: lpAddress=0x6bc2201000, lpBuffer=0x6bc22ff950, dwLength=0x30 | out: lpBuffer=0x6bc22ff950*(BaseAddress=0x6bc2201000, AllocationBase=0x6bc2200000, AllocationProtect=0x4, __alignment1=0xffff9302, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30
[0093.619] VirtualQuery (in: lpAddress=0x6bc2204000, lpBuffer=0x6bc22ff950, dwLength=0x30 | out: lpBuffer=0x6bc22ff950*(BaseAddress=0x6bc2204000, AllocationBase=0x6bc2200000, AllocationProtect=0x4, __alignment1=0xffff9302, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0093.619] VirtualQuery (in: lpAddress=0x6bc2300000, lpBuffer=0x6bc22ff950, dwLength=0x30 | out: lpBuffer=0x6bc22ff950*(BaseAddress=0x6bc2300000, AllocationBase=0x6bc2300000, AllocationProtect=0x4, __alignment1=0xffff9302, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30
[0093.619] GetConsoleOutputCP () returned 0x1b5
[0093.790] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x7ff726effbb0 | out: lpCPInfo=0x7ff726effbb0) returned 1
[0093.790] SetConsoleCtrlHandler (HandlerRoutine=0x7ff726ee8150, Add=1) returned 1
[0093.790] _get_osfhandle (_FileHandle=1) returned 0x50
[0093.790] GetConsoleMode (in: hConsoleHandle=0x50, lpMode=0x7ff726effc04 | out: lpMode=0x7ff726effc04) returned 1
[0093.884] _get_osfhandle (_FileHandle=0) returned 0x4c
[0093.884] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x7ff726effc00 | out: lpMode=0x7ff726effc00) returned 1
[0093.978] _get_osfhandle (_FileHandle=1) returned 0x50
[0093.978] SetConsoleMode (hConsoleHandle=0x50, dwMode=0x0) returned 1
[0094.072] _get_osfhandle (_FileHandle=1) returned 0x50
[0094.072] GetConsoleMode (in: hConsoleHandle=0x50, lpMode=0x7ff726effc08 | out: lpMode=0x7ff726effc08) returned 1
[0095.382] _get_osfhandle (_FileHandle=1) returned 0x50
[0095.382] SetConsoleMode (hConsoleHandle=0x50, dwMode=0x7) returned 1
[0095.687] _get_osfhandle (_FileHandle=0) returned 0x4c
[0095.687] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x7ff726effc0c | out: lpMode=0x7ff726effc0c) returned 1
[0096.229] _get_osfhandle (_FileHandle=0) returned 0x4c
[0096.229] SetConsoleMode (hConsoleHandle=0x4c, dwMode=0x1e7) returned 1
[0096.355] GetEnvironmentStringsW () returned 0x1bd957c5ad0*
[0096.355] GetProcessHeap () returned 0x1bd957c0000
[0096.355] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0xa7c) returned 0x1bd957c6560
[0096.355] FreeEnvironmentStringsA (penv="A") returned 1
[0096.355] GetProcessHeap () returned 0x1bd957c0000
[0096.356] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x8) returned 0x1bd957c5ad0
[0096.356] GetEnvironmentStringsW () returned 0x1bd957c6ff0*
[0096.356] GetProcessHeap () returned 0x1bd957c0000
[0096.356] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0xa7c) returned 0x1bd957c7a80
[0096.356] FreeEnvironmentStringsA (penv="A") returned 1
[0096.356] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x6bc22fe898 | out: phkResult=0x6bc22fe898*=0x88) returned 0x0
[0100.445] RegQueryValueExW (in: hKey=0x88, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x6bc22fe890, lpData=0x6bc22fe8b0, lpcbData=0x6bc22fe894*=0x1000 | out: lpType=0x6bc22fe890*=0x0, lpData=0x6bc22fe8b0*=0x4, lpcbData=0x6bc22fe894*=0x1000) returned 0x2
[0100.445] RegQueryValueExW (in: hKey=0x88, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x6bc22fe890, lpData=0x6bc22fe8b0, lpcbData=0x6bc22fe894*=0x1000 | out: lpType=0x6bc22fe890*=0x4, lpData=0x6bc22fe8b0*=0x1, lpcbData=0x6bc22fe894*=0x4) returned 0x0
[0100.445] RegQueryValueExW (in: hKey=0x88, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x6bc22fe890, lpData=0x6bc22fe8b0, lpcbData=0x6bc22fe894*=0x1000 | out: lpType=0x6bc22fe890*=0x0, lpData=0x6bc22fe8b0*=0x1, lpcbData=0x6bc22fe894*=0x1000) returned 0x2
[0100.445] RegQueryValueExW (in: hKey=0x88, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x6bc22fe890, lpData=0x6bc22fe8b0, lpcbData=0x6bc22fe894*=0x1000 | out: lpType=0x6bc22fe890*=0x4, lpData=0x6bc22fe8b0*=0x0, lpcbData=0x6bc22fe894*=0x4) returned 0x0
[0100.445] RegQueryValueExW (in: hKey=0x88, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x6bc22fe890, lpData=0x6bc22fe8b0, lpcbData=0x6bc22fe894*=0x1000 | out: lpType=0x6bc22fe890*=0x4, lpData=0x6bc22fe8b0*=0x40, lpcbData=0x6bc22fe894*=0x4) returned 0x0
[0100.445] RegQueryValueExW (in: hKey=0x88, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x6bc22fe890, lpData=0x6bc22fe8b0, lpcbData=0x6bc22fe894*=0x1000 | out: lpType=0x6bc22fe890*=0x4, lpData=0x6bc22fe8b0*=0x40, lpcbData=0x6bc22fe894*=0x4) returned 0x0
[0100.445] RegQueryValueExW (in: hKey=0x88, lpValueName="AutoRun", lpReserved=0x0, lpType=0x6bc22fe890, lpData=0x6bc22fe8b0, lpcbData=0x6bc22fe894*=0x1000 | out: lpType=0x6bc22fe890*=0x0, lpData=0x6bc22fe8b0*=0x40, lpcbData=0x6bc22fe894*=0x1000) returned 0x2
[0100.446] RegCloseKey (hKey=0x88) returned 0x0
[0100.446] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x6bc22fe898 | out: phkResult=0x6bc22fe898*=0x88) returned 0x0
[0100.446] RegQueryValueExW (in: hKey=0x88, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x6bc22fe890, lpData=0x6bc22fe8b0, lpcbData=0x6bc22fe894*=0x1000 | out: lpType=0x6bc22fe890*=0x0, lpData=0x6bc22fe8b0*=0x40, lpcbData=0x6bc22fe894*=0x1000) returned 0x2
[0100.446] RegQueryValueExW (in: hKey=0x88, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x6bc22fe890, lpData=0x6bc22fe8b0, lpcbData=0x6bc22fe894*=0x1000 | out: lpType=0x6bc22fe890*=0x4, lpData=0x6bc22fe8b0*=0x1, lpcbData=0x6bc22fe894*=0x4) returned 0x0
[0100.446] RegQueryValueExW (in: hKey=0x88, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x6bc22fe890, lpData=0x6bc22fe8b0, lpcbData=0x6bc22fe894*=0x1000 | out: lpType=0x6bc22fe890*=0x0, lpData=0x6bc22fe8b0*=0x1, lpcbData=0x6bc22fe894*=0x1000) returned 0x2
[0100.446] RegQueryValueExW (in: hKey=0x88, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x6bc22fe890, lpData=0x6bc22fe8b0, lpcbData=0x6bc22fe894*=0x1000 | out: lpType=0x6bc22fe890*=0x4, lpData=0x6bc22fe8b0*=0x0, lpcbData=0x6bc22fe894*=0x4) returned 0x0
[0100.446] RegQueryValueExW (in: hKey=0x88, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x6bc22fe890, lpData=0x6bc22fe8b0, lpcbData=0x6bc22fe894*=0x1000 | out: lpType=0x6bc22fe890*=0x4, lpData=0x6bc22fe8b0*=0x9, lpcbData=0x6bc22fe894*=0x4) returned 0x0
[0100.446] RegQueryValueExW (in: hKey=0x88, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x6bc22fe890, lpData=0x6bc22fe8b0, lpcbData=0x6bc22fe894*=0x1000 | out: lpType=0x6bc22fe890*=0x4, lpData=0x6bc22fe8b0*=0x9, lpcbData=0x6bc22fe894*=0x4) returned 0x0
[0100.446] RegQueryValueExW (in: hKey=0x88, lpValueName="AutoRun", lpReserved=0x0, lpType=0x6bc22fe890, lpData=0x6bc22fe8b0, lpcbData=0x6bc22fe894*=0x1000 | out: lpType=0x6bc22fe890*=0x0, lpData=0x6bc22fe8b0*=0x9, lpcbData=0x6bc22fe894*=0x1000) returned 0x2
[0100.446] RegCloseKey (hKey=0x88) returned 0x0
[0100.446] time (in: timer=0x0 | out: timer=0x0) returned 0x600cadb2
[0100.446] srand (_Seed=0x600cadb2)
[0100.446] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /k takeown /f C:\\Windows\\System32 && icacls C:\\Windows\\System32 /grant \"%username%:F\""
[0100.446] malloc (_Size=0x4000) returned 0x1bd95a454f0
[0100.447] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /k takeown /f C:\\Windows\\System32 && icacls C:\\Windows\\System32 /grant \"%username%:F\""
[0100.447] malloc (_Size=0xffce) returned 0x1bd95a50080
[0100.448] ??_V@YAXPEAX@Z () returned 0x1bd95a50080
[0100.448] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x1bd95a50080 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17
[0100.448] malloc (_Size=0xffce) returned 0x1bd95a60060
[0100.448] ??_V@YAXPEAX@Z () returned 0x1bd95a60060
[0100.449] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1bd95a60060, nSize=0x7fe7 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
[0100.449] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x7ff726efbb90, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\WindowsApps") returned 0xbb
[0100.449] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x7ff726efbb90, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
[0100.449] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x7ff726efbb90, nSize=0x2000 | out: lpBuffer="") returned 0x0
[0100.449] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
[0100.449] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
[0100.449] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
[0100.449] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
[0100.449] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
[0100.449] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
[0100.450] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
[0100.450] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
[0100.450] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
[0100.450] GetProcessHeap () returned 0x1bd957c0000
[0100.450] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c6560) returned 1
[0100.450] GetEnvironmentStringsW () returned 0x1bd957c5b20*
[0100.450] GetProcessHeap () returned 0x1bd957c0000
[0100.450] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0xa94) returned 0x1bd957c65c0
[0100.450] FreeEnvironmentStringsA (penv="A") returned 1
[0100.450] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x7ff726efbb90, nSize=0x2000 | out: lpBuffer="C:\\WINDOWS\\system32\\cmd.exe") returned 0x1b
[0100.450] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x7ff726efbb90, nSize=0x2000 | out: lpBuffer="") returned 0x0
[0100.450] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
[0100.450] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
[0100.450] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
[0100.450] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
[0100.450] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
[0100.450] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
[0100.450] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
[0100.450] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
[0100.451] malloc (_Size=0xffce) returned 0x1bd95a70040
[0100.451] ??_V@YAXPEAX@Z () returned 0x1bd95a70040
[0100.451] GetProcessHeap () returned 0x1bd957c0000
[0100.451] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x40) returned 0x1bd957c7060
[0100.451] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x1bd95a70040 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17
[0100.451] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x7fe7, lpBuffer=0x1bd95a70040, lpFilePart=0x6bc22ff410 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x6bc22ff410*="Desktop") returned 0x17
[0100.452] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11
[0100.452] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x6bc22ff140 | out: lpFindFileData=0x6bc22ff140*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x6c4849dd, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0x475bb883, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x475bb883, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x1bd957c70b0
[0100.452] FindClose (in: hFindFile=0x1bd957c70b0 | out: hFindFile=0x1bd957c70b0) returned 1
[0100.452] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy", lpFindFileData=0x6bc22ff140 | out: lpFindFileData=0x6bc22ff140*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20fc850f, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x9de5855d, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x9de5855d, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FD1HVy", cAlternateFileName="")) returned 0x1bd957c70b0
[0100.453] FindClose (in: hFindFile=0x1bd957c70b0 | out: hFindFile=0x1bd957c70b0) returned 1
[0100.453] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", lpFindFileData=0x6bc22ff140 | out: lpFindFileData=0x6bc22ff140*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x420c7a28, ftLastAccessTime.dwHighDateTime=0x1d6f1dd, ftLastWriteTime.dwLowDateTime=0x420c7a28, ftLastWriteTime.dwHighDateTime=0x1d6f1dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x1bd957c70b0
[0100.453] FindClose (in: hFindFile=0x1bd957c70b0 | out: hFindFile=0x1bd957c70b0) returned 1
[0100.453] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11
[0100.453] SetCurrentDirectoryW (lpPathName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 1
[0100.453] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\FD1HVy\\Desktop") returned 1
[0100.453] GetProcessHeap () returned 0x1bd957c0000
[0100.453] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c65c0) returned 1
[0100.453] GetEnvironmentStringsW () returned 0x1bd957c5b20*
[0100.454] GetProcessHeap () returned 0x1bd957c0000
[0100.454] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0xacc) returned 0x1bd957c9a90
[0100.454] FreeEnvironmentStringsA (penv="=") returned 1
[0100.454] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x1bd95a50080 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17
[0100.454] GetProcessHeap () returned 0x1bd957c0000
[0100.454] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c7060) returned 1
[0100.454] ??_V@YAXPEAX@Z () returned 0x1
[0100.454] ??_V@YAXPEAX@Z () returned 0x1
[0100.454] GetProcessHeap () returned 0x1bd957c0000
[0100.454] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x4016) returned 0x1bd957ca570
[0100.455] GetProcessHeap () returned 0x1bd957c0000
[0100.455] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0xba) returned 0x1bd957c0fc0
[0100.455] GetProcessHeap () returned 0x1bd957c0000
[0100.455] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957ca570) returned 1
[0100.455] GetConsoleOutputCP () returned 0x1b5
[0100.694] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x7ff726effbb0 | out: lpCPInfo=0x7ff726effbb0) returned 1
[0100.694] GetUserDefaultLCID () returned 0x409
[0100.710] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x7ff726efbb78, cchData=8 | out: lpLCData=":") returned 2
[0100.710] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x6bc22ff7d0, cchData=128 | out: lpLCData="0") returned 2
[0100.710] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x6bc22ff7d0, cchData=128 | out: lpLCData="0") returned 2
[0100.710] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x6bc22ff7d0, cchData=128 | out: lpLCData="1") returned 2
[0100.711] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x7ff726efbb68, cchData=8 | out: lpLCData="/") returned 2
[0100.711] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x7ff726efbb00, cchData=32 | out: lpLCData="Mon") returned 4
[0100.711] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x7ff726efbac0, cchData=32 | out: lpLCData="Tue") returned 4
[0100.711] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x7ff726efba80, cchData=32 | out: lpLCData="Wed") returned 4
[0100.712] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x7ff726efba40, cchData=32 | out: lpLCData="Thu") returned 4
[0100.712] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x7ff726efba00, cchData=32 | out: lpLCData="Fri") returned 4
[0100.712] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x7ff726efb9c0, cchData=32 | out: lpLCData="Sat") returned 4
[0100.712] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x7ff726efb980, cchData=32 | out: lpLCData="Sun") returned 4
[0100.712] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x7ff726efbb58, cchData=8 | out: lpLCData=".") returned 2
[0100.712] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x7ff726efbb40, cchData=8 | out: lpLCData=",") returned 2
[0100.712] setlocale (category=0, locale=".OCP") returned="English_United States.437"
[0100.713] GetProcessHeap () returned 0x1bd957c0000
[0100.713] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x0, Size=0x20c) returned 0x1bd957c77d0
[0100.713] GetConsoleTitleW (in: lpConsoleTitle=0x1bd957c77d0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1c
[0100.898] _get_osfhandle (_FileHandle=1) returned 0x50
[0100.898] GetFileType (hFile=0x50) returned 0x2
[0100.898] GetStdHandle (nStdHandle=0xfffffff5) returned 0x50
[0100.898] GetConsoleMode (in: hConsoleHandle=0x50, lpMode=0x6bc22ff8f8 | out: lpMode=0x6bc22ff8f8) returned 1
[0101.209] GetStdHandle (nStdHandle=0xfffffff5) returned 0x50
[0101.209] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x50, lpConsoleScreenBufferInfo=0x6bc22ff918 | out: lpConsoleScreenBufferInfo=0x6bc22ff918) returned 1
[0101.537] GetStdHandle (nStdHandle=0xfffffff5) returned 0x50
[0101.537] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x50, lpConsoleScreenBufferInfo=0x6bc22ff8b8 | out: lpConsoleScreenBufferInfo=0x6bc22ff8b8) returned 1
[0101.865] FillConsoleOutputAttribute (in: hConsoleOutput=0x50, wAttribute=0x7, nLength=0x107b38, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x6bc22ff8b4 | out: lpNumberOfAttrsWritten=0x6bc22ff8b4) returned 1
[0102.163] SetConsoleTextAttribute (hConsoleOutput=0x50, wAttributes=0x7) returned 1
[0102.288] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x7ffce9120000
[0102.288] GetProcAddress (hModule=0x7ffce9120000, lpProcName="CopyFileExW") returned 0x7ffce913e830
[0102.288] GetProcAddress (hModule=0x7ffce9120000, lpProcName="IsDebuggerPresent") returned 0x7ffce913e300
[0102.288] GetProcAddress (hModule=0x7ffce9120000, lpProcName="SetConsoleInputExeNameW") returned 0x7ffce6900a40
[0102.288] ??_V@YAXPEAX@Z () returned 0x1
[0102.301] GetProcessHeap () returned 0x1bd957c0000
[0102.301] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x4012) returned 0x1bd957ca570
[0102.301] GetProcessHeap () returned 0x1bd957c0000
[0102.301] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x4010) returned 0x1bd957ce590
[0102.302] GetProcessHeap () returned 0x1bd957c0000
[0102.302] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x22) returned 0x1bd957c79f0
[0102.302] GetEnvironmentVariableW (in: lpName="username", lpBuffer=0x7ff726efbb90, nSize=0x2000 | out: lpBuffer="FD1HVy") returned 0x6
[0102.302] GetProcessHeap () returned 0x1bd957c0000
[0102.302] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c79f0) returned 1
[0102.302] GetProcessHeap () returned 0x1bd957c0000
[0102.302] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957ce590) returned 1
[0102.302] GetProcessHeap () returned 0x1bd957c0000
[0102.302] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957ca570) returned 1
[0102.303] _wcsicmp (_String1="takeown", _String2=")") returned 75
[0102.303] _wcsicmp (_String1="FOR", _String2="takeown") returned -14
[0102.303] _wcsicmp (_String1="FOR/?", _String2="takeown") returned -14
[0102.303] _wcsicmp (_String1="IF", _String2="takeown") returned -11
[0102.303] _wcsicmp (_String1="IF/?", _String2="takeown") returned -11
[0102.303] _wcsicmp (_String1="REM", _String2="takeown") returned -2
[0102.303] _wcsicmp (_String1="REM/?", _String2="takeown") returned -2
[0102.303] GetProcessHeap () returned 0x1bd957c0000
[0102.303] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0xb0) returned 0x1bd957c18a0
[0102.303] GetProcessHeap () returned 0x1bd957c0000
[0102.303] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x20) returned 0x1bd957c79f0
[0102.304] GetProcessHeap () returned 0x1bd957c0000
[0102.304] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x42) returned 0x1bd957c7a20
[0102.304] GetProcessHeap () returned 0x1bd957c0000
[0102.304] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0xb0) returned 0x1bd957c1960
[0102.305] _wcsicmp (_String1="FOR", _String2="icacls") returned -3
[0102.305] _wcsicmp (_String1="FOR/?", _String2="icacls") returned -3
[0102.305] _wcsicmp (_String1="IF", _String2="icacls") returned 3
[0102.305] _wcsicmp (_String1="IF/?", _String2="icacls") returned 3
[0102.305] _wcsicmp (_String1="REM", _String2="icacls") returned 9
[0102.305] _wcsicmp (_String1="REM/?", _String2="icacls") returned 9
[0102.305] GetProcessHeap () returned 0x1bd957c0000
[0102.305] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0xb0) returned 0x1bd957c8510
[0102.305] GetProcessHeap () returned 0x1bd957c0000
[0102.305] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x1e) returned 0x1bd957c1a20
[0102.306] GetProcessHeap () returned 0x1bd957c0000
[0102.306] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x5e) returned 0x1bd957c07a0
[0102.306] GetConsoleTitleW (in: lpConsoleTitle=0x6bc22ff600, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1c
[0102.491] malloc (_Size=0xffce) returned 0x1bd95a60060
[0102.491] ??_V@YAXPEAX@Z () returned 0x1bd95a60060
[0102.491] malloc (_Size=0xffce) returned 0x1bd95a70040
[0102.491] ??_V@YAXPEAX@Z () returned 0x1bd95a70040
[0102.492] _wcsicmp (_String1="takeown", _String2="DIR") returned 16
[0102.492] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15
[0102.492] _wcsicmp (_String1="takeown", _String2="DEL") returned 16
[0102.492] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24
[0102.492] _wcsicmp (_String1="takeown", _String2="COPY") returned 17
[0102.492] _wcsicmp (_String1="takeown", _String2="CD") returned 17
[0102.493] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17
[0102.493] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2
[0102.493] _wcsicmp (_String1="takeown", _String2="REN") returned 2
[0102.493] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15
[0102.493] _wcsicmp (_String1="takeown", _String2="SET") returned 1
[0102.493] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4
[0102.493] _wcsicmp (_String1="takeown", _String2="DATE") returned 16
[0102.493] _wcsicmp (_String1="takeown", _String2="TIME") returned -8
[0102.493] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4
[0102.493] _wcsicmp (_String1="takeown", _String2="MD") returned 7
[0102.493] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7
[0102.493] _wcsicmp (_String1="takeown", _String2="RD") returned 2
[0102.493] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2
[0102.493] _wcsicmp (_String1="takeown", _String2="PATH") returned 4
[0102.493] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13
[0102.493] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1
[0102.493] _wcsicmp (_String1="takeown", _String2="CLS") returned 17
[0102.493] _wcsicmp (_String1="takeown", _String2="CALL") returned 17
[0102.493] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2
[0102.493] _wcsicmp (_String1="takeown", _String2="VER") returned -2
[0102.493] _wcsicmp (_String1="takeown", _String2="VOL") returned -2
[0102.493] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15
[0102.493] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1
[0102.493] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15
[0102.493] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8
[0102.493] _wcsicmp (_String1="takeown", _String2="START") returned 1
[0102.494] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16
[0102.494] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9
[0102.494] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7
[0102.494] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4
[0102.494] _wcsicmp (_String1="takeown", _String2="POPD") returned 4
[0102.494] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19
[0102.494] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14
[0102.494] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18
[0102.494] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17
[0102.494] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7
[0102.494] _wcsicmp (_String1="takeown", _String2="DIR") returned 16
[0102.494] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15
[0102.494] _wcsicmp (_String1="takeown", _String2="DEL") returned 16
[0102.494] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24
[0102.494] _wcsicmp (_String1="takeown", _String2="COPY") returned 17
[0102.494] _wcsicmp (_String1="takeown", _String2="CD") returned 17
[0102.494] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17
[0102.494] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2
[0102.494] _wcsicmp (_String1="takeown", _String2="REN") returned 2
[0102.494] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15
[0102.494] _wcsicmp (_String1="takeown", _String2="SET") returned 1
[0102.494] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4
[0102.494] _wcsicmp (_String1="takeown", _String2="DATE") returned 16
[0102.494] _wcsicmp (_String1="takeown", _String2="TIME") returned -8
[0102.494] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4
[0102.494] _wcsicmp (_String1="takeown", _String2="MD") returned 7
[0102.494] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7
[0102.494] _wcsicmp (_String1="takeown", _String2="RD") returned 2
[0102.495] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2
[0102.495] _wcsicmp (_String1="takeown", _String2="PATH") returned 4
[0102.495] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13
[0102.495] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1
[0102.495] _wcsicmp (_String1="takeown", _String2="CLS") returned 17
[0102.495] _wcsicmp (_String1="takeown", _String2="CALL") returned 17
[0102.495] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2
[0102.495] _wcsicmp (_String1="takeown", _String2="VER") returned -2
[0102.495] _wcsicmp (_String1="takeown", _String2="VOL") returned -2
[0102.495] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15
[0102.495] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1
[0102.495] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15
[0102.495] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8
[0102.495] _wcsicmp (_String1="takeown", _String2="START") returned 1
[0102.495] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16
[0102.495] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9
[0102.495] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7
[0102.495] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4
[0102.495] _wcsicmp (_String1="takeown", _String2="POPD") returned 4
[0102.495] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19
[0102.495] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14
[0102.495] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18
[0102.495] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17
[0102.495] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7
[0102.495] _wcsicmp (_String1="takeown", _String2="FOR") returned 14
[0102.495] _wcsicmp (_String1="takeown", _String2="IF") returned 11
[0102.495] _wcsicmp (_String1="takeown", _String2="REM") returned 2
[0102.496] ??_V@YAXPEAX@Z () returned 0x1
[0102.496] GetProcessHeap () returned 0x1bd957c0000
[0102.496] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0xffde) returned 0x1bd957ca570
[0102.497] GetProcessHeap () returned 0x1bd957c0000
[0102.497] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x52) returned 0x1bd957c85d0
[0102.497] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17
[0102.497] malloc (_Size=0xffce) returned 0x1bd95a70040
[0102.497] ??_V@YAXPEAX@Z () returned 0x1bd95a70040
[0102.497] GetProcessHeap () returned 0x1bd957c0000
[0102.497] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x1ffac) returned 0x1bd957da560
[0102.500] SetErrorMode (uMode=0x0) returned 0x0
[0102.500] SetErrorMode (uMode=0x1) returned 0x0
[0102.500] GetFullPathNameW (in: lpFileName=".", nBufferLength=0xffce, lpBuffer=0x1bd957da570, lpFilePart=0x6bc22fee80 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x6bc22fee80*="Desktop") returned 0x17
[0102.500] SetErrorMode (uMode=0x0) returned 0x1
[0102.500] GetProcessHeap () returned 0x1bd957c0000
[0102.500] RtlReAllocateHeap (Heap=0x1bd957c0000, Flags=0x0, Ptr=0x1bd957da560, Size=0x50) returned 0x1bd957da560
[0102.500] GetProcessHeap () returned 0x1bd957c0000
[0102.500] RtlSizeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, MemoryPointer=0x1bd957da560) returned 0x50
[0102.500] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x7ff726efbb90, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\WindowsApps") returned 0xbb
[0102.500] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
[0102.500] GetProcessHeap () returned 0x1bd957c0000
[0102.500] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x1bc) returned 0x1bd957c8630
[0102.500] GetProcessHeap () returned 0x1bd957c0000
[0102.500] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x368) returned 0x1bd957c8800
[0102.512] GetProcessHeap () returned 0x1bd957c0000
[0102.512] RtlReAllocateHeap (Heap=0x1bd957c0000, Flags=0x0, Ptr=0x1bd957c8800, Size=0x1be) returned 0x1bd957c8800
[0102.512] GetProcessHeap () returned 0x1bd957c0000
[0102.512] RtlSizeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, MemoryPointer=0x1bd957c8800) returned 0x1be
[0102.512] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x7ff726efbb90, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
[0102.512] GetProcessHeap () returned 0x1bd957c0000
[0102.512] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0xe8) returned 0x1bd957c89d0
[0102.513] GetProcessHeap () returned 0x1bd957c0000
[0102.513] RtlReAllocateHeap (Heap=0x1bd957c0000, Flags=0x0, Ptr=0x1bd957c89d0, Size=0x7e) returned 0x1bd957c89d0
[0102.513] GetProcessHeap () returned 0x1bd957c0000
[0102.513] RtlSizeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, MemoryPointer=0x1bd957c89d0) returned 0x7e
[0102.514] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0102.514] FindFirstFileExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x6bc22febf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x6bc22febf0) returned 0xffffffffffffffff
[0102.514] GetLastError () returned 0x2
[0102.514] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0102.514] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x6bc22febf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x6bc22febf0) returned 0xffffffffffffffff
[0102.518] GetLastError () returned 0x2
[0102.518] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0102.518] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x6bc22febf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x6bc22febf0) returned 0x1bd957c8a60
[0102.518] GetProcessHeap () returned 0x1bd957c0000
[0102.518] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x0, Size=0x28) returned 0x1bd957c0810
[0102.518] FindClose (in: hFindFile=0x1bd957c8a60 | out: hFindFile=0x1bd957c8a60) returned 1
[0102.518] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x6bc22febf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x6bc22febf0) returned 0xffffffffffffffff
[0102.518] GetLastError () returned 0x2
[0102.518] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x6bc22febf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x6bc22febf0) returned 0x1bd957c8a60
[0102.518] GetProcessHeap () returned 0x1bd957c0000
[0102.518] RtlReAllocateHeap (Heap=0x1bd957c0000, Flags=0x0, Ptr=0x1bd957c0810, Size=0x8) returned 0x1bd957c0810
[0102.518] FindClose (in: hFindFile=0x1bd957c8a60 | out: hFindFile=0x1bd957c8a60) returned 1
[0102.519] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
[0102.519] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
[0102.519] ??_V@YAXPEAX@Z () returned 0x1
[0102.519] GetConsoleTitleW (in: lpConsoleTitle=0x6bc22ff170, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1c
[0102.865] GetProcessHeap () returned 0x1bd957c0000
[0102.865] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x21c) returned 0x1bd957c8a60
[0102.865] GetConsoleTitleW (in: lpConsoleTitle=0x1bd957c8a70, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1c
[0103.078] GetProcessHeap () returned 0x1bd957c0000
[0103.078] RtlReAllocateHeap (Heap=0x1bd957c0000, Flags=0x0, Ptr=0x1bd957c8a60, Size=0x9c) returned 0x1bd957c8a60
[0103.078] GetProcessHeap () returned 0x1bd957c0000
[0103.078] RtlSizeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, MemoryPointer=0x1bd957c8a60) returned 0x9c
[0103.078] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\System32\\cmd.exe - takeown /f C:\\Windows\\System32 ") returned 1
[0103.271] GetProcessHeap () returned 0x1bd957c0000
[0103.271] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c8a60) returned 1
[0103.271] InitializeProcThreadAttributeList (in: lpAttributeList=0x6bc22ff090, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x6bc22fef80 | out: lpAttributeList=0x6bc22ff090, lpSize=0x6bc22fef80) returned 1
[0103.272] UpdateProcThreadAttribute (in: lpAttributeList=0x6bc22ff090, dwFlags=0x0, Attribute=0x60001, lpValue=0x6bc22fef6c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x6bc22ff090, lpPreviousValue=0x0) returned 1
[0103.272] GetStartupInfoW (in: lpStartupInfo=0x6bc22ff020 | out: lpStartupInfo=0x6bc22ff020*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0))
[0103.272] GetProcessHeap () returned 0x1bd957c0000
[0103.272] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x20) returned 0x1bd957c8a60
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
[0103.272] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
[0103.273] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
[0103.273] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
[0103.273] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
[0103.273] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
[0103.273] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
[0103.273] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
[0103.273] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
[0103.273] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
[0103.273] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
[0103.273] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
[0103.273] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
[0103.273] GetProcessHeap () returned 0x1bd957c0000
[0103.273] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c8a60) returned 1
[0103.273] GetProcessHeap () returned 0x1bd957c0000
[0103.273] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x12) returned 0x1bd957c8a60
[0103.273] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1
[0103.274] _get_osfhandle (_FileHandle=1) returned 0x50
[0103.274] SetConsoleMode (hConsoleHandle=0x50, dwMode=0x3) returned 1
[0103.459] _get_osfhandle (_FileHandle=0) returned 0x4c
[0103.459] SetConsoleMode (hConsoleHandle=0x4c, dwMode=0x1f7) returned 1
[0103.662] CreateProcessW (in: lpApplicationName="C:\\WINDOWS\\system32\\takeown.exe", lpCommandLine="takeown /f C:\\Windows\\System32 ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\FD1HVy\\Desktop", lpStartupInfo=0x6bc22fefb0*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /f C:\\Windows\\System32 ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x6bc22fef88 | out: lpCommandLine="takeown /f C:\\Windows\\System32 ", lpProcessInformation=0x6bc22fef88*(hProcess=0x9c, hThread=0x98, dwProcessId=0xa74, dwThreadId=0xd78)) returned 1
[0103.961] CloseHandle (hObject=0x98) returned 1
[0103.961] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
[0103.961] GetProcessHeap () returned 0x1bd957c0000
[0103.961] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c9a90) returned 1
[0103.961] GetEnvironmentStringsW () returned 0x1bd957c9a90*
[0103.961] GetProcessHeap () returned 0x1bd957c0000
[0103.961] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0xacc) returned 0x1bd957da6d0
[0103.961] FreeEnvironmentStringsA (penv="=") returned 1
[0103.962] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0
[0106.515] GetExitCodeProcess (in: hProcess=0x9c, lpExitCode=0x6bc22fef08 | out: lpExitCode=0x6bc22fef08*=0x0) returned 1
[0106.515] CloseHandle (hObject=0x9c) returned 1
[0106.515] _vsnwprintf (in: _Buffer=0x6bc22ff0d8, _BufferCount=0x13, _Format="%08X", _ArgList=0x6bc22fef18 | out: _Buffer="00000000") returned 8
[0106.515] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1
[0106.515] GetProcessHeap () returned 0x1bd957c0000
[0106.515] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957da6d0) returned 1
[0106.516] GetEnvironmentStringsW () returned 0x1bd957c8f40*
[0106.516] GetProcessHeap () returned 0x1bd957c0000
[0106.516] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0xaf2) returned 0x1bd957c9a40
[0106.516] FreeEnvironmentStringsA (penv="=") returned 1
[0106.516] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
[0106.516] GetProcessHeap () returned 0x1bd957c0000
[0106.516] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c9a40) returned 1
[0106.516] GetEnvironmentStringsW () returned 0x1bd957c8f40*
[0106.516] GetProcessHeap () returned 0x1bd957c0000
[0106.516] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0xaf2) returned 0x1bd957c9a40
[0106.516] FreeEnvironmentStringsA (penv="=") returned 1
[0106.516] GetProcessHeap () returned 0x1bd957c0000
[0106.516] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c8a60) returned 1
[0106.516] DeleteProcThreadAttributeList (in: lpAttributeList=0x6bc22ff090 | out: lpAttributeList=0x6bc22ff090)
[0106.517] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 1
[0106.718] ??_V@YAXPEAX@Z () returned 0x1
[0106.718] GetConsoleTitleW (in: lpConsoleTitle=0x6bc22ff630, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1c
[0106.890] malloc (_Size=0xffce) returned 0x1bd95a60060
[0106.890] ??_V@YAXPEAX@Z () returned 0x1bd95a60060
[0106.891] malloc (_Size=0xffce) returned 0x1bd95a70040
[0106.891] ??_V@YAXPEAX@Z () returned 0x1bd95a70040
[0106.891] _wcsicmp (_String1="icacls", _String2="DIR") returned 5
[0106.891] _wcsicmp (_String1="icacls", _String2="ERASE") returned 4
[0106.891] _wcsicmp (_String1="icacls", _String2="DEL") returned 5
[0106.891] _wcsicmp (_String1="icacls", _String2="TYPE") returned -11
[0106.891] _wcsicmp (_String1="icacls", _String2="COPY") returned 6
[0106.891] _wcsicmp (_String1="icacls", _String2="CD") returned 6
[0106.891] _wcsicmp (_String1="icacls", _String2="CHDIR") returned 6
[0106.891] _wcsicmp (_String1="icacls", _String2="RENAME") returned -9
[0106.891] _wcsicmp (_String1="icacls", _String2="REN") returned -9
[0106.891] _wcsicmp (_String1="icacls", _String2="ECHO") returned 4
[0106.891] _wcsicmp (_String1="icacls", _String2="SET") returned -10
[0106.891] _wcsicmp (_String1="icacls", _String2="PAUSE") returned -7
[0106.891] _wcsicmp (_String1="icacls", _String2="DATE") returned 5
[0106.891] _wcsicmp (_String1="icacls", _String2="TIME") returned -11
[0106.891] _wcsicmp (_String1="icacls", _String2="PROMPT") returned -7
[0106.891] _wcsicmp (_String1="icacls", _String2="MD") returned -4
[0106.891] _wcsicmp (_String1="icacls", _String2="MKDIR") returned -4
[0106.891] _wcsicmp (_String1="icacls", _String2="RD") returned -9
[0106.891] _wcsicmp (_String1="icacls", _String2="RMDIR") returned -9
[0106.891] _wcsicmp (_String1="icacls", _String2="PATH") returned -7
[0106.891] _wcsicmp (_String1="icacls", _String2="GOTO") returned 2
[0106.891] _wcsicmp (_String1="icacls", _String2="SHIFT") returned -10
[0106.891] _wcsicmp (_String1="icacls", _String2="CLS") returned 6
[0106.891] _wcsicmp (_String1="icacls", _String2="CALL") returned 6
[0106.891] _wcsicmp (_String1="icacls", _String2="VERIFY") returned -13
[0106.891] _wcsicmp (_String1="icacls", _String2="VER") returned -13
[0106.891] _wcsicmp (_String1="icacls", _String2="VOL") returned -13
[0106.892] _wcsicmp (_String1="icacls", _String2="EXIT") returned 4
[0106.892] _wcsicmp (_String1="icacls", _String2="SETLOCAL") returned -10
[0106.892] _wcsicmp (_String1="icacls", _String2="ENDLOCAL") returned 4
[0106.892] _wcsicmp (_String1="icacls", _String2="TITLE") returned -11
[0106.892] _wcsicmp (_String1="icacls", _String2="START") returned -10
[0106.892] _wcsicmp (_String1="icacls", _String2="DPATH") returned 5
[0106.892] _wcsicmp (_String1="icacls", _String2="KEYS") returned -2
[0106.892] _wcsicmp (_String1="icacls", _String2="MOVE") returned -4
[0106.892] _wcsicmp (_String1="icacls", _String2="PUSHD") returned -7
[0106.892] _wcsicmp (_String1="icacls", _String2="POPD") returned -7
[0106.892] _wcsicmp (_String1="icacls", _String2="ASSOC") returned 8
[0106.892] _wcsicmp (_String1="icacls", _String2="FTYPE") returned 3
[0106.892] _wcsicmp (_String1="icacls", _String2="BREAK") returned 7
[0106.892] _wcsicmp (_String1="icacls", _String2="COLOR") returned 6
[0106.892] _wcsicmp (_String1="icacls", _String2="MKLINK") returned -4
[0106.892] _wcsicmp (_String1="icacls", _String2="DIR") returned 5
[0106.892] _wcsicmp (_String1="icacls", _String2="ERASE") returned 4
[0106.892] _wcsicmp (_String1="icacls", _String2="DEL") returned 5
[0106.892] _wcsicmp (_String1="icacls", _String2="TYPE") returned -11
[0106.892] _wcsicmp (_String1="icacls", _String2="COPY") returned 6
[0106.892] _wcsicmp (_String1="icacls", _String2="CD") returned 6
[0106.892] _wcsicmp (_String1="icacls", _String2="CHDIR") returned 6
[0106.892] _wcsicmp (_String1="icacls", _String2="RENAME") returned -9
[0106.892] _wcsicmp (_String1="icacls", _String2="REN") returned -9
[0106.892] _wcsicmp (_String1="icacls", _String2="ECHO") returned 4
[0106.892] _wcsicmp (_String1="icacls", _String2="SET") returned -10
[0106.892] _wcsicmp (_String1="icacls", _String2="PAUSE") returned -7
[0106.892] _wcsicmp (_String1="icacls", _String2="DATE") returned 5
[0106.892] _wcsicmp (_String1="icacls", _String2="TIME") returned -11
[0106.892] _wcsicmp (_String1="icacls", _String2="PROMPT") returned -7
[0106.892] _wcsicmp (_String1="icacls", _String2="MD") returned -4
[0106.892] _wcsicmp (_String1="icacls", _String2="MKDIR") returned -4
[0106.892] _wcsicmp (_String1="icacls", _String2="RD") returned -9
[0106.892] _wcsicmp (_String1="icacls", _String2="RMDIR") returned -9
[0106.893] _wcsicmp (_String1="icacls", _String2="PATH") returned -7
[0106.893] _wcsicmp (_String1="icacls", _String2="GOTO") returned 2
[0106.893] _wcsicmp (_String1="icacls", _String2="SHIFT") returned -10
[0106.893] _wcsicmp (_String1="icacls", _String2="CLS") returned 6
[0106.893] _wcsicmp (_String1="icacls", _String2="CALL") returned 6
[0106.893] _wcsicmp (_String1="icacls", _String2="VERIFY") returned -13
[0106.893] _wcsicmp (_String1="icacls", _String2="VER") returned -13
[0106.893] _wcsicmp (_String1="icacls", _String2="VOL") returned -13
[0106.893] _wcsicmp (_String1="icacls", _String2="EXIT") returned 4
[0106.893] _wcsicmp (_String1="icacls", _String2="SETLOCAL") returned -10
[0106.893] _wcsicmp (_String1="icacls", _String2="ENDLOCAL") returned 4
[0106.893] _wcsicmp (_String1="icacls", _String2="TITLE") returned -11
[0106.893] _wcsicmp (_String1="icacls", _String2="START") returned -10
[0106.893] _wcsicmp (_String1="icacls", _String2="DPATH") returned 5
[0106.893] _wcsicmp (_String1="icacls", _String2="KEYS") returned -2
[0106.893] _wcsicmp (_String1="icacls", _String2="MOVE") returned -4
[0106.893] _wcsicmp (_String1="icacls", _String2="PUSHD") returned -7
[0106.893] _wcsicmp (_String1="icacls", _String2="POPD") returned -7
[0106.893] _wcsicmp (_String1="icacls", _String2="ASSOC") returned 8
[0106.893] _wcsicmp (_String1="icacls", _String2="FTYPE") returned 3
[0106.893] _wcsicmp (_String1="icacls", _String2="BREAK") returned 7
[0106.893] _wcsicmp (_String1="icacls", _String2="COLOR") returned 6
[0106.893] _wcsicmp (_String1="icacls", _String2="MKLINK") returned -4
[0106.893] _wcsicmp (_String1="icacls", _String2="FOR") returned 3
[0106.893] _wcsicmp (_String1="icacls", _String2="IF") returned -3
[0106.893] _wcsicmp (_String1="icacls", _String2="REM") returned -9
[0106.893] ??_V@YAXPEAX@Z () returned 0x1
[0106.893] GetProcessHeap () returned 0x1bd957c0000
[0106.893] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0xffde) returned 0x1bd957dbcb0
[0106.894] GetProcessHeap () returned 0x1bd957c0000
[0106.894] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x6c) returned 0x1bd957c8c50
[0106.894] _wcsnicmp (_String1="icac", _String2="cmd ", _MaxCount=0x4) returned 6
[0106.894] malloc (_Size=0xffce) returned 0x1bd95a70040
[0106.894] ??_V@YAXPEAX@Z () returned 0x1bd95a70040
[0106.895] GetProcessHeap () returned 0x1bd957c0000
[0106.895] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x1ffac) returned 0x1bd957ebca0
[0106.897] SetErrorMode (uMode=0x0) returned 0x0
[0106.897] SetErrorMode (uMode=0x1) returned 0x0
[0106.897] GetFullPathNameW (in: lpFileName=".", nBufferLength=0xffce, lpBuffer=0x1bd957ebcb0, lpFilePart=0x6bc22feeb0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x6bc22feeb0*="Desktop") returned 0x17
[0106.897] SetErrorMode (uMode=0x0) returned 0x1
[0106.897] GetProcessHeap () returned 0x1bd957c0000
[0106.897] RtlReAllocateHeap (Heap=0x1bd957c0000, Flags=0x0, Ptr=0x1bd957ebca0, Size=0x4e) returned 0x1bd957ebca0
[0106.897] GetProcessHeap () returned 0x1bd957c0000
[0106.897] RtlSizeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, MemoryPointer=0x1bd957ebca0) returned 0x4e
[0106.897] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x7ff726efbb90, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\WindowsApps") returned 0xbb
[0106.897] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
[0106.897] GetProcessHeap () returned 0x1bd957c0000
[0106.897] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x1bc) returned 0x1bd957c8cd0
[0106.897] GetProcessHeap () returned 0x1bd957c0000
[0106.897] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x368) returned 0x1bd957da6d0
[0106.897] GetProcessHeap () returned 0x1bd957c0000
[0106.897] RtlReAllocateHeap (Heap=0x1bd957c0000, Flags=0x0, Ptr=0x1bd957da6d0, Size=0x1be) returned 0x1bd957da6d0
[0106.897] GetProcessHeap () returned 0x1bd957c0000
[0106.897] RtlSizeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, MemoryPointer=0x1bd957da6d0) returned 0x1be
[0106.897] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x7ff726efbb90, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
[0106.897] GetProcessHeap () returned 0x1bd957c0000
[0106.897] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0xe8) returned 0x1bd957da8a0
[0106.897] GetProcessHeap () returned 0x1bd957c0000
[0106.897] RtlReAllocateHeap (Heap=0x1bd957c0000, Flags=0x0, Ptr=0x1bd957da8a0, Size=0x7e) returned 0x1bd957da8a0
[0106.897] GetProcessHeap () returned 0x1bd957c0000
[0106.897] RtlSizeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, MemoryPointer=0x1bd957da8a0) returned 0x7e
[0106.897] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0106.898] FindFirstFileExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\icacls.*", fInfoLevelId=0x1, lpFindFileData=0x6bc22fec20, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x6bc22fec20) returned 0xffffffffffffffff
[0106.898] GetLastError () returned 0x2
[0106.898] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0106.898] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\icacls.*", fInfoLevelId=0x1, lpFindFileData=0x6bc22fec20, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x6bc22fec20) returned 0xffffffffffffffff
[0106.898] GetLastError () returned 0x2
[0106.898] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0106.898] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\icacls.*", fInfoLevelId=0x1, lpFindFileData=0x6bc22fec20, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x6bc22fec20) returned 0x1bd957da930
[0106.898] FindClose (in: hFindFile=0x1bd957da930 | out: hFindFile=0x1bd957da930) returned 1
[0106.899] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\icacls.COM", fInfoLevelId=0x1, lpFindFileData=0x6bc22fec20, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x6bc22fec20) returned 0xffffffffffffffff
[0106.899] GetLastError () returned 0x2
[0106.899] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\icacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x6bc22fec20, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x6bc22fec20) returned 0x1bd957da930
[0106.899] FindClose (in: hFindFile=0x1bd957da930 | out: hFindFile=0x1bd957da930) returned 1
[0106.899] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
[0106.899] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
[0106.899] ??_V@YAXPEAX@Z () returned 0x1
[0106.899] GetConsoleTitleW (in: lpConsoleTitle=0x6bc22ff1a0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1c
[0107.109] GetProcessHeap () returned 0x1bd957c0000
[0107.110] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x21c) returned 0x1bd957da930
[0107.110] GetConsoleTitleW (in: lpConsoleTitle=0x1bd957da940, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1c
[0107.359] GetProcessHeap () returned 0x1bd957c0000
[0107.359] RtlReAllocateHeap (Heap=0x1bd957c0000, Flags=0x0, Ptr=0x1bd957da930, Size=0xb6) returned 0x1bd957da930
[0107.359] GetProcessHeap () returned 0x1bd957c0000
[0107.359] RtlSizeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, MemoryPointer=0x1bd957da930) returned 0xb6
[0107.359] SetConsoleTitleW (lpConsoleTitle="icacls C:\\Windows\\System32 /grant \"FD1HVy:F\"") returned 1
[0107.457] GetProcessHeap () returned 0x1bd957c0000
[0107.457] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957da930) returned 1
[0107.457] InitializeProcThreadAttributeList (in: lpAttributeList=0x6bc22ff0c0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x6bc22fefb0 | out: lpAttributeList=0x6bc22ff0c0, lpSize=0x6bc22fefb0) returned 1
[0107.457] UpdateProcThreadAttribute (in: lpAttributeList=0x6bc22ff0c0, dwFlags=0x0, Attribute=0x60001, lpValue=0x6bc22fef9c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x6bc22ff0c0, lpPreviousValue=0x0) returned 1
[0107.458] GetStartupInfoW (in: lpStartupInfo=0x6bc22ff050 | out: lpStartupInfo=0x6bc22ff050*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0))
[0107.458] GetProcessHeap () returned 0x1bd957c0000
[0107.458] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x20) returned 0x1bd957ca540
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
[0107.458] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
[0107.459] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
[0107.459] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
[0107.459] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
[0107.459] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
[0107.459] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
[0107.459] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
[0107.459] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
[0107.459] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
[0107.459] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
[0107.459] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
[0107.459] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
[0107.459] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
[0107.459] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
[0107.459] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
[0107.459] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
[0107.459] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
[0107.459] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
[0107.459] GetProcessHeap () returned 0x1bd957c0000
[0107.459] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957ca540) returned 1
[0107.459] GetProcessHeap () returned 0x1bd957c0000
[0107.459] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x12) returned 0x1bd957c8a60
[0107.459] lstrcmpW (lpString1="\\icacls.exe", lpString2="\\XCOPY.EXE") returned -1
[0107.459] _get_osfhandle (_FileHandle=1) returned 0x50
[0107.459] SetConsoleMode (hConsoleHandle=0x50, dwMode=0x3) returned 1
[0107.658] _get_osfhandle (_FileHandle=0) returned 0x4c
[0107.658] SetConsoleMode (hConsoleHandle=0x4c, dwMode=0x1f7) returned 1
[0107.855] CreateProcessW (in: lpApplicationName="C:\\WINDOWS\\system32\\icacls.exe", lpCommandLine="icacls C:\\Windows\\System32 /grant \"FD1HVy:F\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\FD1HVy\\Desktop", lpStartupInfo=0x6bc22fefe0*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="icacls C:\\Windows\\System32 /grant \"FD1HVy:F\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x6bc22fefb8 | out: lpCommandLine="icacls C:\\Windows\\System32 /grant \"FD1HVy:F\"", lpProcessInformation=0x6bc22fefb8*(hProcess=0x98, hThread=0x9c, dwProcessId=0xc74, dwThreadId=0x804)) returned 1
[0108.195] CloseHandle (hObject=0x9c) returned 1
[0108.195] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
[0108.195] GetProcessHeap () returned 0x1bd957c0000
[0108.195] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c9a40) returned 1
[0108.195] GetEnvironmentStringsW () returned 0x1bd957c8f40*
[0108.195] GetProcessHeap () returned 0x1bd957c0000
[0108.195] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0xaf2) returned 0x1bd957c9a40
[0108.195] FreeEnvironmentStringsA (penv="=") returned 1
[0108.195] WaitForSingleObject (hHandle=0x98, dwMilliseconds=0xffffffff) returned 0x0
[0134.267] GetExitCodeProcess (in: hProcess=0x98, lpExitCode=0x6bc22fef38 | out: lpExitCode=0x6bc22fef38*=0x0) returned 1
[0134.267] CloseHandle (hObject=0x98) returned 1
[0134.267] _vsnwprintf (in: _Buffer=0x6bc22ff108, _BufferCount=0x13, _Format="%08X", _ArgList=0x6bc22fef48 | out: _Buffer="00000000") returned 8
[0134.267] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1
[0134.267] GetProcessHeap () returned 0x1bd957c0000
[0134.267] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c9a40) returned 1
[0134.268] GetEnvironmentStringsW () returned 0x1bd957c8f40*
[0134.268] GetProcessHeap () returned 0x1bd957c0000
[0134.268] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0xaf2) returned 0x1bd957c9a40
[0134.268] FreeEnvironmentStringsA (penv="=") returned 1
[0134.268] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
[0134.268] GetProcessHeap () returned 0x1bd957c0000
[0134.268] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c9a40) returned 1
[0134.268] GetEnvironmentStringsW () returned 0x1bd957c8f40*
[0134.268] GetProcessHeap () returned 0x1bd957c0000
[0134.268] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0xaf2) returned 0x1bd957c9a40
[0134.268] FreeEnvironmentStringsA (penv="=") returned 1
[0134.268] GetProcessHeap () returned 0x1bd957c0000
[0134.268] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c8a60) returned 1
[0134.268] DeleteProcThreadAttributeList (in: lpAttributeList=0x6bc22ff0c0 | out: lpAttributeList=0x6bc22ff0c0)
[0134.268] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 1
[0134.617] ??_V@YAXPEAX@Z () returned 0x1
[0134.618] _get_osfhandle (_FileHandle=1) returned 0x50
[0134.618] SetConsoleMode (hConsoleHandle=0x50, dwMode=0x3) returned 1
[0134.742] _get_osfhandle (_FileHandle=1) returned 0x50
[0134.743] GetConsoleMode (in: hConsoleHandle=0x50, lpMode=0x7ff726effc08 | out: lpMode=0x7ff726effc08) returned 1
[0134.835] _get_osfhandle (_FileHandle=1) returned 0x50
[0134.835] SetConsoleMode (hConsoleHandle=0x50, dwMode=0x7) returned 1
[0134.936] _get_osfhandle (_FileHandle=0) returned 0x4c
[0134.936] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x7ff726effc0c | out: lpMode=0x7ff726effc0c) returned 1
[0135.034] _get_osfhandle (_FileHandle=0) returned 0x4c
[0135.034] SetConsoleMode (hConsoleHandle=0x4c, dwMode=0x1e7) returned 1
[0135.142] SetConsoleInputExeNameW () returned 0x1
[0135.142] GetConsoleOutputCP () returned 0x1b5
[0135.178] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x7ff726effbb0 | out: lpCPInfo=0x7ff726effbb0) returned 1
[0135.178] SetThreadUILanguage (LangId=0x0) returned 0x409
[0135.280] _get_osfhandle (_FileHandle=0) returned 0x4c
[0135.280] GetFileType (hFile=0x4c) returned 0x2
[0135.326] GetStdHandle (nStdHandle=0xfffffff6) returned 0x4c
[0135.327] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x6bc22ff9a8 | out: lpMode=0x6bc22ff9a8) returned 1
[0135.501] NtOpenThreadToken (in: ThreadHandle=0xfffffffffffffffe, DesiredAccess=0x8, OpenAsSelf=0, TokenHandle=0x6bc22ff738 | out: TokenHandle=0x6bc22ff738*=0x0) returned 0xc000007c
[0135.501] NtOpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x6bc22ff738 | out: TokenHandle=0x6bc22ff738*=0x98) returned 0x0
[0135.501] NtQueryInformationToken (in: TokenHandle=0x98, TokenInformationClass=0x12, TokenInformation=0x6bc22ff6e8, TokenInformationLength=0x4, ReturnLength=0x6bc22ff6f0 | out: TokenInformation=0x6bc22ff6e8, ReturnLength=0x6bc22ff6f0) returned 0x0
[0135.501] NtQueryInformationToken (in: TokenHandle=0x98, TokenInformationClass=0x1a, TokenInformation=0x6bc22ff6f0, TokenInformationLength=0x4, ReturnLength=0x6bc22ff6e8 | out: TokenInformation=0x6bc22ff6f0, ReturnLength=0x6bc22ff6e8) returned 0x0
[0135.501] NtClose (Handle=0x98) returned 0x0
[0135.502] FormatMessageW (in: dwFlags=0x1900, lpSource=0x0, dwMessageId=0x40002748, dwLanguageId=0x0, lpBuffer=0x6bc22ff700, nSize=0x0, Arguments=0x6bc22ff708 | out: lpBuffer="顐镼ƽ") returned 0xf
[0135.503] GetProcessHeap () returned 0x1bd957c0000
[0135.503] RtlAllocateHeap (HeapHandle=0x1bd957c0000, Flags=0x8, Size=0x218) returned 0x1bd957da930
[0135.503] GetConsoleTitleW (in: lpConsoleTitle=0x6bc22ff750, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1c
[0135.602] wcsstr (_Str="C:\\Windows\\System32\\cmd.exe", _SubStr="Administrator: ") returned 0x0
[0135.602] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\cmd.exe") returned 1
[0135.695] GetProcessHeap () returned 0x1bd957c0000
[0135.695] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957da930) returned 1
[0135.695] LocalFree (hMem=0x1bd957c9850) returned 0x0
[0135.695] GetProcessHeap () returned 0x1bd957c0000
[0135.695] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957da8a0) returned 1
[0135.695] GetProcessHeap () returned 0x1bd957c0000
[0135.695] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957da6d0) returned 1
[0135.695] GetProcessHeap () returned 0x1bd957c0000
[0135.695] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c8cd0) returned 1
[0135.695] GetProcessHeap () returned 0x1bd957c0000
[0135.695] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957ebca0) returned 1
[0135.695] GetProcessHeap () returned 0x1bd957c0000
[0135.695] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c8c50) returned 1
[0135.695] GetProcessHeap () returned 0x1bd957c0000
[0135.695] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957dbcb0) returned 1
[0135.695] GetProcessHeap () returned 0x1bd957c0000
[0135.695] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c89d0) returned 1
[0135.695] GetProcessHeap () returned 0x1bd957c0000
[0135.695] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c8800) returned 1
[0135.695] GetProcessHeap () returned 0x1bd957c0000
[0135.695] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c8630) returned 1
[0135.695] GetProcessHeap () returned 0x1bd957c0000
[0135.695] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957da560) returned 1
[0135.695] GetProcessHeap () returned 0x1bd957c0000
[0135.695] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c85d0) returned 1
[0135.695] GetProcessHeap () returned 0x1bd957c0000
[0135.695] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957ca570) returned 1
[0135.695] GetProcessHeap () returned 0x1bd957c0000
[0135.696] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c07a0) returned 1
[0135.696] GetProcessHeap () returned 0x1bd957c0000
[0135.696] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c1a20) returned 1
[0135.696] GetProcessHeap () returned 0x1bd957c0000
[0135.696] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c8510) returned 1
[0135.696] GetProcessHeap () returned 0x1bd957c0000
[0135.696] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c1960) returned 1
[0135.696] GetProcessHeap () returned 0x1bd957c0000
[0135.696] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c7a20) returned 1
[0135.696] GetProcessHeap () returned 0x1bd957c0000
[0135.696] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c79f0) returned 1
[0135.696] GetProcessHeap () returned 0x1bd957c0000
[0135.696] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c18a0) returned 1
[0135.696] GetProcessHeap () returned 0x1bd957c0000
[0135.696] RtlFreeHeap (HeapHandle=0x1bd957c0000, Flags=0x0, BaseAddress=0x1bd957c0fc0) returned 1
[0135.696] _vsnwprintf (in: _Buffer=0x7ff726f07f60, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x6bc22ff578 | out: _Buffer="\r\n") returned 2
[0135.696] _get_osfhandle (_FileHandle=1) returned 0x50
[0135.696] GetFileType (hFile=0x50) returned 0x2
[0135.696] GetStdHandle (nStdHandle=0xfffffff5) returned 0x50
[0135.696] GetConsoleMode (in: hConsoleHandle=0x50, lpMode=0x6bc22ff508 | out: lpMode=0x6bc22ff508) returned 1
[0135.838] _get_osfhandle (_FileHandle=1) returned 0x50
[0135.838] WriteConsoleW (in: hConsoleOutput=0x50, lpBuffer=0x7ff726f07f60*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x6bc22ff548, lpReserved=0x0 | out: lpBuffer=0x7ff726f07f60*, lpNumberOfCharsWritten=0x6bc22ff548*=0x2) returned 1
[0135.949] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x7ff726efbb90, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4
[0135.949] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x1bd95a50080 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17
[0135.949] malloc (_Size=0x107ce) returned 0x1bd95a60060
[0135.949] _vsnwprintf (in: _Buffer=0x1bd95a60060, _BufferCount=0x83e5, _Format="%s", _ArgList=0x6bc22ff588 | out: _Buffer="C:\\Users\\FD1HVy\\Desktop") returned 23
[0135.949] _vsnwprintf (in: _Buffer=0x1bd95a6008e, _BufferCount=0x83ce, _Format="%c", _ArgList=0x6bc22ff588 | out: _Buffer=">") returned 1
[0135.950] _get_osfhandle (_FileHandle=1) returned 0x50
[0135.950] GetFileType (hFile=0x50) returned 0x2
[0135.950] GetStdHandle (nStdHandle=0xfffffff5) returned 0x50
[0135.950] GetConsoleMode (in: hConsoleHandle=0x50, lpMode=0x6bc22ff538 | out: lpMode=0x6bc22ff538) returned 1
[0136.040] _get_osfhandle (_FileHandle=1) returned 0x50
[0136.040] WriteConsoleW (in: hConsoleOutput=0x50, lpBuffer=0x1bd95a60060*, nNumberOfCharsToWrite=0x18, lpNumberOfCharsWritten=0x6bc22ff578, lpReserved=0x0 | out: lpBuffer=0x1bd95a60060*, lpNumberOfCharsWritten=0x6bc22ff578*=0x18) returned 1
[0136.176] _get_osfhandle (_FileHandle=0) returned 0x4c
[0136.176] GetFileType (hFile=0x4c) returned 0x2
[0136.176] _get_osfhandle (_FileHandle=0) returned 0x4c
[0136.176] GetFileType (hFile=0x4c) returned 0x2
[0136.176] GetStdHandle (nStdHandle=0xfffffff6) returned 0x4c
[0136.176] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x6bc22ff878 | out: lpMode=0x6bc22ff878) returned 1
[0136.241] _get_osfhandle (_FileHandle=0) returned 0x4c
[0136.241] GetFileType (hFile=0x4c) returned 0x2
[0136.241] GetStdHandle (nStdHandle=0xfffffff6) returned 0x4c
[0136.241] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x6bc22ff878 | out: lpMode=0x6bc22ff878) returned 1
[0136.558] _get_osfhandle (_FileHandle=0) returned 0x4c
[0136.558] GetStdHandle (nStdHandle=0xfffffff5) returned 0x50
[0136.558] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x50, lpConsoleScreenBufferInfo=0x6bc22ff800 | out: lpConsoleScreenBufferInfo=0x6bc22ff800) returned 1
[0136.676] ReadConsoleW (hConsoleInput=0x4c, lpBuffer=0x7ff726f03c30, nNumberOfCharsToRead=0x2000, lpNumberOfCharsRead=0x6bc22ff8d0, pInputControl=0x6bc22ff7f0)
Thread:
id = 28
os_tid = 0xa10
Thread:
id = 56
os_tid = 0xef8
Process:
id = "4"
image_name = "conhost.exe"
filename = "c:\\windows\\system32\\conhost.exe"
page_root = "0x5d12d000"
os_pid = "0xfd4"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "3"
os_parent_pid = "0xf84"
cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1"
cur_dir = "C:\\WINDOWS"
os_username = "NQDPDE\\FD1HVy"
bitness = "32"
os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Thread:
id = 23
os_tid = 0xde0
Thread:
id = 24
os_tid = 0xca4
Thread:
id = 25
os_tid = 0x1058
Thread:
id = 26
os_tid = 0xfb8
Thread:
id = 27
os_tid = 0xfc8
Process:
id = "5"
image_name = "wormlocker2.0.exe"
filename = "c:\\windows\\system32\\wormlocker2.0.exe"
page_root = "0x1e1be000"
os_pid = "0xcdc"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0x11b0"
cmd_line = "\"C:\\Windows\\System32\\WormLocker2.0.exe\" "
cur_dir = "C:\\Users\\FD1HVy\\Desktop\\"
os_username = "NQDPDE\\FD1HVy"
bitness = "32"
os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Thread:
id = 29
os_tid = 0x4b0
[0102.211] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0102.313] RoInitialize () returned 0x1
[0102.313] RoUninitialize () returned 0x0
[0103.574] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0xefd6d8 | out: phkResult=0xefd6d8*=0x0) returned 0x2
[0103.575] RegCloseKey (hKey=0xffffffff80000002) returned 0x0
[0103.581] GetFullPathNameW (in: lpFileName="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0xefe190, lpFilePart=0x0 | out: lpBuffer="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77
[0103.591] IsAppThemed () returned 0x1
[0103.594] CoTaskMemAlloc (cb=0xf0) returned 0x1074a10
[0103.594] CreateActCtxA (pActCtx=0xefe7a0) returned 0x106cd18
[0103.596] CoTaskMemFree (pv=0x1074a10)
[0103.602] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc151
[0103.602] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc197
[0104.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WormLocker2.0.exe.config", nBufferLength=0x105, lpBuffer=0xefdd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WormLocker2.0.exe.config", lpFilePart=0x0) returned 0x2c
[0104.520] GetCurrentProcess () returned 0xffffffffffffffff
[0104.520] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xefe088 | out: TokenHandle=0xefe088*=0x274) returned 1
[0104.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0xefda60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", lpFilePart=0x0) returned 0x30
[0104.527] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0xefe130 | out: lpFileInformation=0xefe130*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fdfbae, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x982bc0b8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x982bc0b8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1
[0104.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0xefda80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45
[0104.528] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0xefe128 | out: lpFileInformation=0xefe128*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fdfbae, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x982bc0b8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x982bc0b8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1
[0104.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0xefda80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45
[0104.532] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdfa0) returned 1
[0104.532] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x88
[0104.532] GetFileType (hFile=0x88) returned 0x1
[0104.532] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefdf10) returned 1
[0104.532] GetFileType (hFile=0x88) returned 0x1
[0104.669] GetFileSize (in: hFile=0x88, lpFileSizeHigh=0xefe078 | out: lpFileSizeHigh=0xefe078*=0x0) returned 0x8c8f
[0104.772] ReadFile (in: hFile=0x88, lpBuffer=0x2c7dd10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xefdfe8, lpOverlapped=0x0 | out: lpBuffer=0x2c7dd10*, lpNumberOfBytesRead=0xefdfe8*=0x1000, lpOverlapped=0x0) returned 1
[0104.960] ReadFile (in: hFile=0x88, lpBuffer=0x2c7dd10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xefdd98, lpOverlapped=0x0 | out: lpBuffer=0x2c7dd10*, lpNumberOfBytesRead=0xefdd98*=0x1000, lpOverlapped=0x0) returned 1
[0104.962] ReadFile (in: hFile=0x88, lpBuffer=0x2c7dd10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xefdb68, lpOverlapped=0x0 | out: lpBuffer=0x2c7dd10*, lpNumberOfBytesRead=0xefdb68*=0x1000, lpOverlapped=0x0) returned 1
[0104.962] ReadFile (in: hFile=0x88, lpBuffer=0x2c7dd10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xefdb68, lpOverlapped=0x0 | out: lpBuffer=0x2c7dd10*, lpNumberOfBytesRead=0xefdb68*=0x1000, lpOverlapped=0x0) returned 1
[0104.962] ReadFile (in: hFile=0x88, lpBuffer=0x2c7dd10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xefdb68, lpOverlapped=0x0 | out: lpBuffer=0x2c7dd10*, lpNumberOfBytesRead=0xefdb68*=0x1000, lpOverlapped=0x0) returned 1
[0104.963] ReadFile (in: hFile=0x88, lpBuffer=0x2c7dd10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xefda08, lpOverlapped=0x0 | out: lpBuffer=0x2c7dd10*, lpNumberOfBytesRead=0xefda08*=0x1000, lpOverlapped=0x0) returned 1
[0104.968] ReadFile (in: hFile=0x88, lpBuffer=0x2c7dd10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xefdca8, lpOverlapped=0x0 | out: lpBuffer=0x2c7dd10*, lpNumberOfBytesRead=0xefdca8*=0x1000, lpOverlapped=0x0) returned 1
[0104.970] ReadFile (in: hFile=0x88, lpBuffer=0x2c7dd10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xefdb98, lpOverlapped=0x0 | out: lpBuffer=0x2c7dd10*, lpNumberOfBytesRead=0xefdb98*=0x1000, lpOverlapped=0x0) returned 1
[0104.970] ReadFile (in: hFile=0x88, lpBuffer=0x2c7dd10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xefdb98, lpOverlapped=0x0 | out: lpBuffer=0x2c7dd10*, lpNumberOfBytesRead=0xefdb98*=0xc8f, lpOverlapped=0x0) returned 1
[0104.970] ReadFile (in: hFile=0x88, lpBuffer=0x2c7dd10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xefdca8, lpOverlapped=0x0 | out: lpBuffer=0x2c7dd10*, lpNumberOfBytesRead=0xefdca8*=0x0, lpOverlapped=0x0) returned 1
[0104.971] CloseHandle (hObject=0x88) returned 1
[0104.973] GetCurrentProcess () returned 0xffffffffffffffff
[0104.973] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xefe248 | out: TokenHandle=0xefe248*=0x88) returned 1
[0104.974] GetCurrentProcess () returned 0xffffffffffffffff
[0104.974] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xefe248 | out: TokenHandle=0xefe248*=0x278) returned 1
[0104.975] GetCurrentProcess () returned 0xffffffffffffffff
[0104.975] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xefe088 | out: TokenHandle=0xefe088*=0x27c) returned 1
[0104.975] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WormLocker2.0.exe.config" (normalized: "c:\\windows\\system32\\wormlocker2.0.exe.config"), fInfoLevelId=0x0, lpFileInformation=0xefe130 | out: lpFileInformation=0xefe130*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0104.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WormLocker2.0.exe.config", nBufferLength=0x105, lpBuffer=0xefda80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WormLocker2.0.exe.config", lpFilePart=0x0) returned 0x2c
[0104.976] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WormLocker2.0.exe.config" (normalized: "c:\\windows\\system32\\wormlocker2.0.exe.config"), fInfoLevelId=0x0, lpFileInformation=0xefe128 | out: lpFileInformation=0xefe128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0104.977] GetCurrentProcess () returned 0xffffffffffffffff
[0104.977] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xefe248 | out: TokenHandle=0xefe248*=0x280) returned 1
[0104.977] GetCurrentProcess () returned 0xffffffffffffffff
[0104.977] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xefe248 | out: TokenHandle=0xefe248*=0x284) returned 1
[0105.047] GetCurrentProcess () returned 0xffffffffffffffff
[0105.047] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xefdf58 | out: TokenHandle=0xefdf58*=0x288) returned 1
[0105.053] GetCurrentProcess () returned 0xffffffffffffffff
[0105.053] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xefdf68 | out: TokenHandle=0xefdf68*=0x28c) returned 1
[0105.063] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0105.065] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x7ffcc6370000
[0105.081] AdjustWindowRectEx (in: lpRect=0xefe810, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0xefe810) returned 1
[0105.180] GetCurrentProcess () returned 0xffffffffffffffff
[0105.180] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0xefe600, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0xefe600*=0x294) returned 1
[0105.290] GetCurrentActCtx (in: lphActCtx=0xefe500 | out: lphActCtx=0xefe500*=0x0) returned 1
[0105.290] ActivateActCtx (in: hActCtx=0x106cd18, lpCookie=0xefe540 | out: hActCtx=0x106cd18, lpCookie=0xefe540) returned 1
[0105.290] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0105.291] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x7ffcdf080000
[0105.300] GetModuleHandleW (lpModuleName="user32.dll") returned 0x7ffce9280000
[0105.300] GetProcAddress (hModule=0x7ffce9280000, lpProcName="DefWindowProcW") returned 0x7ffcea425090
[0105.301] GetStockObject (i=5) returned 0x900015
[0105.306] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0105.307] CoTaskMemAlloc (cb=0x5a) returned 0x1067ec0
[0105.307] RegisterClassW (lpWndClass=0xefe1f0) returned 0xc196
[0105.308] CoTaskMemFree (pv=0x1067ec0)
[0105.308] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0105.308] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r6_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x7008c
[0105.310] SetWindowLongPtrW (hWnd=0x7008c, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d086c
[0105.312] GetWindowLongPtrW (hWnd=0x7008c, nIndex=-4) returned 0x7ffcea425090
[0105.319] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0xefd568 | out: phkResult=0xefd568*=0x2a8) returned 0x0
[0105.320] RegQueryValueExW (in: hKey=0x2a8, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0xefd5b8, lpData=0x0, lpcbData=0xefd5b0*=0x0 | out: lpType=0xefd5b8*=0x0, lpData=0x0, lpcbData=0xefd5b0*=0x0) returned 0x2
[0105.320] RegQueryValueExW (in: hKey=0x2a8, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0xefd5b8, lpData=0x0, lpcbData=0xefd5b0*=0x0 | out: lpType=0xefd5b8*=0x0, lpData=0x0, lpcbData=0xefd5b0*=0x0) returned 0x2
[0105.321] RegCloseKey (hKey=0x2a8) returned 0x0
[0105.322] SetWindowLongPtrW (hWnd=0x7008c, nIndex=-4, dwNewLong=0x1b7d08bc) returned 0x7ffcea425090
[0105.322] GetWindowLongPtrW (hWnd=0x7008c, nIndex=-4) returned 0x1b7d08bc
[0105.322] GetWindowLongPtrW (hWnd=0x7008c, nIndex=-16) returned 0x6c10000
[0105.325] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc19a
[0105.326] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc19b
[0105.326] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x7008c, Msg=0x81, wParam=0x0, lParam=0xefdba0) returned 0x1
[0105.327] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x7008c, Msg=0x83, wParam=0x0, lParam=0xefdc50) returned 0x0
[0105.330] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x7008c, Msg=0x1, wParam=0x0, lParam=0xefdba0) returned 0x0
[0105.330] GetClientRect (in: hWnd=0x7008c, lpRect=0xefd5c0 | out: lpRect=0xefd5c0) returned 1
[0105.331] GetWindowRect (in: hWnd=0x7008c, lpRect=0xefd5c0 | out: lpRect=0xefd5c0) returned 1
[0105.336] GetParent (hWnd=0x7008c) returned 0x0
[0105.336] DeactivateActCtx (dwFlags=0x0, ulCookie=0x1002e9c900000001) returned 1
[0105.781] EtwEventRegister (in: ProviderId=0x2ca36c0, EnableCallback=0x1b7d090c, CallbackContext=0x0, RegHandle=0x2ca36a0 | out: RegHandle=0x2ca36a0) returned 0x0
[0105.785] EtwEventSetInformation (RegHandle=0x2f000001089f30, InformationClass=0x2, EventInformation=0x2ca3628, InformationLength=0x33) returned 0x0
[0105.789] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0105.789] AdjustWindowRectEx (in: lpRect=0xefe100, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefe100) returned 1
[0105.791] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0105.793] AdjustWindowRectEx (in: lpRect=0xefe0f0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefe0f0) returned 1
[0105.793] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0105.793] AdjustWindowRectEx (in: lpRect=0xefe0f0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefe0f0) returned 1
[0105.793] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0105.793] AdjustWindowRectEx (in: lpRect=0xefe0f0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefe0f0) returned 1
[0105.793] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0105.793] AdjustWindowRectEx (in: lpRect=0xefe0f0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefe0f0) returned 1
[0105.794] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0105.794] AdjustWindowRectEx (in: lpRect=0xefe0f0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefe0f0) returned 1
[0105.798] GetSystemDefaultLCID () returned 0x409
[0105.798] GetStockObject (i=17) returned 0xa01c1
[0105.800] GetObjectW (in: h=0xa01c1, c=92, pv=0xefdc20 | out: pv=0xefdc20) returned 92
[0105.801] GetDC (hWnd=0x0) returned 0x10105d6
[0105.923] GdiplusStartup (in: token=0x7ffc6a026d98, input=0xefc6a8, output=0xefc758 | out: token=0x7ffc6a026d98, output=0xefc758) returned 0x0
[0105.929] CoTaskMemAlloc (cb=0x5c) returned 0x1067d00
[0105.929] GdipCreateFontFromLogfontW (hdc=0x10105d6, logfont=0x1067d00, font=0xefdd60) returned 0x0
[0106.065] CoTaskMemFree (pv=0x1067d00)
[0106.066] CoTaskMemAlloc (cb=0x5c) returned 0x1067d00
[0106.066] CoTaskMemFree (pv=0x1067d00)
[0106.067] CoTaskMemAlloc (cb=0x5c) returned 0x1067d00
[0106.067] CoTaskMemFree (pv=0x1067d00)
[0106.068] GdipGetFontUnit (font=0x1b6734f0, unit=0xefdcd0) returned 0x0
[0106.068] GdipGetFontSize (font=0x1b6734f0, size=0xefdcdc) returned 0x0
[0106.069] GdipGetFontStyle (font=0x1b6734f0, style=0xefdcc8) returned 0x0
[0106.069] GdipGetFamily (font=0x1b6734f0, family=0xefdcc0) returned 0x0
[0106.071] GdipGetFontSize (font=0x1b6734f0, size=0x2ca5560) returned 0x0
[0106.072] ReleaseDC (hWnd=0x0, hDC=0x10105d6) returned 1
[0106.074] GetDC (hWnd=0x0) returned 0xd0104fe
[0106.075] GdipCreateFromHDC (hdc=0xd0104fe, graphics=0xefdcc8) returned 0x0
[0106.130] GdipGetDpiY (graphics=0x1c8f1520, dpi=0x2ca56f0) returned 0x0
[0106.131] GdipGetFontHeight (font=0x1b6734f0, graphics=0x1c8f1520, height=0xefdcc4) returned 0x0
[0106.132] GdipGetEmHeight (family=0x1b679950, style=0, EmHeight=0xefdcc8) returned 0x0
[0106.134] GdipGetLineSpacing (family=0x1b679950, style=0, LineSpacing=0xefdcc8) returned 0x0
[0106.134] GdipDeleteGraphics (graphics=0x1c8f1520) returned 0x0
[0106.134] ReleaseDC (hWnd=0x0, hDC=0xd0104fe) returned 1
[0106.180] GdipCreateFont (fontFamily=0x1b679950, emSize=0x7ffcca17da75, style=0, unit=0x3, font=0x2ca5728) returned 0x0
[0106.180] GdipGetFontSize (font=0x1b67ebe0, size=0x2ca5730) returned 0x0
[0106.181] GdipDeleteFont (font=0x1b6734f0) returned 0x0
[0106.184] GetDC (hWnd=0x0) returned 0xd0104fe
[0106.184] GdipCreateFromHDC (hdc=0xd0104fe, graphics=0xefde38) returned 0x0
[0106.185] GdipGetFontHeight (font=0x1b67ebe0, graphics=0x1c8f1520, height=0xefde34) returned 0x0
[0106.185] GdipDeleteGraphics (graphics=0x1c8f1520) returned 0x0
[0106.185] ReleaseDC (hWnd=0x0, hDC=0xd0104fe) returned 1
[0106.185] GetSystemMetrics (nIndex=5) returned 1
[0106.185] GetSystemMetrics (nIndex=6) returned 1
[0106.186] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0106.317] AdjustWindowRectEx (in: lpRect=0xefe0f0, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0xefe0f0) returned 1
[0106.318] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0106.318] AdjustWindowRectEx (in: lpRect=0xefe0d0, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefe0d0) returned 1
[0106.327] LoadCursorW (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0106.328] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0106.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WormLocker2.0.exe.config", nBufferLength=0x105, lpBuffer=0xefd810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WormLocker2.0.exe.config", lpFilePart=0x0) returned 0x2c
[0106.332] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdce0) returned 1
[0106.332] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WormLocker2.0.exe.config" (normalized: "c:\\windows\\system32\\wormlocker2.0.exe.config"), fInfoLevelId=0x0, lpFileInformation=0xefddc0 | out: lpFileInformation=0xefddc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0106.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefdca0) returned 1
[0106.854] GdipLoadImageFromStream (stream=0x12c0020, image=0xefd660) returned 0x0
[0106.909] GdipImageForceValidation (image=0x1c8f7000) returned 0x0
[0106.931] GdipGetImageType (image=0x1c8f7000, type=0xefd658) returned 0x0
[0106.933] GdipGetImageRawFormat (image=0x1c8f7000, format=0xefd550*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0
[0107.011] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0107.012] AdjustWindowRectEx (in: lpRect=0xefe000, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefe000) returned 1
[0107.028] GetUserObjectInformationA (in: hObj=0xe8, nIndex=1, pvInfo=0x2ceaaa8, nLength=0xc, lpnLengthNeeded=0xefdc90 | out: pvInfo=0x2ceaaa8, lpnLengthNeeded=0xefdc90) returned 1
[0107.030] SetConsoleCtrlHandler (HandlerRoutine=0x1b7d0dac, Add=1) returned 1
[0107.031] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0107.032] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0107.034] GetClassInfoW (in: hInstance=0xb40000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x2ceab68 | out: lpWndClass=0x2ceab68) returned 0
[0107.035] CoTaskMemAlloc (cb=0x58) returned 0x1072300
[0107.035] RegisterClassW (lpWndClass=0xefdaa0) returned 0xc19e
[0107.035] CoTaskMemFree (pv=0x1072300)
[0107.036] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x9005c
[0107.041] NtdllDefWindowProc_W (hWnd=0x9005c, Msg=0x83, wParam=0x0, lParam=0xefd490) returned 0x0
[0107.042] NtdllDefWindowProc_W (hWnd=0x9005c, Msg=0x1, wParam=0x0, lParam=0xefd380) returned 0x0
[0107.042] NtdllDefWindowProc_W (hWnd=0x9005c, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0
[0107.042] NtdllDefWindowProc_W (hWnd=0x9005c, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0
[0107.047] GetSysColor (nIndex=10) returned 0xb4b4b4
[0107.047] GetSysColor (nIndex=2) returned 0xd1b499
[0107.047] GetSysColor (nIndex=9) returned 0x0
[0107.047] GetSysColor (nIndex=12) returned 0xababab
[0107.047] GetSysColor (nIndex=15) returned 0xf0f0f0
[0107.047] GetSysColor (nIndex=20) returned 0xffffff
[0107.047] GetSysColor (nIndex=16) returned 0xa0a0a0
[0107.047] GetSysColor (nIndex=15) returned 0xf0f0f0
[0107.047] GetSysColor (nIndex=16) returned 0xa0a0a0
[0107.047] GetSysColor (nIndex=21) returned 0x696969
[0107.047] GetSysColor (nIndex=22) returned 0xe3e3e3
[0107.047] GetSysColor (nIndex=20) returned 0xffffff
[0107.047] GetSysColor (nIndex=18) returned 0x0
[0107.047] GetSysColor (nIndex=1) returned 0x0
[0107.047] GetSysColor (nIndex=27) returned 0xead1b9
[0107.047] GetSysColor (nIndex=28) returned 0xf2e4d7
[0107.048] GetSysColor (nIndex=17) returned 0x6d6d6d
[0107.048] GetSysColor (nIndex=13) returned 0xd77800
[0107.048] GetSysColor (nIndex=14) returned 0xffffff
[0107.048] GetSysColor (nIndex=26) returned 0xcc6600
[0107.048] GetSysColor (nIndex=11) returned 0xfcf7f4
[0107.048] GetSysColor (nIndex=3) returned 0xdbcdbf
[0107.048] GetSysColor (nIndex=19) returned 0x0
[0107.048] GetSysColor (nIndex=24) returned 0xe1ffff
[0107.048] GetSysColor (nIndex=23) returned 0x0
[0107.048] GetSysColor (nIndex=4) returned 0xf0f0f0
[0107.048] GetSysColor (nIndex=30) returned 0xf0f0f0
[0107.048] GetSysColor (nIndex=29) returned 0xd77800
[0107.048] GetSysColor (nIndex=7) returned 0x0
[0107.048] GetSysColor (nIndex=0) returned 0xc8c8c8
[0107.048] GetSysColor (nIndex=5) returned 0xffffff
[0107.048] GetSysColor (nIndex=6) returned 0x646464
[0107.048] GetSysColor (nIndex=8) returned 0x0
[0107.051] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0107.051] AdjustWindowRectEx (in: lpRect=0xefe000, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefe000) returned 1
[0107.116] GdipCreateFontFamilyFromName (name="Arial", fontCollection=0x0, fontFamily=0xefe0a0) returned 0x0
[0107.116] GdipCreateFont (fontFamily=0x1b673590, emSize=0x7ffcca17da75, style=1, unit=0x3, font=0x2ceb5f8) returned 0x0
[0107.295] GdipGetFontSize (font=0x1b6734f0, size=0x2ceb600) returned 0x0
[0107.297] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0107.297] AdjustWindowRectEx (in: lpRect=0xefdf90, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdf90) returned 1
[0107.297] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0107.297] AdjustWindowRectEx (in: lpRect=0xefdf90, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdf90) returned 1
[0107.299] GdipCreateFontFamilyFromName (name="Arial Black", fontCollection=0x0, fontFamily=0xefe0a0) returned 0x0
[0107.300] GdipCreateFont (fontFamily=0x1b673910, emSize=0x7ffcca17da75, style=1, unit=0x3, font=0x2cebb40) returned 0x0
[0107.310] GdipGetFontSize (font=0x1b67ef60, size=0x2cebb48) returned 0x0
[0107.310] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0107.310] AdjustWindowRectEx (in: lpRect=0xefdf90, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdf90) returned 1
[0107.311] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0107.311] AdjustWindowRectEx (in: lpRect=0xefdf90, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdf90) returned 1
[0107.311] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0xefe0a0) returned 0x0
[0107.312] GdipCreateFont (fontFamily=0x1b679950, emSize=0x7ffcca17da75, style=0, unit=0x3, font=0x2cebff0) returned 0x0
[0107.312] GdipGetFontSize (font=0x1c8f8070, size=0x2cebff8) returned 0x0
[0107.312] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0107.312] AdjustWindowRectEx (in: lpRect=0xefdf90, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdf90) returned 1
[0107.312] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0107.312] AdjustWindowRectEx (in: lpRect=0xefdf90, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdf90) returned 1
[0107.312] GdipCreateFontFamilyFromName (name="Arial Black", fontCollection=0x0, fontFamily=0xefe0a0) returned 0x0
[0107.313] GdipCreateFont (fontFamily=0x1b673910, emSize=0x7ffcca17da75, style=1, unit=0x3, font=0x2ceca00) returned 0x0
[0107.313] GdipGetFontSize (font=0x1c8f80b0, size=0x2ceca08) returned 0x0
[0107.314] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0107.314] AdjustWindowRectEx (in: lpRect=0xefdf90, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdf90) returned 1
[0107.314] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0107.314] AdjustWindowRectEx (in: lpRect=0xefdf90, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdf90) returned 1
[0107.314] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0xefe0a0) returned 0x0
[0107.315] GdipCreateFont (fontFamily=0x1b679950, emSize=0x7ffcca17da75, style=0, unit=0x3, font=0x2ceceb0) returned 0x0
[0107.315] GdipGetFontSize (font=0x1c8f80f0, size=0x2ceceb8) returned 0x0
[0107.315] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0107.315] AdjustWindowRectEx (in: lpRect=0xefdf90, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdf90) returned 1
[0107.315] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0107.315] AdjustWindowRectEx (in: lpRect=0xefdf90, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdf90) returned 1
[0107.317] IsAppThemed () returned 0x1
[0107.318] GetThemeAppProperties () returned 0x3
[0107.318] OpenThemeData () returned 0x20002
[0107.318] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0xefe0a0) returned 0x0
[0107.318] GdipCreateFont (fontFamily=0x1b679950, emSize=0x7ffcca17da75, style=0, unit=0x3, font=0x2ced888) returned 0x0
[0107.318] GdipGetFontSize (font=0x1c8f8130, size=0x2ced890) returned 0x0
[0107.318] GetDC (hWnd=0x0) returned 0xd0104fe
[0107.318] GdipCreateFromHDC (hdc=0xd0104fe, graphics=0xefdff8) returned 0x0
[0107.319] GdipGetFontHeight (font=0x1c8f8130, graphics=0x1c8f8170, height=0xefdff4) returned 0x0
[0107.319] GdipDeleteGraphics (graphics=0x1c8f8170) returned 0x0
[0107.319] ReleaseDC (hWnd=0x0, hDC=0xd0104fe) returned 1
[0107.319] GetDC (hWnd=0x0) returned 0xd0104fe
[0107.319] GdipCreateFromHDC (hdc=0xd0104fe, graphics=0xefdec8) returned 0x0
[0107.320] GdipGetFontHeight (font=0x1c8f8130, graphics=0x1c8f8170, height=0xefdec4) returned 0x0
[0107.320] GdipDeleteGraphics (graphics=0x1c8f8170) returned 0x0
[0107.320] ReleaseDC (hWnd=0x0, hDC=0xd0104fe) returned 1
[0107.320] GetSystemMetrics (nIndex=5) returned 1
[0107.320] GetSystemMetrics (nIndex=6) returned 1
[0107.320] GetSystemMetrics (nIndex=5) returned 1
[0107.320] GetSystemMetrics (nIndex=6) returned 1
[0107.320] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0107.320] AdjustWindowRectEx (in: lpRect=0xefdf20, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0xefdf20) returned 1
[0107.320] GetSystemMetrics (nIndex=5) returned 1
[0107.320] GetSystemMetrics (nIndex=6) returned 1
[0107.321] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0107.321] AdjustWindowRectEx (in: lpRect=0xefe000, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0xefe000) returned 1
[0107.321] GetSystemMetrics (nIndex=5) returned 1
[0107.321] GetSystemMetrics (nIndex=6) returned 1
[0107.321] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0107.321] AdjustWindowRectEx (in: lpRect=0xefe000, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0xefe000) returned 1
[0107.382] OleCreatePictureIndirect () returned 0x0
[0107.382] CPicture::QueryInterface () returned 0x0
[0107.382] CPicture::QueryInterface () returned 0x80004002
[0107.383] CPicture::QueryInterface () returned 0x80004002
[0107.383] CPicture::QueryInterface () returned 0x80004002
[0107.383] CPicture::AddRef () returned 0x3
[0107.383] CPicture::QueryInterface () returned 0x80004002
[0107.383] CPicture::QueryInterface () returned 0x80004002
[0107.383] CPicture::QueryInterface () returned 0x0
[0107.383] CPicture::GetUnmarshalClass () returned 0x80004005
[0107.383] Release () returned 0x3
[0107.383] CoGetContextToken (in: pToken=0xefcf80 | out: pToken=0xefcf80) returned 0x0
[0107.383] CObjectContext::QueryInterface () returned 0x0
[0107.383] CObjectContext::GetCurrentApartmentType () returned 0x0
[0107.383] Release () returned 0x0
[0107.383] CoGetObjectContext (in: riid=0x7ffcc9e5a830*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1087e78 | out: ppv=0x1087e78*=0x10550f8) returned 0x0
[0107.686] CoGetContextToken (in: pToken=0xefd400 | out: pToken=0xefd400) returned 0x0
[0107.687] CPicture::QueryInterface () returned 0x80004002
[0107.687] CPicture::Release () returned 0x2
[0107.687] CoGetContextToken (in: pToken=0xefdac0 | out: pToken=0xefdac0) returned 0x0
[0107.687] CoGetContextToken (in: pToken=0xefd9c0 | out: pToken=0xefd9c0) returned 0x0
[0107.687] CPicture::QueryInterface () returned 0x0
[0107.687] CPicture::AddRef () returned 0x4
[0107.687] CPicture::Release () returned 0x3
[0107.687] CPicture::Release () returned 0x2
[0107.687] CoGetContextToken (in: pToken=0xefdc30 | out: pToken=0xefdc30) returned 0x0
[0107.687] CoGetContextToken (in: pToken=0xefdb30 | out: pToken=0xefdb30) returned 0x0
[0107.687] CPicture::QueryInterface () returned 0x0
[0107.687] AddRef () returned 0x4
[0107.687] Release () returned 0x3
[0107.699] CPicture::Load () returned 0x0
[0107.709] CPicture::get_Type () returned 0x0
[0107.709] CPicture::get_Handle () returned 0x0
[0107.710] GetSystemMetrics (nIndex=13) returned 32
[0107.710] GetSystemMetrics (nIndex=14) returned 32
[0107.710] GetIconInfo (in: hIcon=0x2801f1, piconinfo=0x2cee560 | out: piconinfo=0x2cee560) returned 1
[0107.711] GetObjectW (in: h=0x7b05052a, c=32, pv=0x2cee590 | out: pv=0x2cee590) returned 32
[0107.711] DeleteObject (ho=0x7b05052a) returned 1
[0107.712] CopyImage (h=0x2801f1, type=0x2, cx=32, cy=32, flags=0x0) returned 0x117006f
[0107.715] CoGetContextToken (in: pToken=0xefdd90 | out: pToken=0xefdd90) returned 0x0
[0107.715] CPicture::Release () returned 0x2
[0107.715] CPicture::Release () returned 0x1
[0107.715] Release () returned 0x0
[0107.715] IUnknown:Release (This=0x10550f8) returned 0x0
[0107.716] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0xefe0a0) returned 0x0
[0107.716] GdipCreateFont (fontFamily=0x1b679950, emSize=0x7ffcca17da75, style=0, unit=0x3, font=0x2cee6a8) returned 0x0
[0107.716] GdipGetFontSize (font=0x1c8f8170, size=0x2cee6b0) returned 0x0
[0107.717] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0107.718] AdjustWindowRectEx (in: lpRect=0xefe000, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefe000) returned 1
[0107.718] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0107.718] AdjustWindowRectEx (in: lpRect=0xefe000, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefe000) returned 1
[0107.723] GetStockObject (i=5) returned 0x900015
[0107.724] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0107.724] CoTaskMemAlloc (cb=0x5a) returned 0x10ae8e0
[0107.724] RegisterClassW (lpWndClass=0xefdd00) returned 0xc1a3
[0107.725] CoTaskMemFree (pv=0x10ae8e0)
[0107.725] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0107.725] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x302c8
[0107.726] SetWindowLongPtrW (hWnd=0x302c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0107.726] GetWindowLongPtrW (hWnd=0x302c8, nIndex=-4) returned 0x7ffcea425090
[0107.726] SetWindowLongPtrW (hWnd=0x302c8, nIndex=-4, dwNewLong=0x1b7d125c) returned 0x7ffcea425090
[0107.726] GetWindowLongPtrW (hWnd=0x302c8, nIndex=-4) returned 0x1b7d125c
[0107.726] GetWindowLongPtrW (hWnd=0x302c8, nIndex=-16) returned 0x4c00000
[0107.726] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302c8, Msg=0x24, wParam=0x0, lParam=0xefd740) returned 0x0
[0107.726] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302c8, Msg=0x81, wParam=0x0, lParam=0xefd6b0) returned 0x1
[0107.727] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302c8, Msg=0x83, wParam=0x0, lParam=0xefd760) returned 0x0
[0107.728] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302c8, Msg=0x1, wParam=0x0, lParam=0xefd680) returned 0x0
[0107.729] SetTimer (hWnd=0x302c8, nIDEvent=0x1, uElapse=0x64, lpTimerFunc=0x0) returned 0x1
[0107.731] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0107.731] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x19001c
[0107.731] SetWindowLongPtrW (hWnd=0x19001c, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0107.731] GetWindowLongPtrW (hWnd=0x19001c, nIndex=-4) returned 0x7ffcea425090
[0107.731] SetWindowLongPtrW (hWnd=0x19001c, nIndex=-4, dwNewLong=0x1b7d12ac) returned 0x7ffcea425090
[0107.732] GetWindowLongPtrW (hWnd=0x19001c, nIndex=-4) returned 0x1b7d12ac
[0107.732] GetWindowLongPtrW (hWnd=0x19001c, nIndex=-16) returned 0x4c00000
[0107.732] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x19001c, Msg=0x24, wParam=0x0, lParam=0xefd740) returned 0x0
[0107.732] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x19001c, Msg=0x81, wParam=0x0, lParam=0xefd6b0) returned 0x1
[0107.732] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x19001c, Msg=0x83, wParam=0x0, lParam=0xefd760) returned 0x0
[0107.733] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x19001c, Msg=0x1, wParam=0x0, lParam=0xefd680) returned 0x0
[0107.742] SetTimer (hWnd=0x19001c, nIDEvent=0x2, uElapse=0x64, lpTimerFunc=0x0) returned 0x2
[0107.746] GetWindowThreadProcessId (in: hWnd=0x19001c, lpdwProcessId=0xefe020 | out: lpdwProcessId=0xefe020) returned 0x4b0
[0107.746] GetCurrentThreadId () returned 0x4b0
[0107.746] IsWindow (hWnd=0x19001c) returned 1
[0107.746] KillTimer (hWnd=0x19001c, uIDEvent=0x2) returned 1
[0107.746] SetTimer (hWnd=0x19001c, nIDEvent=0x3, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x3
[0107.747] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0107.747] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x1502b8
[0107.747] SetWindowLongPtrW (hWnd=0x1502b8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0107.748] GetWindowLongPtrW (hWnd=0x1502b8, nIndex=-4) returned 0x7ffcea425090
[0107.748] SetWindowLongPtrW (hWnd=0x1502b8, nIndex=-4, dwNewLong=0x1b7d12fc) returned 0x7ffcea425090
[0107.748] GetWindowLongPtrW (hWnd=0x1502b8, nIndex=-4) returned 0x1b7d12fc
[0107.748] GetWindowLongPtrW (hWnd=0x1502b8, nIndex=-16) returned 0x4c00000
[0107.748] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1502b8, Msg=0x24, wParam=0x0, lParam=0xefd740) returned 0x0
[0107.748] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1502b8, Msg=0x81, wParam=0x0, lParam=0xefd6b0) returned 0x1
[0107.750] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1502b8, Msg=0x83, wParam=0x0, lParam=0xefd760) returned 0x0
[0107.750] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1502b8, Msg=0x1, wParam=0x0, lParam=0xefd680) returned 0x0
[0107.751] SetTimer (hWnd=0x1502b8, nIDEvent=0x4, uElapse=0x64, lpTimerFunc=0x0) returned 0x4
[0107.751] GetWindowThreadProcessId (in: hWnd=0x1502b8, lpdwProcessId=0xefe020 | out: lpdwProcessId=0xefe020) returned 0x4b0
[0107.751] GetCurrentThreadId () returned 0x4b0
[0107.751] IsWindow (hWnd=0x1502b8) returned 1
[0107.751] KillTimer (hWnd=0x1502b8, uIDEvent=0x4) returned 1
[0107.751] SetTimer (hWnd=0x1502b8, nIDEvent=0x5, uElapse=0x6ddd00, lpTimerFunc=0x0) returned 0x5
[0107.763] GdipLoadImageFromStream (stream=0x12cff20, image=0xefd660) returned 0x0
[0107.773] GdipImageForceValidation (image=0x1c8f81b0) returned 0x0
[0107.851] GdipGetImageType (image=0x1c8f81b0, type=0xefd658) returned 0x0
[0107.851] GdipGetImageRawFormat (image=0x1c8f81b0, format=0xefd550*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0
[0107.863] GdipGetImageFlags (image=0x1c8f81b0, flags=0xefe0d8) returned 0x0
[0107.864] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0107.864] AdjustWindowRectEx (in: lpRect=0xefe060, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0xefe060) returned 1
[0107.864] GetSystemMetrics (nIndex=59) returned 1460
[0107.864] GetSystemMetrics (nIndex=60) returned 920
[0107.864] GetSystemMetrics (nIndex=34) returned 136
[0107.864] GetSystemMetrics (nIndex=35) returned 39
[0107.865] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0107.865] AdjustWindowRectEx (in: lpRect=0xefde20, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0xefde20) returned 1
[0107.867] GetCurrentThreadId () returned 0x4b0
[0107.867] GetCurrentThreadId () returned 0x4b0
[0107.871] GetCurrentThreadId () returned 0x4b0
[0107.871] GetCurrentThreadId () returned 0x4b0
[0107.871] GetCurrentThreadId () returned 0x4b0
[0107.871] GetCurrentThreadId () returned 0x4b0
[0108.157] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.158] AdjustWindowRectEx (in: lpRect=0xefdd70, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdd70) returned 1
[0108.166] GdipGetFamilyName (in: family=0x1b679950, name=0xefdaa0, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0108.168] CreateCompatibleDC (hdc=0x0) returned 0xffffffff8c0107c3
[0108.170] GetCurrentObject (hdc=0xffffffff8c0107c3, type=0x1) returned 0xb00017
[0108.171] GetCurrentObject (hdc=0xffffffff8c0107c3, type=0x2) returned 0x900010
[0108.171] GetCurrentObject (hdc=0xffffffff8c0107c3, type=0x7) returned 0x85000f
[0108.171] GetCurrentObject (hdc=0xffffffff8c0107c3, type=0x6) returned 0x8a01c2
[0108.174] SaveDC (hdc=0xffffffff8c0107c3) returned 1
[0108.177] GetDeviceCaps (hdc=0xffffffff8c0107c3, index=90) returned 96
[0108.178] CoTaskMemAlloc (cb=0x5c) returned 0x10aecd0
[0108.179] CreateFontIndirectW (lplf=0x10aecd0) returned 0x660a07c2
[0108.179] CoTaskMemFree (pv=0x10aecd0)
[0108.179] GetObjectW (in: h=0x660a07c2, c=92, pv=0xefda60 | out: pv=0xefda60) returned 92
[0108.186] GetCurrentObject (hdc=0xffffffff8c0107c3, type=0x6) returned 0x8a01c2
[0108.186] GetObjectW (in: h=0x8a01c2, c=92, pv=0xefd880 | out: pv=0xefd880) returned 92
[0108.190] SelectObject (hdc=0xffffffff8c0107c3, h=0x660a07c2) returned 0x8a01c2
[0108.192] GetMapMode (hdc=0xffffffff8c0107c3) returned 1
[0108.192] GetTextMetricsW (in: hdc=0xffffffff8c0107c3, lptm=0xefdad0 | out: lptm=0xefdad0) returned 1
[0108.256] DrawTextExW (in: hdc=0xffffffff8c0107c3, lpchText="If you do not pay by a certain time or turn off the\r\ncomputer, all your data will be permanently\r\ndeleted and your computer will not turn on \r\nproperly.", cchText=152, lprc=0xefdcd8, format=0x2400, lpdtp=0x2d016e8 | out: lpchText="If you do not pay by a certain time or turn off the\r\ncomputer, all your data will be permanently\r\ndeleted and your computer will not turn on \r\nproperly.", lprc=0xefdcd8) returned 60
[0108.350] GetCurrentThreadId () returned 0x4b0
[0108.350] GetCurrentThreadId () returned 0x4b0
[0108.350] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.350] AdjustWindowRectEx (in: lpRect=0xefdd70, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdd70) returned 1
[0108.350] GdipGetFamilyName (in: family=0x1b673910, name=0xefdaa0, language=0x409 | out: name="Arial Black") returned 0x0
[0108.351] GetDeviceCaps (hdc=0xffffffff8c0107c3, index=90) returned 96
[0108.351] CoTaskMemAlloc (cb=0x5c) returned 0x10aef00
[0108.351] CreateFontIndirectW (lplf=0x10aef00) returned 0xffffffff8d0a0513
[0108.351] CoTaskMemFree (pv=0x10aef00)
[0108.351] GetObjectW (in: h=0xffffffff8d0a0513, c=92, pv=0xefda60 | out: pv=0xefda60) returned 92
[0108.351] SelectObject (hdc=0xffffffff8c0107c3, h=0xffffffff8d0a0513) returned 0x660a07c2
[0108.351] GetMapMode (hdc=0xffffffff8c0107c3) returned 1
[0108.351] GetTextMetricsW (in: hdc=0xffffffff8c0107c3, lptm=0xefdad0 | out: lptm=0xefdad0) returned 1
[0108.354] DrawTextExW (in: hdc=0xffffffff8c0107c3, lpchText="\r\nWhat happens if I don't pay?\r\n", cchText=32, lprc=0xefdcd8, format=0x2400, lpdtp=0x2d01b18 | out: lpchText="\r\nWhat happens if I don't pay?\r\n", lprc=0xefdcd8) returned 30
[0108.422] GetCurrentThreadId () returned 0x4b0
[0108.422] GetCurrentThreadId () returned 0x4b0
[0108.422] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.422] AdjustWindowRectEx (in: lpRect=0xefdd70, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdd70) returned 1
[0108.424] SelectObject (hdc=0xffffffff8c0107c3, h=0x660a07c2) returned 0xffffffff8d0a0513
[0108.424] DrawTextExW (in: hdc=0xffffffff8c0107c3, lpchText="All your files, documents, videos, pictures and\r\nother files have been encrypted with a special\r\nalgorithm. \r\nIf you want the files back, you have to send the\r\npaysafecard code to the email \r\n\"ransom.izi.crypt@gmail.com\". \r\nAfter sending the amount of 50 euros, you will \r\nreceive a decrypt code to unlock all files.\r\n", cchText=318, lprc=0xefdcd8, format=0x2400, lpdtp=0x2d01dc8 | out: lpchText="All your files, documents, videos, pictures and\r\nother files have been encrypted with a special\r\nalgorithm. \r\nIf you want the files back, you have to send the\r\npaysafecard code to the email \r\n\"ransom.izi.crypt@gmail.com\". \r\nAfter sending the amount of 50 euros, you will \r\nreceive a decrypt code to unlock all files.\r\n", lprc=0xefdcd8) returned 120
[0108.426] GetCurrentThreadId () returned 0x4b0
[0108.426] GetCurrentThreadId () returned 0x4b0
[0108.426] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.426] AdjustWindowRectEx (in: lpRect=0xefdd70, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdd70) returned 1
[0108.426] SelectObject (hdc=0xffffffff8c0107c3, h=0xffffffff8d0a0513) returned 0x660a07c2
[0108.426] DrawTextExW (in: hdc=0xffffffff8c0107c3, lpchText="What happened?", cchText=14, lprc=0xefdcd8, format=0x2400, lpdtp=0x2d02040 | out: lpchText="What happened?", lprc=0xefdcd8) returned 15
[0108.426] GetCurrentThreadId () returned 0x4b0
[0108.426] GetCurrentThreadId () returned 0x4b0
[0108.427] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.427] AdjustWindowRectEx (in: lpRect=0xefdd70, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdd70) returned 1
[0108.427] GdipGetFamilyName (in: family=0x1b673590, name=0xefdaa0, language=0x409 | out: name="Arial") returned 0x0
[0108.427] GetDeviceCaps (hdc=0xffffffff8c0107c3, index=90) returned 96
[0108.427] CoTaskMemAlloc (cb=0x5c) returned 0x10ae5d0
[0108.427] CreateFontIndirectW (lplf=0x10ae5d0) returned 0x480a077f
[0108.427] CoTaskMemFree (pv=0x10ae5d0)
[0108.427] GetObjectW (in: h=0x480a077f, c=92, pv=0xefda60 | out: pv=0xefda60) returned 92
[0108.427] SelectObject (hdc=0xffffffff8c0107c3, h=0x480a077f) returned 0xffffffff8d0a0513
[0108.428] GetMapMode (hdc=0xffffffff8c0107c3) returned 1
[0108.428] GetTextMetricsW (in: hdc=0xffffffff8c0107c3, lptm=0xefdad0 | out: lptm=0xefdad0) returned 1
[0108.434] DrawTextExW (in: hdc=0xffffffff8c0107c3, lpchText="00:00:00", cchText=8, lprc=0xefdcd8, format=0x2400, lpdtp=0x2d024a0 | out: lpchText="00:00:00", lprc=0xefdcd8) returned 37
[0108.575] GetCurrentThreadId () returned 0x4b0
[0108.575] GetCurrentThreadId () returned 0x4b0
[0108.577] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.578] AdjustWindowRectEx (in: lpRect=0xefde50, dwStyle=0x2010000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0xefde50) returned 1
[0108.578] AdjustWindowRectEx (in: lpRect=0xefdfd0, dwStyle=0x2010000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0xefdfd0) returned 1
[0108.578] GetSystemMetrics (nIndex=59) returned 1460
[0108.578] GetSystemMetrics (nIndex=60) returned 920
[0108.578] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.579] AdjustWindowRectEx (in: lpRect=0xefdc00, dwStyle=0x2010000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0xefdc00) returned 1
[0108.579] AdjustWindowRectEx (in: lpRect=0xefdd90, dwStyle=0x2010000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0xefdd90) returned 1
[0108.587] CreateCompatibleDC (hdc=0x0) returned 0xffffffff8b010536
[0108.589] GetDC (hWnd=0x0) returned 0xd0104fe
[0108.589] GdipCreateFromHDC (hdc=0xd0104fe, graphics=0xefdca8) returned 0x0
[0108.590] CoTaskMemAlloc (cb=0x5c) returned 0x10aebf0
[0108.590] GdipGetLogFontW (font=0x1b67ebe0, graphics=0x1c8f89c0, logfontW=0x10aebf0) returned 0x0
[0108.591] CoTaskMemFree (pv=0x10aebf0)
[0108.591] CoTaskMemAlloc (cb=0x5c) returned 0x10aec60
[0108.591] CoTaskMemFree (pv=0x10aec60)
[0108.592] CoTaskMemAlloc (cb=0x5c) returned 0x10ae090
[0108.592] CoTaskMemFree (pv=0x10ae090)
[0108.592] GdipDeleteGraphics (graphics=0x1c8f89c0) returned 0x0
[0108.592] ReleaseDC (hWnd=0x0, hDC=0xd0104fe) returned 1
[0108.593] CoTaskMemAlloc (cb=0x5c) returned 0x10ae870
[0108.594] CreateFontIndirectW (lplf=0x10ae870) returned 0x70a07cd
[0108.594] CoTaskMemFree (pv=0x10ae870)
[0108.595] SelectObject (hdc=0xffffffff8b010536, h=0x70a07cd) returned 0x8a01c2
[0108.595] GetTextMetricsW (in: hdc=0xffffffff8b010536, lptm=0xefdf28 | out: lptm=0xefdf28) returned 1
[0108.595] GetTextExtentPoint32W (in: hdc=0xffffffff8b010536, lpString="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c=52, psizl=0x2d031d8 | out: psizl=0x2d031d8) returned 1
[0108.597] SelectObject (hdc=0xffffffff8b010536, h=0x8a01c2) returned 0x70a07cd
[0108.598] DeleteDC (hdc=0xffffffff8b010536) returned 1
[0108.598] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.598] AdjustWindowRectEx (in: lpRect=0xefdb80, dwStyle=0x2010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0xefdb80) returned 1
[0108.599] GetCursorPos (in: lpPoint=0x2d03210 | out: lpPoint=0x2d03210*(x=292, y=67)) returned 1
[0108.599] GetSystemMetrics (nIndex=80) returned 1
[0108.601] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xefd930 | out: lpmi=0xefd930) returned 1
[0108.601] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0xffffffff8d010536
[0108.605] GetDeviceCaps (hdc=0xffffffff8d010536, index=12) returned 32
[0108.605] GetDeviceCaps (hdc=0xffffffff8d010536, index=14) returned 1
[0108.605] DeleteDC (hdc=0xffffffff8d010536) returned 1
[0108.605] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xefda00 | out: lpmi=0xefda00) returned 1
[0108.605] AdjustWindowRectEx (in: lpRect=0xefde00, dwStyle=0x2010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0xefde00) returned 1
[0108.605] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.606] AdjustWindowRectEx (in: lpRect=0xefda70, dwStyle=0x2010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0xefda70) returned 1
[0108.606] GetCursorPos (in: lpPoint=0x2d03678 | out: lpPoint=0x2d03678*(x=292, y=67)) returned 1
[0108.606] MonitorFromPoint (pt=0x4000000125, dwFlags=0x2) returned 0x10001
[0108.606] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xefd820 | out: lpmi=0xefd820) returned 1
[0108.606] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0xffffffff8e010536
[0108.606] GetDeviceCaps (hdc=0xffffffff8e010536, index=12) returned 32
[0108.606] GetDeviceCaps (hdc=0xffffffff8e010536, index=14) returned 1
[0108.606] DeleteDC (hdc=0xffffffff8e010536) returned 1
[0108.606] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xefd8f0 | out: lpmi=0xefd8f0) returned 1
[0108.607] AdjustWindowRectEx (in: lpRect=0xefdbf0, dwStyle=0x2010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0xefdbf0) returned 1
[0108.607] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.607] AdjustWindowRectEx (in: lpRect=0xefde10, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefde10) returned 1
[0108.608] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.608] AdjustWindowRectEx (in: lpRect=0xefdc60, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdc60) returned 1
[0108.663] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.664] AdjustWindowRectEx (in: lpRect=0xefde10, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0xefde10) returned 1
[0108.664] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.664] AdjustWindowRectEx (in: lpRect=0xefdc60, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0xefdc60) returned 1
[0108.664] GetSystemMetrics (nIndex=5) returned 1
[0108.664] GetSystemMetrics (nIndex=6) returned 1
[0108.664] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.664] AdjustWindowRectEx (in: lpRect=0xefde10, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefde10) returned 1
[0108.664] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.664] AdjustWindowRectEx (in: lpRect=0xefdc60, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdc60) returned 1
[0108.664] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.665] AdjustWindowRectEx (in: lpRect=0xefda10, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefda10) returned 1
[0108.665] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.665] AdjustWindowRectEx (in: lpRect=0xefde10, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefde10) returned 1
[0108.665] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.665] AdjustWindowRectEx (in: lpRect=0xefdc60, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdc60) returned 1
[0108.665] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.665] AdjustWindowRectEx (in: lpRect=0xefda10, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefda10) returned 1
[0108.665] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.665] AdjustWindowRectEx (in: lpRect=0xefde10, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefde10) returned 1
[0108.666] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.666] AdjustWindowRectEx (in: lpRect=0xefdc60, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdc60) returned 1
[0108.666] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.666] AdjustWindowRectEx (in: lpRect=0xefda10, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefda10) returned 1
[0108.666] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.666] AdjustWindowRectEx (in: lpRect=0xefde10, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefde10) returned 1
[0108.666] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.666] AdjustWindowRectEx (in: lpRect=0xefdc60, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdc60) returned 1
[0108.666] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.666] AdjustWindowRectEx (in: lpRect=0xefda10, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefda10) returned 1
[0108.667] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.667] AdjustWindowRectEx (in: lpRect=0xefde10, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefde10) returned 1
[0108.667] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.667] AdjustWindowRectEx (in: lpRect=0xefdc60, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdc60) returned 1
[0108.667] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.667] AdjustWindowRectEx (in: lpRect=0xefda10, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefda10) returned 1
[0108.667] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.667] AdjustWindowRectEx (in: lpRect=0xefde10, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefde10) returned 1
[0108.667] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.668] AdjustWindowRectEx (in: lpRect=0xefdc60, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdc60) returned 1
[0108.679] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcc6370000
[0108.679] AdjustWindowRectEx (in: lpRect=0xefe5a0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefe5a0) returned 1
[0108.679] DrawTextExW (in: hdc=0xffffffff8c0107c3, lpchText="02:00:00", cchText=8, lprc=0xefe508, format=0x2400, lpdtp=0x2d04178 | out: lpchText="02:00:00", lprc=0xefe508) returned 37
[0108.681] GetCurrentActCtx (in: lphActCtx=0xefe890 | out: lphActCtx=0xefe890*=0x0) returned 1
[0108.681] ActivateActCtx (in: hActCtx=0x106cd18, lpCookie=0xefe8d0 | out: hActCtx=0x106cd18, lpCookie=0xefe8d0) returned 1
[0108.682] GetCurrentActCtx (in: lphActCtx=0xefe530 | out: lphActCtx=0xefe530*=0x106cd18) returned 1
[0108.682] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0108.682] AdjustWindowRectEx (in: lpRect=0xefe450, dwStyle=0x2010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0xefe450) returned 1
[0108.682] GetCursorPos (in: lpPoint=0x2d042f0 | out: lpPoint=0x2d042f0*(x=292, y=67)) returned 1
[0108.683] MonitorFromPoint (pt=0x4300000124, dwFlags=0x2) returned 0x10001
[0108.683] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xefe200 | out: lpmi=0xefe200) returned 1
[0108.683] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0xffffffff8f010536
[0108.683] GetDeviceCaps (hdc=0xffffffff8f010536, index=12) returned 32
[0108.683] GetDeviceCaps (hdc=0xffffffff8f010536, index=14) returned 1
[0108.683] DeleteDC (hdc=0xffffffff8f010536) returned 1
[0108.683] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xefe2d0 | out: lpmi=0xefe2d0) returned 1
[0108.683] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0108.683] CreateWindowExW (dwExStyle=0x10000, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r6_ad1", lpWindowName="Worm Locker 2.0", dwStyle=0x2010000, X=360, Y=155, nWidth=720, nHeight=550, hWndParent=0x0, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x502b4
[0108.684] SetWindowLongPtrW (hWnd=0x502b4, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d086c
[0108.685] GetWindowLongPtrW (hWnd=0x502b4, nIndex=-4) returned 0x7ffcea425090
[0108.685] SetWindowLongPtrW (hWnd=0x502b4, nIndex=-4, dwNewLong=0x1b7d134c) returned 0x7ffcea425090
[0108.685] GetWindowLongPtrW (hWnd=0x502b4, nIndex=-4) returned 0x1b7d134c
[0108.685] GetWindowLongPtrW (hWnd=0x502b4, nIndex=-16) returned 0x6c10000
[0108.685] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x81, wParam=0x0, lParam=0xefdbd0) returned 0x1
[0108.686] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x83, wParam=0x0, lParam=0xefdc80) returned 0x0
[0108.687] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x1, wParam=0x0, lParam=0xefdba0) returned 0x0
[0108.687] GetClientRect (in: hWnd=0x502b4, lpRect=0xefd580 | out: lpRect=0xefd580) returned 1
[0108.687] GetWindowRect (in: hWnd=0x502b4, lpRect=0xefd580 | out: lpRect=0xefd580) returned 1
[0108.687] InvalidateRect (hWnd=0x502b4, lpRect=0x0, bErase=1) returned 1
[0108.689] SetWindowTextW (hWnd=0x502b4, lpString="Worm Locker 2.0") returned 1
[0108.689] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xc, wParam=0x0, lParam=0x2ca307c) returned 0x1
[0108.691] GetStartupInfoW (in: lpStartupInfo=0x2d04908 | out: lpStartupInfo=0x2d04908*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\WormLocker2.0.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0))
[0108.693] GetParent (hWnd=0x502b4) returned 0x0
[0108.694] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0108.694] CreateWindowExW (dwExStyle=0x80, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x702b6
[0108.695] SetWindowLongPtrW (hWnd=0x702b6, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0108.695] GetWindowLongPtrW (hWnd=0x702b6, nIndex=-4) returned 0x7ffcea425090
[0108.695] SetWindowLongPtrW (hWnd=0x702b6, nIndex=-4, dwNewLong=0x1b7d139c) returned 0x7ffcea425090
[0108.695] GetWindowLongPtrW (hWnd=0x702b6, nIndex=-4) returned 0x1b7d139c
[0108.695] GetWindowLongPtrW (hWnd=0x702b6, nIndex=-16) returned 0x4c00000
[0108.695] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x702b6, Msg=0x24, wParam=0x0, lParam=0xefdc60) returned 0x0
[0108.695] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x702b6, Msg=0x81, wParam=0x0, lParam=0xefdbd0) returned 0x1
[0108.696] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x702b6, Msg=0x83, wParam=0x0, lParam=0xefdc80) returned 0x0
[0108.696] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x702b6, Msg=0x1, wParam=0x0, lParam=0xefdbd0) returned 0x0
[0108.697] SetWindowLongPtrW (hWnd=0x502b4, nIndex=-8, dwNewLong=0x702b6) returned 0x0
[0108.699] SendMessageW (hWnd=0x502b4, Msg=0x80, wParam=0x0, lParam=0x0) returned 0x0
[0108.699] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x80, wParam=0x0, lParam=0x0) returned 0x0
[0108.699] SendMessageW (hWnd=0x502b4, Msg=0x80, wParam=0x1, lParam=0x0) returned 0x0
[0108.699] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x80, wParam=0x1, lParam=0x0) returned 0x0
[0108.699] GetSystemMenu (hWnd=0x502b4, bRevert=0) returned 0x0
[0108.700] GetWindowPlacement (in: hWnd=0x502b4, lpwndpl=0xefe530 | out: lpwndpl=0xefe530) returned 1
[0108.700] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf020, uEnable=0x1) returned 1
[0108.700] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf030, uEnable=0x1) returned 1
[0108.700] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf060, uEnable=0x0) returned 1
[0108.700] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf120, uEnable=0x1) returned 1
[0108.700] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf000, uEnable=0x1) returned 1
[0108.700] GetClientRect (in: hWnd=0x502b4, lpRect=0xefe600 | out: lpRect=0xefe600) returned 1
[0108.700] GetClientRect (in: hWnd=0x502b4, lpRect=0xefe520 | out: lpRect=0xefe520) returned 1
[0108.700] GetWindowRect (in: hWnd=0x502b4, lpRect=0xefe520 | out: lpRect=0xefe520) returned 1
[0108.700] SetWindowLongPtrW (hWnd=0x502b4, nIndex=-8, dwNewLong=0x702b6) returned 0x702b6
[0108.704] GetSystemMetrics (nIndex=11) returned 32
[0108.704] GetSystemMetrics (nIndex=12) returned 32
[0108.704] GetDC (hWnd=0x0) returned 0x60100ce
[0108.704] GetDeviceCaps (hdc=0x60100ce, index=12) returned 32
[0108.704] GetDeviceCaps (hdc=0x60100ce, index=14) returned 1
[0108.704] ReleaseDC (hWnd=0x0, hDC=0x60100ce) returned 1
[0108.705] CreateIconFromResourceEx (presbits=0x2d07600, dwResSize=0x10a8, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x2f02b7
[0108.707] SendMessageW (hWnd=0x702b6, Msg=0x80, wParam=0x1, lParam=0x2f02b7) returned 0x0
[0108.707] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x702b6, Msg=0x80, wParam=0x1, lParam=0x2f02b7) returned 0x0
[0108.709] SetWindowPos (hWnd=0x502b4, hWndInsertAfter=0xffffffffffffffff, X=0, Y=0, cx=0, cy=0, uFlags=0x3) returned 1
[0108.709] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x46, wParam=0x0, lParam=0xefe4c0) returned 0x0
[0108.709] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x702b6, Msg=0x46, wParam=0x0, lParam=0xefe4c0) returned 0x0
[0108.711] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x46, wParam=0x0, lParam=0xefe4c0) returned 0x0
[0108.711] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x702b6, Msg=0x46, wParam=0x0, lParam=0xefe4c0) returned 0x0
[0108.711] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0
[0108.711] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x702b6, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0
[0108.711] NtdllDefWindowProc_W (hWnd=0x9005c, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0
[0108.711] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x86, wParam=0x0, lParam=0x0) returned 0x1
[0108.716] OleInitialize (pvReserved=0x0) returned 0x0
[0108.717] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0xefe008 | out: lplpMessageFilter=0xefe008*=0x0) returned 0x0
[0108.824] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0
[0108.830] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0
[0108.831] GetParent (hWnd=0x502b4) returned 0x0
[0108.831] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0108.833] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x0
[0108.833] GetWindowPlacement (in: hWnd=0x502b4, lpwndpl=0xefdfd0 | out: lpwndpl=0xefdfd0) returned 1
[0108.833] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x47, wParam=0x0, lParam=0xefe4c0) returned 0x0
[0108.833] GetClientRect (in: hWnd=0x502b4, lpRect=0xefde70 | out: lpRect=0xefde70) returned 1
[0108.833] GetWindowRect (in: hWnd=0x502b4, lpRect=0xefde70 | out: lpRect=0xefde70) returned 1
[0108.836] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0108.836] GetWindowLongPtrW (hWnd=0x502b4, nIndex=-16) returned 0x6c10000
[0108.836] GetCursorPos (in: lpPoint=0x2d08ab0 | out: lpPoint=0x2d08ab0*(x=292, y=67)) returned 1
[0108.836] MonitorFromPoint (pt=0x4400000122, dwFlags=0x2) returned 0x10001
[0108.836] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xefe1d0 | out: lpmi=0xefe1d0) returned 1
[0108.836] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x1a0107c7
[0108.837] GetDeviceCaps (hdc=0x1a0107c7, index=12) returned 32
[0108.837] GetDeviceCaps (hdc=0x1a0107c7, index=14) returned 1
[0108.837] DeleteDC (hdc=0x1a0107c7) returned 1
[0108.837] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xefe2a0 | out: lpmi=0xefe2a0) returned 1
[0108.837] GetWindowLongPtrW (hWnd=0x502b4, nIndex=-16) returned 0x6c10000
[0108.837] GetWindowLongPtrW (hWnd=0x502b4, nIndex=-20) returned 0x10108
[0108.837] SetWindowLongPtrW (hWnd=0x502b4, nIndex=-16, dwNewLong=0x2010000) returned 0x6c10000
[0108.837] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x7c, wParam=0xfffffffffffffff0, lParam=0xefe400) returned 0x0
[0108.837] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x7d, wParam=0xfffffffffffffff0, lParam=0xefe400) returned 0x0
[0108.838] SetWindowLongPtrW (hWnd=0x502b4, nIndex=-20, dwNewLong=0x10000) returned 0x10008
[0108.838] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x7c, wParam=0xffffffffffffffec, lParam=0xefe400) returned 0x0
[0108.838] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x7d, wParam=0xffffffffffffffec, lParam=0xefe400) returned 0x0
[0108.838] SetWindowPos (hWnd=0x502b4, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1
[0108.838] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x46, wParam=0x0, lParam=0xefe460) returned 0x0
[0108.838] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x83, wParam=0x1, lParam=0xefe430) returned 0x0
[0108.840] GetWindowPlacement (in: hWnd=0x502b4, lpwndpl=0xefdf70 | out: lpwndpl=0xefdf70) returned 1
[0108.840] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x47, wParam=0x0, lParam=0xefe460) returned 0x0
[0108.840] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x3, wParam=0x0, lParam=0x9b0168) returned 0x0
[0108.840] GetClientRect (in: hWnd=0x502b4, lpRect=0xefd2c0 | out: lpRect=0xefd2c0) returned 1
[0108.840] GetWindowRect (in: hWnd=0x502b4, lpRect=0xefd2c0 | out: lpRect=0xefd2c0) returned 1
[0108.840] InvalidateRect (hWnd=0x502b4, lpRect=0x0, bErase=1) returned 1
[0108.840] GetWindowTextLengthW (hWnd=0x502b4) returned 15
[0108.840] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xf
[0108.840] GetSystemMetrics (nIndex=42) returned 0
[0108.841] GetWindowTextW (in: hWnd=0x502b4, lpString=0xefcf00, nMaxCount=16 | out: lpString="Worm Locker 2.0") returned 15
[0108.841] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xd, wParam=0x10, lParam=0xefcf00) returned 0xf
[0108.841] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x5, wParam=0x0, lParam=0x22602d0) returned 0x0
[0108.841] GetClientRect (in: hWnd=0x502b4, lpRect=0xefde10 | out: lpRect=0xefde10) returned 1
[0108.841] GetWindowRect (in: hWnd=0x502b4, lpRect=0xefde10 | out: lpRect=0xefde10) returned 1
[0108.841] RedrawWindow (hWnd=0x502b4, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1
[0108.841] GetSystemMenu (hWnd=0x502b4, bRevert=0) returned 0x0
[0108.841] GetWindowPlacement (in: hWnd=0x502b4, lpwndpl=0xefe4d0 | out: lpwndpl=0xefe4d0) returned 1
[0108.841] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf020, uEnable=0x1) returned 1
[0108.841] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf030, uEnable=0x1) returned 1
[0108.841] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf060, uEnable=0x0) returned 1
[0108.841] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf120, uEnable=0x1) returned 1
[0108.841] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf000, uEnable=0x1) returned 1
[0108.842] ShowWindow (hWnd=0x502b4, nCmdShow=5) returned 0
[0108.842] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0108.843] GetCurrentActCtx (in: lphActCtx=0xefde80 | out: lphActCtx=0xefde80*=0x106cd18) returned 1
[0108.843] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0108.844] GetClassInfoW (in: hInstance=0x0, lpClassName="BUTTON", lpWndClass=0x2d09058 | out: lpWndClass=0x2d09058) returned 1
[0108.845] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0108.845] CoTaskMemAlloc (cb=0x56) returned 0x1071b80
[0108.845] RegisterClassW (lpWndClass=0xefdb70) returned 0xc19c
[0108.845] CoTaskMemFree (pv=0x1071b80)
[0108.846] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0108.846] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.BUTTON.app.0.141b42a_r6_ad1", lpWindowName="DECRYPT", dwStyle=0x5601000b, X=297, Y=477, nWidth=141, nHeight=34, hWndParent=0x502b4, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x202d4
[0108.846] SetWindowLongPtrW (hWnd=0x202d4, nIndex=-4, dwNewLong=0x7ffcdf0d4630) returned 0x1b7d13ec
[0108.846] GetWindowLongPtrW (hWnd=0x202d4, nIndex=-4) returned 0x7ffcdf0d4630
[0108.846] SetWindowLongPtrW (hWnd=0x202d4, nIndex=-4, dwNewLong=0x1b7d143c) returned 0x7ffcdf0d4630
[0108.846] GetWindowLongPtrW (hWnd=0x202d4, nIndex=-4) returned 0x1b7d143c
[0108.846] GetWindowLongPtrW (hWnd=0x202d4, nIndex=-16) returned 0x4601000b
[0108.846] GetWindowLongPtrW (hWnd=0x202d4, nIndex=-12) returned 0x0
[0108.846] SetWindowLongPtrW (hWnd=0x202d4, nIndex=-12, dwNewLong=0x202d4) returned 0x0
[0108.847] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x202d4, Msg=0x81, wParam=0x0, lParam=0xefd520) returned 0x1
[0108.847] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x202d4, Msg=0x83, wParam=0x0, lParam=0xefd5d0) returned 0x0
[0108.847] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x202d4, Msg=0x1, wParam=0x0, lParam=0xefd500) returned 0x0
[0108.850] SendMessageW (hWnd=0x202d4, Msg=0x2055, wParam=0x202d4, lParam=0x3) returned 0x2
[0108.851] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x0
[0108.851] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x202d4, Msg=0x127, wParam=0x3, lParam=0x0) returned 0x0
[0108.851] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x127, wParam=0x30001, lParam=0x0) returned 0x0
[0108.851] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0
[0108.851] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x202d4, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0
[0108.852] RedrawWindow (hWnd=0x202d4, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1
[0108.852] RedrawWindow (hWnd=0x502b4, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1
[0108.853] GetWindow (hWnd=0x202d4, uCmd=0x3) returned 0x0
[0108.853] GetClientRect (in: hWnd=0x202d4, lpRect=0xefce70 | out: lpRect=0xefce70) returned 1
[0108.853] GetWindowRect (in: hWnd=0x202d4, lpRect=0xefce70 | out: lpRect=0xefce70) returned 1
[0108.853] GetParent (hWnd=0x202d4) returned 0x502b4
[0108.853] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x502b4, lpPoints=0xefce70, cPoints=0x2 | out: lpPoints=0xefce70) returned -10092904
[0108.854] SetWindowTextW (hWnd=0x202d4, lpString="DECRYPT") returned 1
[0108.854] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x202d4, Msg=0xc, wParam=0x0, lParam=0x2ca2fdc) returned 0x1
[0108.855] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x202d4, Msg=0x5, wParam=0x0, lParam=0x22008d) returned 0x0
[0108.855] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x202d4, Msg=0x3, wParam=0x0, lParam=0x1dd0129) returned 0x0
[0108.855] GetClientRect (in: hWnd=0x202d4, lpRect=0xefcfa0 | out: lpRect=0xefcfa0) returned 1
[0108.855] GetWindowRect (in: hWnd=0x202d4, lpRect=0xefcfa0 | out: lpRect=0xefcfa0) returned 1
[0108.855] GetParent (hWnd=0x202d4) returned 0x502b4
[0108.855] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x502b4, lpPoints=0xefcfa0, cPoints=0x2 | out: lpPoints=0xefcfa0) returned -10092904
[0108.855] SendMessageW (hWnd=0x202d4, Msg=0x2210, wParam=0x2d40001, lParam=0x202d4) returned 0x0
[0108.855] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x202d4, Msg=0x2210, wParam=0x2d40001, lParam=0x202d4) returned 0x0
[0108.855] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x202d4, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0108.855] GetParent (hWnd=0x202d4) returned 0x502b4
[0108.855] GetCurrentActCtx (in: lphActCtx=0xefde40 | out: lphActCtx=0xefde40*=0x106cd18) returned 1
[0108.856] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0108.856] GetClassInfoW (in: hInstance=0x0, lpClassName="EDIT", lpWndClass=0x2d095d0 | out: lpWndClass=0x2d095d0) returned 1
[0108.856] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0108.857] CoTaskMemAlloc (cb=0x52) returned 0x1071b80
[0108.857] RegisterClassW (lpWndClass=0xefdb30) returned 0xc1a2
[0108.857] CoTaskMemFree (pv=0x1071b80)
[0108.857] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0108.857] CreateWindowExW (dwExStyle=0x200, lpClassName="WindowsForms10.EDIT.app.0.141b42a_r6_ad1", lpWindowName=0x0, dwStyle=0x560100c0, X=297, Y=435, nWidth=141, nHeight=35, hWndParent=0x502b4, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x202d2
[0108.857] SetWindowLongPtrW (hWnd=0x202d2, nIndex=-4, dwNewLong=0x7ffcdf0c2450) returned 0x1b7d148c
[0108.857] GetWindowLongPtrW (hWnd=0x202d2, nIndex=-4) returned 0x7ffcdf0c2450
[0108.857] SetWindowLongPtrW (hWnd=0x202d2, nIndex=-4, dwNewLong=0x1b7d14dc) returned 0x7ffcdf0c2450
[0108.858] GetWindowLongPtrW (hWnd=0x202d2, nIndex=-4) returned 0x1b7d14dc
[0108.858] GetWindowLongPtrW (hWnd=0x202d2, nIndex=-16) returned 0x460100c0
[0108.858] GetWindowLongPtrW (hWnd=0x202d2, nIndex=-12) returned 0x0
[0108.858] SetWindowLongPtrW (hWnd=0x202d2, nIndex=-12, dwNewLong=0x202d2) returned 0x0
[0108.858] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0x81, wParam=0x0, lParam=0xefd4e0) returned 0x1
[0108.859] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0x83, wParam=0x0, lParam=0xefd590) returned 0x0
[0108.859] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0x1, wParam=0x0, lParam=0xefd4e0) returned 0x1
[0108.860] SendMessageW (hWnd=0x202d2, Msg=0x2055, wParam=0x202d2, lParam=0x3) returned 0x2
[0108.860] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x3
[0108.861] GetWindow (hWnd=0x202d2, uCmd=0x3) returned 0x202d4
[0108.861] GetClientRect (in: hWnd=0x202d2, lpRect=0xefceb0 | out: lpRect=0xefceb0) returned 1
[0108.861] GetWindowRect (in: hWnd=0x202d2, lpRect=0xefceb0 | out: lpRect=0xefceb0) returned 1
[0108.861] GetParent (hWnd=0x202d2) returned 0x502b4
[0108.861] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x502b4, lpPoints=0xefceb0, cPoints=0x2 | out: lpPoints=0xefceb0) returned -10092904
[0108.861] GetDC (hWnd=0x0) returned 0xd0104fe
[0108.861] GdipCreateFromHDC (hdc=0xd0104fe, graphics=0xefcb68) returned 0x0
[0108.861] CoTaskMemAlloc (cb=0x5c) returned 0x10aea30
[0108.861] GdipGetLogFontW (font=0x1c8f8130, graphics=0x1c8f89c0, logfontW=0x10aea30) returned 0x0
[0108.862] CoTaskMemFree (pv=0x10aea30)
[0108.862] CoTaskMemAlloc (cb=0x5c) returned 0x10aebf0
[0108.862] CoTaskMemFree (pv=0x10aebf0)
[0108.862] CoTaskMemAlloc (cb=0x5c) returned 0x10ae790
[0108.862] CoTaskMemFree (pv=0x10ae790)
[0108.862] GdipDeleteGraphics (graphics=0x1c8f89c0) returned 0x0
[0108.862] ReleaseDC (hWnd=0x0, hDC=0xd0104fe) returned 1
[0108.862] CoTaskMemAlloc (cb=0x5c) returned 0x10ae950
[0108.862] CreateFontIndirectW (lplf=0x10ae950) returned 0x200a07c7
[0108.862] CoTaskMemFree (pv=0x10ae950)
[0108.862] SendMessageW (hWnd=0x202d2, Msg=0x30, wParam=0x200a07c7, lParam=0x0) returned 0x1
[0108.862] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0x30, wParam=0x200a07c7, lParam=0x0) returned 0x1
[0108.867] SendMessageW (hWnd=0x202d2, Msg=0xd3, wParam=0x3, lParam=0x0) returned 0x0
[0108.867] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0xd3, wParam=0x3, lParam=0x0) returned 0x0
[0108.868] GetSystemMetrics (nIndex=5) returned 1
[0108.868] GetSystemMetrics (nIndex=6) returned 1
[0108.868] SendMessageW (hWnd=0x202d2, Msg=0xc5, wParam=0x7fff, lParam=0x0) returned 0x1
[0108.868] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0xc5, wParam=0x7fff, lParam=0x0) returned 0x1
[0108.868] SendMessageW (hWnd=0x202d2, Msg=0xd2, wParam=0x0, lParam=0x0) returned 0x0
[0108.868] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0xd2, wParam=0x0, lParam=0x0) returned 0x0
[0108.868] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0x5, wParam=0x0, lParam=0x1f0089) returned 0x0
[0108.868] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0x3, wParam=0x0, lParam=0x1b5012b) returned 0x0
[0108.868] GetClientRect (in: hWnd=0x202d2, lpRect=0xefcfc0 | out: lpRect=0xefcfc0) returned 1
[0108.868] GetWindowRect (in: hWnd=0x202d2, lpRect=0xefcfc0 | out: lpRect=0xefcfc0) returned 1
[0108.868] GetParent (hWnd=0x202d2) returned 0x502b4
[0108.868] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x502b4, lpPoints=0xefcfc0, cPoints=0x2 | out: lpPoints=0xefcfc0) returned -10092904
[0108.868] SendMessageW (hWnd=0x202d2, Msg=0x2210, wParam=0x2d20001, lParam=0x202d2) returned 0x0
[0108.868] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0x2210, wParam=0x2d20001, lParam=0x202d2) returned 0x0
[0108.869] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0108.869] GetParent (hWnd=0x202d2) returned 0x502b4
[0108.869] GetCurrentActCtx (in: lphActCtx=0xefde80 | out: lphActCtx=0xefde80*=0x106cd18) returned 1
[0108.869] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0108.869] GetClassInfoW (in: hInstance=0x0, lpClassName="STATIC", lpWndClass=0x2d09de8 | out: lpWndClass=0x2d09de8) returned 1
[0108.870] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0108.870] CoTaskMemAlloc (cb=0x56) returned 0x1071b80
[0108.870] RegisterClassW (lpWndClass=0xefdb70) returned 0xc1a4
[0108.870] CoTaskMemFree (pv=0x1071b80)
[0108.870] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0108.870] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r6_ad1", lpWindowName="If you do not pay by a certain time or turn off the\r\ncomputer, all your data will be permanently\r\ndeleted and your computer will not turn on \r\nproperly.", dwStyle=0x5600000d, X=15, Y=448, nWidth=260, nHeight=60, hWndParent=0x502b4, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x202d0
[0108.871] SetWindowLongPtrW (hWnd=0x202d0, nIndex=-4, dwNewLong=0x7ffcdf0cfd70) returned 0x1b7d152c
[0108.871] GetWindowLongPtrW (hWnd=0x202d0, nIndex=-4) returned 0x7ffcdf0cfd70
[0108.871] SetWindowLongPtrW (hWnd=0x202d0, nIndex=-4, dwNewLong=0x1b7d157c) returned 0x7ffcdf0cfd70
[0108.871] GetWindowLongPtrW (hWnd=0x202d0, nIndex=-4) returned 0x1b7d157c
[0108.871] GetWindowLongPtrW (hWnd=0x202d0, nIndex=-16) returned 0x4600000d
[0108.871] GetWindowLongPtrW (hWnd=0x202d0, nIndex=-12) returned 0x0
[0108.871] SetWindowLongPtrW (hWnd=0x202d0, nIndex=-12, dwNewLong=0x202d0) returned 0x0
[0108.871] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202d0, Msg=0x81, wParam=0x0, lParam=0xefd520) returned 0x1
[0108.872] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202d0, Msg=0x83, wParam=0x0, lParam=0xefd5d0) returned 0x0
[0108.872] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202d0, Msg=0x1, wParam=0x0, lParam=0xefd3e0) returned 0x0
[0108.872] GetWindow (hWnd=0x202d0, uCmd=0x3) returned 0x202d2
[0108.872] GetClientRect (in: hWnd=0x202d0, lpRect=0xefcd80 | out: lpRect=0xefcd80) returned 1
[0108.872] GetWindowRect (in: hWnd=0x202d0, lpRect=0xefcd80 | out: lpRect=0xefcd80) returned 1
[0108.872] GetParent (hWnd=0x202d0) returned 0x502b4
[0108.872] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x502b4, lpPoints=0xefcd80, cPoints=0x2 | out: lpPoints=0xefcd80) returned -10092904
[0108.873] SetWindowTextW (hWnd=0x202d0, lpString="If you do not pay by a certain time or turn off the\r\ncomputer, all your data will be permanently\r\ndeleted and your computer will not turn on \r\nproperly.") returned 1
[0108.873] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202d0, Msg=0xc, wParam=0x0, lParam=0x2ca2e5c) returned 0x1
[0108.874] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202d0, Msg=0x5, wParam=0x0, lParam=0x3c0104) returned 0x0
[0108.874] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202d0, Msg=0x3, wParam=0x0, lParam=0x1c0000f) returned 0x0
[0108.874] GetClientRect (in: hWnd=0x202d0, lpRect=0xefcfd0 | out: lpRect=0xefcfd0) returned 1
[0108.874] GetWindowRect (in: hWnd=0x202d0, lpRect=0xefcfd0 | out: lpRect=0xefcfd0) returned 1
[0108.874] GetParent (hWnd=0x202d0) returned 0x502b4
[0108.874] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x502b4, lpPoints=0xefcfd0, cPoints=0x2 | out: lpPoints=0xefcfd0) returned -10092904
[0108.874] SendMessageW (hWnd=0x202d0, Msg=0x2210, wParam=0x2d00001, lParam=0x202d0) returned 0x0
[0108.874] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202d0, Msg=0x2210, wParam=0x2d00001, lParam=0x202d0) returned 0x0
[0108.874] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202d0, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0108.874] GetParent (hWnd=0x202d0) returned 0x502b4
[0108.874] GetCurrentActCtx (in: lphActCtx=0xefde80 | out: lphActCtx=0xefde80*=0x106cd18) returned 1
[0108.874] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0108.875] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0108.875] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r6_ad1", lpWindowName="\r\nWhat happens if I don't pay?\r\n", dwStyle=0x5600000d, X=12, Y=406, nWidth=176, nHeight=30, hWndParent=0x502b4, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x202ce
[0108.875] SetWindowLongPtrW (hWnd=0x202ce, nIndex=-4, dwNewLong=0x7ffcdf0cfd70) returned 0x1b7d152c
[0108.875] GetWindowLongPtrW (hWnd=0x202ce, nIndex=-4) returned 0x7ffcdf0cfd70
[0108.876] SetWindowLongPtrW (hWnd=0x202ce, nIndex=-4, dwNewLong=0x1b7d075c) returned 0x7ffcdf0cfd70
[0108.876] GetWindowLongPtrW (hWnd=0x202ce, nIndex=-4) returned 0x1b7d075c
[0108.876] GetWindowLongPtrW (hWnd=0x202ce, nIndex=-16) returned 0x4600000d
[0108.876] GetWindowLongPtrW (hWnd=0x202ce, nIndex=-12) returned 0x0
[0108.876] SetWindowLongPtrW (hWnd=0x202ce, nIndex=-12, dwNewLong=0x202ce) returned 0x0
[0108.876] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202ce, Msg=0x81, wParam=0x0, lParam=0xefd520) returned 0x1
[0108.877] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202ce, Msg=0x83, wParam=0x0, lParam=0xefd5d0) returned 0x0
[0108.877] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202ce, Msg=0x1, wParam=0x0, lParam=0xefd4d0) returned 0x0
[0108.877] GetWindow (hWnd=0x202ce, uCmd=0x3) returned 0x202d0
[0108.877] GetClientRect (in: hWnd=0x202ce, lpRect=0xefce70 | out: lpRect=0xefce70) returned 1
[0108.878] GetWindowRect (in: hWnd=0x202ce, lpRect=0xefce70 | out: lpRect=0xefce70) returned 1
[0108.878] GetParent (hWnd=0x202ce) returned 0x502b4
[0108.878] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x502b4, lpPoints=0xefce70, cPoints=0x2 | out: lpPoints=0xefce70) returned -10092904
[0108.878] SetWindowTextW (hWnd=0x202ce, lpString="\r\nWhat happens if I don't pay?\r\n") returned 1
[0108.878] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202ce, Msg=0xc, wParam=0x0, lParam=0x2ca2dd4) returned 0x1
[0108.879] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202ce, Msg=0x5, wParam=0x0, lParam=0x1e00b0) returned 0x0
[0108.879] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202ce, Msg=0x3, wParam=0x0, lParam=0x196000c) returned 0x0
[0108.879] GetClientRect (in: hWnd=0x202ce, lpRect=0xefcfd0 | out: lpRect=0xefcfd0) returned 1
[0108.879] GetWindowRect (in: hWnd=0x202ce, lpRect=0xefcfd0 | out: lpRect=0xefcfd0) returned 1
[0108.879] GetParent (hWnd=0x202ce) returned 0x502b4
[0108.879] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x502b4, lpPoints=0xefcfd0, cPoints=0x2 | out: lpPoints=0xefcfd0) returned -10092904
[0108.879] SendMessageW (hWnd=0x202ce, Msg=0x2210, wParam=0x2ce0001, lParam=0x202ce) returned 0x0
[0108.879] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202ce, Msg=0x2210, wParam=0x2ce0001, lParam=0x202ce) returned 0x0
[0108.879] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202ce, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0108.879] GetParent (hWnd=0x202ce) returned 0x502b4
[0108.879] GetCurrentActCtx (in: lphActCtx=0xefde80 | out: lphActCtx=0xefde80*=0x106cd18) returned 1
[0108.879] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0108.880] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0108.880] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r6_ad1", lpWindowName="All your files, documents, videos, pictures and\r\nother files have been encrypted with a special\r\nalgorithm. \r\nIf you want the files back, you have to send the\r\npaysafecard code to the email \r\n\"ransom.izi.crypt@gmail.com\". \r\nAfter sending the amount of 50 euros, you will \r\nreceive a decrypt code to unlock all files.\r\n", dwStyle=0x5600000d, X=15, Y=277, nWidth=256, nHeight=120, hWndParent=0x502b4, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x302cc
[0108.880] SetWindowLongPtrW (hWnd=0x302cc, nIndex=-4, dwNewLong=0x7ffcdf0cfd70) returned 0x1b7d152c
[0108.880] GetWindowLongPtrW (hWnd=0x302cc, nIndex=-4) returned 0x7ffcdf0cfd70
[0108.880] SetWindowLongPtrW (hWnd=0x302cc, nIndex=-4, dwNewLong=0x1b7d3cbc) returned 0x7ffcdf0cfd70
[0108.880] GetWindowLongPtrW (hWnd=0x302cc, nIndex=-4) returned 0x1b7d3cbc
[0108.881] GetWindowLongPtrW (hWnd=0x302cc, nIndex=-16) returned 0x4600000d
[0108.881] GetWindowLongPtrW (hWnd=0x302cc, nIndex=-12) returned 0x0
[0108.881] SetWindowLongPtrW (hWnd=0x302cc, nIndex=-12, dwNewLong=0x302cc) returned 0x0
[0108.881] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x302cc, Msg=0x81, wParam=0x0, lParam=0xefd520) returned 0x1
[0108.882] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x302cc, Msg=0x83, wParam=0x0, lParam=0xefd5d0) returned 0x0
[0108.882] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x302cc, Msg=0x1, wParam=0x0, lParam=0xefd290) returned 0x0
[0108.883] GetWindow (hWnd=0x302cc, uCmd=0x3) returned 0x202ce
[0108.883] GetClientRect (in: hWnd=0x302cc, lpRect=0xefcc30 | out: lpRect=0xefcc30) returned 1
[0108.883] GetWindowRect (in: hWnd=0x302cc, lpRect=0xefcc30 | out: lpRect=0xefcc30) returned 1
[0108.883] GetParent (hWnd=0x302cc) returned 0x502b4
[0108.883] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x502b4, lpPoints=0xefcc30, cPoints=0x2 | out: lpPoints=0xefcc30) returned -10092904
[0108.883] SetWindowTextW (hWnd=0x302cc, lpString="All your files, documents, videos, pictures and\r\nother files have been encrypted with a special\r\nalgorithm. \r\nIf you want the files back, you have to send the\r\npaysafecard code to the email \r\n\"ransom.izi.crypt@gmail.com\". \r\nAfter sending the amount of 50 euros, you will \r\nreceive a decrypt code to unlock all files.\r\n") returned 1
[0108.883] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x302cc, Msg=0xc, wParam=0x0, lParam=0x2cec5bc) returned 0x1
[0108.884] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x302cc, Msg=0x5, wParam=0x0, lParam=0x780100) returned 0x0
[0108.884] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x302cc, Msg=0x3, wParam=0x0, lParam=0x115000f) returned 0x0
[0108.884] GetClientRect (in: hWnd=0x302cc, lpRect=0xefcfd0 | out: lpRect=0xefcfd0) returned 1
[0108.884] GetWindowRect (in: hWnd=0x302cc, lpRect=0xefcfd0 | out: lpRect=0xefcfd0) returned 1
[0108.884] GetParent (hWnd=0x302cc) returned 0x502b4
[0108.884] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x502b4, lpPoints=0xefcfd0, cPoints=0x2 | out: lpPoints=0xefcfd0) returned -10092904
[0108.884] SendMessageW (hWnd=0x302cc, Msg=0x2210, wParam=0x2cc0001, lParam=0x302cc) returned 0x0
[0108.884] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x302cc, Msg=0x2210, wParam=0x2cc0001, lParam=0x302cc) returned 0x0
[0108.884] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x302cc, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0108.884] GetParent (hWnd=0x302cc) returned 0x502b4
[0108.884] GetCurrentActCtx (in: lphActCtx=0xefde80 | out: lphActCtx=0xefde80*=0x106cd18) returned 1
[0108.885] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0108.885] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0108.885] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r6_ad1", lpWindowName="What happened?", dwStyle=0x5600000d, X=12, Y=258, nWidth=104, nHeight=15, hWndParent=0x502b4, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x302c6
[0108.885] SetWindowLongPtrW (hWnd=0x302c6, nIndex=-4, dwNewLong=0x7ffcdf0cfd70) returned 0x1b7d152c
[0108.885] GetWindowLongPtrW (hWnd=0x302c6, nIndex=-4) returned 0x7ffcdf0cfd70
[0108.885] SetWindowLongPtrW (hWnd=0x302c6, nIndex=-4, dwNewLong=0x1b7d3d0c) returned 0x7ffcdf0cfd70
[0108.886] GetWindowLongPtrW (hWnd=0x302c6, nIndex=-4) returned 0x1b7d3d0c
[0108.886] GetWindowLongPtrW (hWnd=0x302c6, nIndex=-16) returned 0x4600000d
[0108.886] GetWindowLongPtrW (hWnd=0x302c6, nIndex=-12) returned 0x0
[0108.886] SetWindowLongPtrW (hWnd=0x302c6, nIndex=-12, dwNewLong=0x302c6) returned 0x0
[0108.886] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x302c6, Msg=0x81, wParam=0x0, lParam=0xefd520) returned 0x1
[0108.886] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x302c6, Msg=0x83, wParam=0x0, lParam=0xefd5d0) returned 0x0
[0108.886] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x302c6, Msg=0x1, wParam=0x0, lParam=0xefd4f0) returned 0x0
[0108.887] GetWindow (hWnd=0x302c6, uCmd=0x3) returned 0x302cc
[0108.887] GetClientRect (in: hWnd=0x302c6, lpRect=0xefce90 | out: lpRect=0xefce90) returned 1
[0108.887] GetWindowRect (in: hWnd=0x302c6, lpRect=0xefce90 | out: lpRect=0xefce90) returned 1
[0108.887] GetParent (hWnd=0x302c6) returned 0x502b4
[0108.887] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x502b4, lpPoints=0xefce90, cPoints=0x2 | out: lpPoints=0xefce90) returned -10092904
[0108.888] SetWindowTextW (hWnd=0x302c6, lpString="What happened?") returned 1
[0108.888] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x302c6, Msg=0xc, wParam=0x0, lParam=0x2ca2cd4) returned 0x1
[0108.888] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x302c6, Msg=0x5, wParam=0x0, lParam=0xf0068) returned 0x0
[0108.888] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x302c6, Msg=0x3, wParam=0x0, lParam=0x102000c) returned 0x0
[0108.888] GetClientRect (in: hWnd=0x302c6, lpRect=0xefcfd0 | out: lpRect=0xefcfd0) returned 1
[0108.888] GetWindowRect (in: hWnd=0x302c6, lpRect=0xefcfd0 | out: lpRect=0xefcfd0) returned 1
[0108.888] GetParent (hWnd=0x302c6) returned 0x502b4
[0108.888] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x502b4, lpPoints=0xefcfd0, cPoints=0x2 | out: lpPoints=0xefcfd0) returned -10092904
[0108.888] SendMessageW (hWnd=0x302c6, Msg=0x2210, wParam=0x2c60001, lParam=0x302c6) returned 0x0
[0108.888] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x302c6, Msg=0x2210, wParam=0x2c60001, lParam=0x302c6) returned 0x0
[0108.888] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x302c6, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0108.889] GetParent (hWnd=0x302c6) returned 0x502b4
[0108.889] GetCurrentActCtx (in: lphActCtx=0xefde80 | out: lphActCtx=0xefde80*=0x106cd18) returned 1
[0108.889] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0108.890] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0108.890] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r6_ad1", lpWindowName="02:00:00", dwStyle=0x5600000d, X=142, Y=210, nWidth=145, nHeight=37, hWndParent=0x502b4, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x702c2
[0108.890] SetWindowLongPtrW (hWnd=0x702c2, nIndex=-4, dwNewLong=0x7ffcdf0cfd70) returned 0x1b7d152c
[0108.890] GetWindowLongPtrW (hWnd=0x702c2, nIndex=-4) returned 0x7ffcdf0cfd70
[0108.890] SetWindowLongPtrW (hWnd=0x702c2, nIndex=-4, dwNewLong=0x1b7d3bcc) returned 0x7ffcdf0cfd70
[0108.890] GetWindowLongPtrW (hWnd=0x702c2, nIndex=-4) returned 0x1b7d3bcc
[0108.890] GetWindowLongPtrW (hWnd=0x702c2, nIndex=-16) returned 0x4600000d
[0108.891] GetWindowLongPtrW (hWnd=0x702c2, nIndex=-12) returned 0x0
[0108.891] SetWindowLongPtrW (hWnd=0x702c2, nIndex=-12, dwNewLong=0x702c2) returned 0x0
[0108.891] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0x81, wParam=0x0, lParam=0xefd520) returned 0x1
[0108.891] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0x83, wParam=0x0, lParam=0xefd5d0) returned 0x0
[0108.891] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0x1, wParam=0x0, lParam=0xefd500) returned 0x0
[0108.892] GetWindow (hWnd=0x702c2, uCmd=0x3) returned 0x302c6
[0108.892] GetClientRect (in: hWnd=0x702c2, lpRect=0xefcea0 | out: lpRect=0xefcea0) returned 1
[0108.892] GetWindowRect (in: hWnd=0x702c2, lpRect=0xefcea0 | out: lpRect=0xefcea0) returned 1
[0108.892] GetParent (hWnd=0x702c2) returned 0x502b4
[0108.892] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x502b4, lpPoints=0xefcea0, cPoints=0x2 | out: lpPoints=0xefcea0) returned -10092904
[0108.893] SetWindowTextW (hWnd=0x702c2, lpString="02:00:00") returned 1
[0108.893] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xc, wParam=0x0, lParam=0x2d0410c) returned 0x1
[0108.893] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0x5, wParam=0x0, lParam=0x250091) returned 0x0
[0108.893] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0x3, wParam=0x0, lParam=0xd2008e) returned 0x0
[0108.893] GetClientRect (in: hWnd=0x702c2, lpRect=0xefcfd0 | out: lpRect=0xefcfd0) returned 1
[0108.893] GetWindowRect (in: hWnd=0x702c2, lpRect=0xefcfd0 | out: lpRect=0xefcfd0) returned 1
[0108.893] GetParent (hWnd=0x702c2) returned 0x502b4
[0108.893] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x502b4, lpPoints=0xefcfd0, cPoints=0x2 | out: lpPoints=0xefcfd0) returned -10092904
[0108.893] SendMessageW (hWnd=0x702c2, Msg=0x2210, wParam=0x2c20001, lParam=0x702c2) returned 0x0
[0108.893] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0x2210, wParam=0x2c20001, lParam=0x702c2) returned 0x0
[0108.893] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0108.894] GetParent (hWnd=0x702c2) returned 0x502b4
[0108.894] GetCurrentActCtx (in: lphActCtx=0xefde80 | out: lphActCtx=0xefde80*=0x106cd18) returned 1
[0108.894] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0108.894] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0108.894] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r6_ad1", lpWindowName=0x0, dwStyle=0x56000000, X=419, Y=53, nWidth=289, nHeight=366, hWndParent=0x502b4, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x102d6
[0108.894] SetWindowLongPtrW (hWnd=0x102d6, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d086c
[0108.894] GetWindowLongPtrW (hWnd=0x102d6, nIndex=-4) returned 0x7ffcea425090
[0108.895] SetWindowLongPtrW (hWnd=0x102d6, nIndex=-4, dwNewLong=0x1b7d3eec) returned 0x7ffcea425090
[0108.895] GetWindowLongPtrW (hWnd=0x102d6, nIndex=-4) returned 0x1b7d3eec
[0108.895] GetWindowLongPtrW (hWnd=0x102d6, nIndex=-16) returned 0x46000000
[0108.895] GetWindowLongPtrW (hWnd=0x102d6, nIndex=-12) returned 0x0
[0108.895] SetWindowLongPtrW (hWnd=0x102d6, nIndex=-12, dwNewLong=0x102d6) returned 0x0
[0108.895] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x102d6, Msg=0x81, wParam=0x0, lParam=0xefd520) returned 0x1
[0108.895] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x102d6, Msg=0x83, wParam=0x0, lParam=0xefd5d0) returned 0x0
[0108.895] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x102d6, Msg=0x1, wParam=0x0, lParam=0xefd520) returned 0x0
[0108.895] GetWindow (hWnd=0x102d6, uCmd=0x3) returned 0x702c2
[0108.895] GetClientRect (in: hWnd=0x102d6, lpRect=0xefcf40 | out: lpRect=0xefcf40) returned 1
[0108.895] GetWindowRect (in: hWnd=0x102d6, lpRect=0xefcf40 | out: lpRect=0xefcf40) returned 1
[0108.895] GetParent (hWnd=0x102d6) returned 0x502b4
[0108.895] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x502b4, lpPoints=0xefcf40, cPoints=0x2 | out: lpPoints=0xefcf40) returned -10092904
[0108.896] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x102d6, Msg=0x5, wParam=0x0, lParam=0x16e0121) returned 0x0
[0108.896] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x102d6, Msg=0x3, wParam=0x0, lParam=0x3501a3) returned 0x0
[0108.896] GetClientRect (in: hWnd=0x102d6, lpRect=0xefd050 | out: lpRect=0xefd050) returned 1
[0108.897] GetWindowRect (in: hWnd=0x102d6, lpRect=0xefd050 | out: lpRect=0xefd050) returned 1
[0108.897] GetParent (hWnd=0x102d6) returned 0x502b4
[0108.897] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x502b4, lpPoints=0xefd050, cPoints=0x2 | out: lpPoints=0xefd050) returned -10092904
[0108.897] SendMessageW (hWnd=0x102d6, Msg=0x2210, wParam=0x2d60001, lParam=0x102d6) returned 0x0
[0108.897] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x102d6, Msg=0x2210, wParam=0x2d60001, lParam=0x102d6) returned 0x0
[0108.897] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x102d6, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0108.897] GetParent (hWnd=0x102d6) returned 0x502b4
[0108.897] GetWindowTextLengthW (hWnd=0x502b4) returned 15
[0108.897] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xf
[0108.897] GetSystemMetrics (nIndex=42) returned 0
[0108.897] GetWindowTextW (in: hWnd=0x502b4, lpString=0xefdde0, nMaxCount=16 | out: lpString="Worm Locker 2.0") returned 15
[0108.898] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xd, wParam=0x10, lParam=0xefdde0) returned 0xf
[0109.060] CoTaskMemAlloc (cb=0x20c) returned 0x1085c50
[0109.060] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1085c50 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0109.106] CoTaskMemFree (pv=0x1085c50)
[0109.106] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefd730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0109.111] CoTaskMemAlloc (cb=0x280) returned 0x1db3dc00
[0109.111] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db3dc00, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0109.111] CoTaskMemFree (pv=0x1db3dc00)
[0109.124] SetWindowPos (hWnd=0x502b4, hWndInsertAfter=0x0, X=-1000, Y=-1000, cx=720, cy=550, uFlags=0x15) returned 1
[0109.124] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x46, wParam=0x0, lParam=0xefdb80) returned 0x0
[0109.128] GetWindowPlacement (in: hWnd=0x502b4, lpwndpl=0xefd690 | out: lpwndpl=0xefd690) returned 1
[0109.128] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x47, wParam=0x0, lParam=0xefdb80) returned 0x0
[0109.128] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x3, wParam=0x0, lParam=0xfc18fc18) returned 0x0
[0109.128] GetClientRect (in: hWnd=0x502b4, lpRect=0xefc9e0 | out: lpRect=0xefc9e0) returned 1
[0109.128] GetWindowRect (in: hWnd=0x502b4, lpRect=0xefc9e0 | out: lpRect=0xefc9e0) returned 1
[0109.128] GetClientRect (in: hWnd=0x502b4, lpRect=0xefd530 | out: lpRect=0xefd530) returned 1
[0109.128] GetWindowRect (in: hWnd=0x502b4, lpRect=0xefd530 | out: lpRect=0xefd530) returned 1
[0109.132] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", ulOptions=0x0, samDesired=0x2001f, phkResult=0xefdcf8 | out: phkResult=0xefdcf8*=0x3ec) returned 0x0
[0109.134] RegQueryValueExW (in: hKey=0x3ec, lpValueName="Shell", lpReserved=0x0, lpType=0xefde08, lpData=0x0, lpcbData=0xefde00*=0x0 | out: lpType=0xefde08*=0x1, lpData=0x0, lpcbData=0xefde00*=0x1a) returned 0x0
[0109.134] RegSetValueExW (in: hKey=0x3ec, lpValueName="Shell", Reserved=0x0, dwType=0x1, lpData="empty", cbData=0xc | out: lpData="empty") returned 0x0
[0109.201] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\worm_tool.sys", nBufferLength=0x105, lpBuffer=0xefd660, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\worm_tool.sys", lpFilePart=0x0) returned 0x25
[0109.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdb80) returned 1
[0109.201] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\worm_tool.sys" (normalized: "c:\\users\\fd1hvy\\desktop\\worm_tool.sys"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3d0
[0109.232] GetFileType (hFile=0x3d0) returned 0x1
[0109.232] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefdaf0) returned 1
[0109.232] GetFileType (hFile=0x3d0) returned 0x1
[0109.236] WriteFile (in: hFile=0x3d0, lpBuffer=0x2d0dad8*, nNumberOfBytesToWrite=0x9, lpNumberOfBytesWritten=0xefdbe8, lpOverlapped=0x0 | out: lpBuffer=0x2d0dad8*, lpNumberOfBytesWritten=0xefdbe8*=0x9, lpOverlapped=0x0) returned 1
[0109.237] CloseHandle (hObject=0x3d0) returned 1
[0109.239] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\worm_tool.sys", nBufferLength=0x105, lpBuffer=0xefd660, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\worm_tool.sys", lpFilePart=0x0) returned 0x27
[0109.239] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdb80) returned 1
[0109.239] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Downloads\\worm_tool.sys" (normalized: "c:\\users\\fd1hvy\\downloads\\worm_tool.sys"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3d0
[0109.281] GetFileType (hFile=0x3d0) returned 0x1
[0109.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefdaf0) returned 1
[0109.281] GetFileType (hFile=0x3d0) returned 0x1
[0109.281] WriteFile (in: hFile=0x3d0, lpBuffer=0x2d10180*, nNumberOfBytesToWrite=0x9, lpNumberOfBytesWritten=0xefdbe8, lpOverlapped=0x0 | out: lpBuffer=0x2d10180*, lpNumberOfBytesWritten=0xefdbe8*=0x9, lpOverlapped=0x0) returned 1
[0109.282] CloseHandle (hObject=0x3d0) returned 1
[0109.285] GetTimeZoneInformation (in: lpTimeZoneInformation=0xefdb60 | out: lpTimeZoneInformation=0xefdb60) returned 0x1
[0109.286] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0xefd968 | out: pTimeZoneInformation=0xefd968) returned 0x1
[0109.289] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0xefd938 | out: phkResult=0xefd938*=0x3d0) returned 0x0
[0109.290] RegQueryValueExW (in: hKey=0x3d0, lpValueName="TZI", lpReserved=0x0, lpType=0xefd978, lpData=0x0, lpcbData=0xefd970*=0x0 | out: lpType=0xefd978*=0x3, lpData=0x0, lpcbData=0xefd970*=0x2c) returned 0x0
[0109.290] RegQueryValueExW (in: hKey=0x3d0, lpValueName="TZI", lpReserved=0x0, lpType=0xefd978, lpData=0x2d11e98, lpcbData=0xefd970*=0x2c | out: lpType=0xefd978*=0x3, lpData=0x2d11e98*, lpcbData=0xefd970*=0x2c) returned 0x0
[0109.291] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0xefd738 | out: phkResult=0xefd738*=0x0) returned 0x2
[0109.292] RegQueryValueExW (in: hKey=0x3d0, lpValueName="MUI_Display", lpReserved=0x0, lpType=0xefd908, lpData=0x0, lpcbData=0xefd900*=0x0 | out: lpType=0xefd908*=0x1, lpData=0x0, lpcbData=0xefd900*=0x20) returned 0x0
[0109.292] RegQueryValueExW (in: hKey=0x3d0, lpValueName="MUI_Display", lpReserved=0x0, lpType=0xefd908, lpData=0x2d12398, lpcbData=0xefd900*=0x20 | out: lpType=0xefd908*=0x1, lpData="@tzres.dll,-320", lpcbData=0xefd900*=0x20) returned 0x0
[0109.292] RegQueryValueExW (in: hKey=0x3d0, lpValueName="MUI_Std", lpReserved=0x0, lpType=0xefd908, lpData=0x0, lpcbData=0xefd900*=0x0 | out: lpType=0xefd908*=0x1, lpData=0x0, lpcbData=0xefd900*=0x20) returned 0x0
[0109.292] RegQueryValueExW (in: hKey=0x3d0, lpValueName="MUI_Std", lpReserved=0x0, lpType=0xefd908, lpData=0x2d12408, lpcbData=0xefd900*=0x20 | out: lpType=0xefd908*=0x1, lpData="@tzres.dll,-322", lpcbData=0xefd900*=0x20) returned 0x0
[0109.292] RegQueryValueExW (in: hKey=0x3d0, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0xefd908, lpData=0x0, lpcbData=0xefd900*=0x0 | out: lpType=0xefd908*=0x1, lpData=0x0, lpcbData=0xefd900*=0x20) returned 0x0
[0109.292] RegQueryValueExW (in: hKey=0x3d0, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0xefd908, lpData=0x2d12478, lpcbData=0xefd900*=0x20 | out: lpType=0xefd908*=0x1, lpData="@tzres.dll,-321", lpcbData=0xefd900*=0x20) returned 0x0
[0109.294] CoTaskMemAlloc (cb=0x20c) returned 0x10866f0
[0109.294] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x10866f0 | out: pszPath="C:\\WINDOWS\\system32") returned 0x0
[0109.294] CoTaskMemFree (pv=0x10866f0)
[0109.294] CoTaskMemAlloc (cb=0x280) returned 0x1db3dc00
[0109.294] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\WINDOWS\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0xefd950, pwszFileMUIPath=0x1db3dc00, pcchFileMUIPath=0xefd958, pululEnumerator=0xefd948 | out: pwszLanguage=0x0, pcchLanguage=0xefd950, pwszFileMUIPath="C:\\WINDOWS\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0xefd958, pululEnumerator=0xefd948) returned 1
[0109.314] CoTaskMemFree (pv=0x0)
[0109.314] CoTaskMemFree (pv=0x1db3dc00)
[0109.314] LoadLibraryExW (lpLibFileName="C:\\WINDOWS\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x1ed70001
[0109.498] CoTaskMemAlloc (cb=0x3ec) returned 0x1db3dc00
[0109.498] LoadStringW (in: hInstance=0x1ed70001, uID=0x140, lpBuffer=0x1db3dc00, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c
[0109.499] CoTaskMemFree (pv=0x1db3dc00)
[0109.499] FreeLibrary (hLibModule=0x1ed70001) returned 1
[0109.499] CoTaskMemAlloc (cb=0x20c) returned 0x1083830
[0109.499] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x1083830 | out: pszPath="C:\\WINDOWS\\system32") returned 0x0
[0109.499] CoTaskMemFree (pv=0x1083830)
[0109.500] CoTaskMemAlloc (cb=0x280) returned 0x1db3dc00
[0109.500] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\WINDOWS\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0xefd950, pwszFileMUIPath=0x1db3dc00, pcchFileMUIPath=0xefd958, pululEnumerator=0xefd948 | out: pwszLanguage=0x0, pcchLanguage=0xefd950, pwszFileMUIPath="C:\\WINDOWS\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0xefd958, pululEnumerator=0xefd948) returned 1
[0109.500] CoTaskMemFree (pv=0x0)
[0109.500] CoTaskMemFree (pv=0x1db3dc00)
[0109.501] LoadLibraryExW (lpLibFileName="C:\\WINDOWS\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x1ed70001
[0109.501] CoTaskMemAlloc (cb=0x3ec) returned 0x1db3dc00
[0109.501] LoadStringW (in: hInstance=0x1ed70001, uID=0x142, lpBuffer=0x1db3dc00, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17
[0109.501] CoTaskMemFree (pv=0x1db3dc00)
[0109.501] FreeLibrary (hLibModule=0x1ed70001) returned 1
[0109.502] CoTaskMemAlloc (cb=0x20c) returned 0x10853d0
[0109.502] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x10853d0 | out: pszPath="C:\\WINDOWS\\system32") returned 0x0
[0109.502] CoTaskMemFree (pv=0x10853d0)
[0109.502] CoTaskMemAlloc (cb=0x280) returned 0x1db3dc00
[0109.502] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\WINDOWS\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0xefd950, pwszFileMUIPath=0x1db3dc00, pcchFileMUIPath=0xefd958, pululEnumerator=0xefd948 | out: pwszLanguage=0x0, pcchLanguage=0xefd950, pwszFileMUIPath="C:\\WINDOWS\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0xefd958, pululEnumerator=0xefd948) returned 1
[0109.503] CoTaskMemFree (pv=0x0)
[0109.503] CoTaskMemFree (pv=0x1db3dc00)
[0109.503] LoadLibraryExW (lpLibFileName="C:\\WINDOWS\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x1ed70001
[0109.504] CoTaskMemAlloc (cb=0x3ec) returned 0x1db3dc00
[0109.504] LoadStringW (in: hInstance=0x1ed70001, uID=0x141, lpBuffer=0x1db3dc00, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17
[0109.504] CoTaskMemFree (pv=0x1db3dc00)
[0109.504] FreeLibrary (hLibModule=0x1ed70001) returned 1
[0109.505] RegCloseKey (hKey=0x3d0) returned 0x0
[0109.506] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0109.506] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x102d8
[0109.507] SetWindowLongPtrW (hWnd=0x102d8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0109.507] GetWindowLongPtrW (hWnd=0x102d8, nIndex=-4) returned 0x7ffcea425090
[0109.507] SetWindowLongPtrW (hWnd=0x102d8, nIndex=-4, dwNewLong=0x1b7d3b7c) returned 0x7ffcea425090
[0109.507] GetWindowLongPtrW (hWnd=0x102d8, nIndex=-4) returned 0x1b7d3b7c
[0109.507] GetWindowLongPtrW (hWnd=0x102d8, nIndex=-16) returned 0x4c00000
[0109.507] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x102d8, Msg=0x24, wParam=0x0, lParam=0xefd480) returned 0x0
[0109.507] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x102d8, Msg=0x81, wParam=0x0, lParam=0xefd3f0) returned 0x1
[0109.508] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x102d8, Msg=0x83, wParam=0x0, lParam=0xefd4a0) returned 0x0
[0109.508] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x102d8, Msg=0x1, wParam=0x0, lParam=0xefd3c0) returned 0x0
[0109.509] SetTimer (hWnd=0x102d8, nIDEvent=0x6, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x6
[0109.509] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0109.509] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x102da
[0109.510] SetWindowLongPtrW (hWnd=0x102da, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0109.510] GetWindowLongPtrW (hWnd=0x102da, nIndex=-4) returned 0x7ffcea425090
[0109.510] SetWindowLongPtrW (hWnd=0x102da, nIndex=-4, dwNewLong=0x1b7d407c) returned 0x7ffcea425090
[0109.510] GetWindowLongPtrW (hWnd=0x102da, nIndex=-4) returned 0x1b7d407c
[0109.510] GetWindowLongPtrW (hWnd=0x102da, nIndex=-16) returned 0x4c00000
[0109.510] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x102da, Msg=0x24, wParam=0x0, lParam=0xefd480) returned 0x0
[0109.515] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x102da, Msg=0x81, wParam=0x0, lParam=0xefd3f0) returned 0x1
[0109.515] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x102da, Msg=0x83, wParam=0x0, lParam=0xefd4a0) returned 0x0
[0109.516] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x102da, Msg=0x1, wParam=0x0, lParam=0xefd3c0) returned 0x0
[0109.516] SetTimer (hWnd=0x102da, nIDEvent=0x7, uElapse=0x2710, lpTimerFunc=0x0) returned 0x7
[0109.519] InvalidateRect (hWnd=0x202d4, lpRect=0x0, bErase=0) returned 1
[0109.519] InvalidateRect (hWnd=0x202d2, lpRect=0x0, bErase=1) returned 1
[0109.519] InvalidateRect (hWnd=0x202d0, lpRect=0x0, bErase=1) returned 1
[0109.520] InvalidateRect (hWnd=0x202ce, lpRect=0x0, bErase=1) returned 1
[0109.520] InvalidateRect (hWnd=0x302cc, lpRect=0x0, bErase=1) returned 1
[0109.520] InvalidateRect (hWnd=0x302c6, lpRect=0x0, bErase=1) returned 1
[0109.520] InvalidateRect (hWnd=0x702c2, lpRect=0x0, bErase=1) returned 1
[0109.520] InvalidateRect (hWnd=0x102d6, lpRect=0x0, bErase=1) returned 1
[0109.525] GetWindowThreadProcessId (in: hWnd=0x502b4, lpdwProcessId=0xefdec0 | out: lpdwProcessId=0xefdec0) returned 0x4b0
[0109.525] GetCurrentThreadId () returned 0x4b0
[0109.525] RegisterClipboardFormatW (lpszFormat="WindowsForms12_ThreadCallbackMessage") returned 0xc19f
[0109.526] PostMessageW (hWnd=0x502b4, Msg=0xc19f, wParam=0x0, lParam=0x0) returned 1
[0109.526] GetWindowTextLengthW (hWnd=0x502b4) returned 15
[0109.526] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xf
[0109.526] GetSystemMetrics (nIndex=42) returned 0
[0109.526] GetWindowTextW (in: hWnd=0x502b4, lpString=0xefddb0, nMaxCount=16 | out: lpString="Worm Locker 2.0") returned 15
[0109.526] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xd, wParam=0x10, lParam=0xefddb0) returned 0xf
[0109.528] GdipImageGetFrameDimensionsCount (image=0x1c8f7000, count=0xefddc0) returned 0x0
[0109.528] GdipImageGetFrameDimensionsList (image=0x1c8f7000, dimensionIDs=0x1db38790*(Data1=0x6e0065, Data2=0x2d, Data3=0x55, Data4=([0]=0x53, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65, [5]=0x0, [6]=0x6e, [7]=0x0)), count=0x1) returned 0x0
[0109.531] LocalFree (hMem=0x1db38790) returned 0x0
[0109.535] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x46, wParam=0x0, lParam=0xefe670) returned 0x0
[0109.535] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x702b6, Msg=0x46, wParam=0x0, lParam=0xefe670) returned 0x0
[0109.541] GetWindowPlacement (in: hWnd=0x502b4, lpwndpl=0xefe180 | out: lpwndpl=0xefe180) returned 1
[0109.542] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x47, wParam=0x0, lParam=0xefe670) returned 0x0
[0109.542] GetClientRect (in: hWnd=0x502b4, lpRect=0xefe020 | out: lpRect=0xefe020) returned 1
[0109.542] GetWindowRect (in: hWnd=0x502b4, lpRect=0xefe020 | out: lpRect=0xefe020) returned 1
[0109.542] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x5, wParam=0x0, lParam=0x22602d0) returned 0x0
[0109.542] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x3, wParam=0x0, lParam=0xfffffffffc18fc18) returned 0x0
[0109.542] GetClientRect (in: hWnd=0x502b4, lpRect=0xefe0b0 | out: lpRect=0xefe0b0) returned 1
[0109.542] GetWindowRect (in: hWnd=0x502b4, lpRect=0xefe0b0 | out: lpRect=0xefe0b0) returned 1
[0109.582] GetFocus () returned 0x502b4
[0109.582] SetFocus (hWnd=0x202d2) returned 0x502b4
[0109.583] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x8, wParam=0x202d2, lParam=0x0) returned 0x0
[0109.584] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x281, wParam=0x0, lParam=0xc000000f) returned 0x0
[0109.585] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0
[0109.588] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0109.589] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0x7, wParam=0x502b4, lParam=0x0) returned 0x1
[0109.590] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0109.590] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0x282, wParam=0xa, lParam=0x0) returned 0x0
[0109.590] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0109.590] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0x282, wParam=0xf, lParam=0x9029f) returned 0x0
[0109.591] SetTextColor (hdc=0xf0105ee, color=0xffffff) returned 0x0
[0109.592] SetBkColor (hdc=0xf0105ee, color=0x0) returned 0xffffff
[0109.632] CreateSolidBrush (color=0x0) returned 0x1b1007e1
[0109.638] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0109.638] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0x282, wParam=0xb, lParam=0x0) returned 0x0
[0109.639] SendMessageW (hWnd=0x202d2, Msg=0x2111, wParam=0x10002d2, lParam=0x202d2) returned 0x0
[0109.644] SendMessageW (hWnd=0x202d2, Msg=0xb0, wParam=0xefdf50, lParam=0xefdef0) returned 0x0
[0109.644] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0xb0, wParam=0xefdf50, lParam=0xefdef0) returned 0x0
[0109.644] GetKeyState (nVirtKey=2) returned 0
[0109.644] GetKeyState (nVirtKey=4) returned 0
[0109.644] GetKeyState (nVirtKey=5) returned 0
[0109.644] GetKeyState (nVirtKey=6) returned 0
[0109.645] GetWindowTextLengthW (hWnd=0x202d2) returned 0
[0109.645] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0
[0109.645] SendMessageW (hWnd=0x202d2, Msg=0xb1, wParam=0x0, lParam=0x0) returned 0x1
[0109.645] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0xb1, wParam=0x0, lParam=0x0) returned 0x1
[0109.645] SetTextColor (hdc=0x10105d6, color=0xffffff) returned 0x0
[0109.645] SetBkColor (hdc=0x10105d6, color=0x0) returned 0xffffff
[0109.646] GetFocus () returned 0x202d2
[0109.647] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0109.647] IsWindowUnicode (hWnd=0x502b4) returned 1
[0109.647] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0109.651] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0109.652] DispatchMessageW (lpMsg=0xefe7e0) returned 0x0
[0109.652] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0
[0109.652] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0109.652] IsWindowUnicode (hWnd=0x702b6) returned 1
[0109.652] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0109.652] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0109.652] DispatchMessageW (lpMsg=0xefe7e0) returned 0x0
[0109.652] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x702b6, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0
[0109.652] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0109.652] IsWindowUnicode (hWnd=0x502b4) returned 1
[0109.652] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0109.652] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0109.652] DispatchMessageW (lpMsg=0xefe7e0) returned 0x0
[0109.653] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x46, wParam=0x0, lParam=0xefe340) returned 0x0
[0109.653] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x83, wParam=0x1, lParam=0xefe310) returned 0x0
[0109.654] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x1
[0109.654] SetTextColor (hdc=0x10105d6, color=0xffffff) returned 0x0
[0109.654] SetBkColor (hdc=0x10105d6, color=0x0) returned 0xffffff
[0109.660] GetWindowPlacement (in: hWnd=0x502b4, lpwndpl=0xefd380 | out: lpwndpl=0xefd380) returned 1
[0109.660] GetWindowTextLengthW (hWnd=0x502b4) returned 15
[0109.660] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xf
[0109.660] GetSystemMetrics (nIndex=42) returned 0
[0109.660] GetWindowTextW (in: hWnd=0x502b4, lpString=0xefcf10, nMaxCount=16 | out: lpString="Worm Locker 2.0") returned 15
[0109.660] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xd, wParam=0x10, lParam=0xefcf10) returned 0xf
[0109.660] GetClientRect (in: hWnd=0x502b4, lpRect=0xefcf98 | out: lpRect=0xefcf98) returned 1
[0109.666] SystemParametersInfoW (in: uiAction=0x42, uiParam=0x10, pvParam=0xefcd58, fWinIni=0x0 | out: pvParam=0xefcd58) returned 1
[0109.667] GdipGetImageFlags (image=0x1c8f81b0, flags=0xefcd58) returned 0x0
[0109.669] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x1b7d3d5c, dwData=0x0) returned 1
[0109.669] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xefc770 | out: lpmi=0xefc770) returned 1
[0109.669] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x1f0107ed
[0109.670] GetDeviceCaps (hdc=0x1f0107ed, index=12) returned 32
[0109.670] GetDeviceCaps (hdc=0x1f0107ed, index=14) returned 1
[0109.670] DeleteDC (hdc=0x1f0107ed) returned 1
[0109.670] GetCurrentObject (hdc=0x6201079b, type=0x1) returned 0xb00017
[0109.670] GetCurrentObject (hdc=0x6201079b, type=0x2) returned 0x900010
[0109.670] GetCurrentObject (hdc=0x6201079b, type=0x7) returned 0x110507e9
[0109.670] GetCurrentObject (hdc=0x6201079b, type=0x6) returned 0x8a01c2
[0109.670] SaveDC (hdc=0x6201079b) returned 1
[0109.677] GetNearestColor (hdc=0x6201079b, color=0xf0f0f0) returned 0xf0f0f0
[0109.680] CreateSolidBrush (color=0xf0f0f0) returned 0x101007e5
[0109.680] FillRect (hDC=0x6201079b, lprc=0xefcc80, hbr=0x101007e5) returned 1
[0109.681] DeleteObject (ho=0x101007e5) returned 1
[0109.682] RestoreDC (hdc=0x6201079b, nSavedDC=-1) returned 1
[0109.684] GdipCreateHalftonePalette () returned 0x220807ed
[0109.685] SelectPalette (hdc=0x6201079b, hPal=0x220807ed, bForceBkgd=1) returned 0x88000b
[0109.685] GdipCreateFromHDC (hdc=0x6201079b, graphics=0xefcd58) returned 0x0
[0109.730] GdipSetPageUnit (graphics=0x1c8f8a50, unit=0x2) returned 0x0
[0109.737] GdipCreateMatrix (matrix=0xefcc50) returned 0x0
[0109.737] GdipGetWorldTransform (graphics=0x1c8f8a50, matrix=0x1c8f8e20) returned 0x0
[0109.737] GdipIsMatrixIdentity (matrix=0x1c8f8e20, result=0xefccb8) returned 0x0
[0109.738] GdipDeleteMatrix (matrix=0x1c8f8e20) returned 0x0
[0109.740] GdipCreateRegion (region=0xefcc50) returned 0x0
[0109.744] GdipGetClip (graphics=0x1c8f8a50, region=0x1c8f8e60) returned 0x0
[0109.744] GdipIsInfiniteRegion (region=0x1c8f8e60, graphics=0x1c8f8a50, result=0xefccb0) returned 0x0
[0109.745] GdipDeleteRegion (region=0x1c8f8e60) returned 0x0
[0109.747] GdipSaveGraphics (graphics=0x1c8f8a50, state=0xefcd50) returned 0x0
[0109.772] GdipCreateSolidFill (color=0xfffffffffff0f0f0, brush=0xefcc10) returned 0x0
[0109.774] GdipFillRectangleI (graphics=0x1c8f8a50, brush=0x1c8f9170, x=0, y=0, width=720, height=550) returned 0x0
[0109.820] GdipDeleteBrush (brush=0x1c8f9170) returned 0x0
[0109.821] GdipCreateImageAttributes (imageattr=0xefcc30) returned 0x0
[0109.823] GdipSetImageAttributesWrapMode (imageAttr=0x1c8f9170, wrap=0x3, argb=0x0, clamp=0) returned 0x0
[0109.824] GdipGetImageWidth (image=0x1c8f81b0, width=0xefcc28) returned 0x0
[0109.825] GdipGetImageHeight (image=0x1c8f81b0, height=0xefcc28) returned 0x0
[0109.826] GdipDrawImageRectRectI (graphics=0x1c8f8a50, image=0x1c8f81b0, dstx=0, dsty=0, dstwidth=720, dstheight=550, srcx=0, srcy=0, srcwidth=800, srcheight=600, srcUnit=0x2, imageAttributes=0x1c8f9170, callback=0x0, callbackData=0x0) returned 0x0
[0109.833] GdipDisposeImageAttributes (imageattr=0x1c8f9170) returned 0x0
[0109.834] GdipRestoreGraphics (graphics=0x1c8f8a50, state=0xfffffffffdb40dbd) returned 0x0
[0109.834] GetWindowTextLengthW (hWnd=0x502b4) returned 15
[0109.834] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xf
[0109.834] GetSystemMetrics (nIndex=42) returned 0
[0109.834] GetWindowTextW (in: hWnd=0x502b4, lpString=0xefcf10, nMaxCount=16 | out: lpString="Worm Locker 2.0") returned 15
[0109.834] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xd, wParam=0x10, lParam=0xefcf10) returned 0xf
[0109.834] GdipDeleteGraphics (graphics=0x1c8f8a50) returned 0x0
[0109.834] SelectPalette (hdc=0x6201079b, hPal=0x88000b, bForceBkgd=0) returned 0x220807ed
[0109.836] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0x14, wParam=0x10105d6, lParam=0x0) returned 0x1
[0109.836] GetWindowPlacement (in: hWnd=0x502b4, lpwndpl=0xefde50 | out: lpwndpl=0xefde50) returned 1
[0109.836] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x47, wParam=0x0, lParam=0xefe340) returned 0x0
[0109.836] GetClientRect (in: hWnd=0x502b4, lpRect=0xefdcf0 | out: lpRect=0xefdcf0) returned 1
[0109.837] GetWindowRect (in: hWnd=0x502b4, lpRect=0xefdcf0 | out: lpRect=0xefdcf0) returned 1
[0109.837] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x31f, wParam=0x0, lParam=0x0) returned 0x0
[0109.837] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0109.837] IsWindowUnicode (hWnd=0x502b4) returned 1
[0109.837] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0109.837] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0109.837] DispatchMessageW (lpMsg=0xefe7e0) returned 0x0
[0109.839] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0109.839] IsWindowUnicode (hWnd=0x202d2) returned 1
[0109.839] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0109.839] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0109.839] DispatchMessageW (lpMsg=0xefe7e0) returned 0x1
[0109.839] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1
[0109.840] SetTextColor (hdc=0x6301079b, color=0xffffff) returned 0x0
[0109.840] SetBkColor (hdc=0x6301079b, color=0x0) returned 0xffffff
[0109.840] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0109.840] IsWindowUnicode (hWnd=0x302c8) returned 1
[0109.840] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0109.840] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0109.840] DispatchMessageW (lpMsg=0xefe7e0) returned 0x0
[0109.952] GetWindowThreadProcessId (in: hWnd=0x302c8, lpdwProcessId=0xefe110 | out: lpdwProcessId=0xefe110) returned 0x4b0
[0109.952] GetCurrentThreadId () returned 0x4b0
[0109.952] IsWindow (hWnd=0x302c8) returned 1
[0109.952] KillTimer (hWnd=0x302c8, uIDEvent=0x1) returned 1
[0109.952] DestroyWindow (hWnd=0x302c8) returned 1
[0109.953] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0109.953] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0109.953] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x302c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0109.957] CoTaskMemAlloc (cb=0x20c) returned 0x10862b0
[0109.957] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10862b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0109.957] CoTaskMemFree (pv=0x10862b0)
[0109.957] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefdaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0109.957] CoTaskMemAlloc (cb=0x280) returned 0x1db45170
[0109.957] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db45170, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0109.957] CoTaskMemFree (pv=0x1db45170)
[0109.957] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0109.957] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefe0d0) returned 1
[0109.959] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefe1b0 | out: lpFileInformation=0xefe1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x440792d0, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x440792d0, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce389e99, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x11a)) returned 1
[0109.959] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefe090) returned 1
[0109.959] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0109.960] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini")) returned 1
[0109.961] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0109.961] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefe0d0) returned 1
[0109.961] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefe1b0 | out: lpFileInformation=0xefe1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44137e3b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x44137e3b, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce3d633b, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x11a)) returned 1
[0109.961] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefe090) returned 1
[0109.961] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0109.961] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini")) returned 1
[0109.962] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0109.962] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x402c8
[0109.963] SetWindowLongPtrW (hWnd=0x402c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0109.963] GetWindowLongPtrW (hWnd=0x402c8, nIndex=-4) returned 0x7ffcea425090
[0109.963] SetWindowLongPtrW (hWnd=0x402c8, nIndex=-4, dwNewLong=0x1b7d40cc) returned 0x7ffcea425090
[0109.963] GetWindowLongPtrW (hWnd=0x402c8, nIndex=-4) returned 0x1b7d40cc
[0109.963] GetWindowLongPtrW (hWnd=0x402c8, nIndex=-16) returned 0x4c00000
[0109.969] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x402c8, Msg=0x24, wParam=0x0, lParam=0xefd7f0) returned 0x0
[0109.970] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x402c8, Msg=0x81, wParam=0x0, lParam=0xefd760) returned 0x1
[0109.970] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x402c8, Msg=0x83, wParam=0x0, lParam=0xefd810) returned 0x0
[0109.970] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x402c8, Msg=0x1, wParam=0x0, lParam=0xefd730) returned 0x0
[0109.971] SetTimer (hWnd=0x402c8, nIDEvent=0x8, uElapse=0x64, lpTimerFunc=0x0) returned 0x8
[0109.971] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0109.971] IsWindowUnicode (hWnd=0x80030) returned 1
[0109.971] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0109.971] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0109.971] DispatchMessageW (lpMsg=0xefe7e0) returned 0x0
[0109.971] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 0
[0109.972] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 0
[0109.972] WaitMessage () returned 1
[0110.079] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0110.079] IsWindowUnicode (hWnd=0x402c8) returned 1
[0110.079] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0110.079] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0110.079] DispatchMessageW (lpMsg=0xefe7e0) returned 0x0
[0110.079] GetWindowThreadProcessId (in: hWnd=0x402c8, lpdwProcessId=0xefe110 | out: lpdwProcessId=0xefe110) returned 0x4b0
[0110.079] GetCurrentThreadId () returned 0x4b0
[0110.079] IsWindow (hWnd=0x402c8) returned 1
[0110.079] KillTimer (hWnd=0x402c8, uIDEvent=0x8) returned 1
[0110.079] DestroyWindow (hWnd=0x402c8) returned 1
[0110.079] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x402c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0110.079] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x402c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0110.080] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x402c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0110.082] CoTaskMemAlloc (cb=0x20c) returned 0x1085c50
[0110.082] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1085c50 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0110.082] CoTaskMemFree (pv=0x1085c50)
[0110.082] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefdaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0110.082] CoTaskMemAlloc (cb=0x280) returned 0x1db45170
[0110.082] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db45170, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0110.082] CoTaskMemFree (pv=0x1db45170)
[0110.082] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0110.082] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefe0d0) returned 1
[0110.082] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefe1b0 | out: lpFileInformation=0xefe1b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0110.082] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefe090) returned 1
[0110.082] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0110.083] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefe0d0) returned 1
[0110.083] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefe1b0 | out: lpFileInformation=0xefe1b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0110.083] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefe090) returned 1
[0110.083] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0110.083] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x502c8
[0110.083] SetWindowLongPtrW (hWnd=0x502c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0110.084] GetWindowLongPtrW (hWnd=0x502c8, nIndex=-4) returned 0x7ffcea425090
[0110.084] SetWindowLongPtrW (hWnd=0x502c8, nIndex=-4, dwNewLong=0x1b7d3dac) returned 0x7ffcea425090
[0110.084] GetWindowLongPtrW (hWnd=0x502c8, nIndex=-4) returned 0x1b7d3dac
[0110.084] GetWindowLongPtrW (hWnd=0x502c8, nIndex=-16) returned 0x4c00000
[0110.084] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502c8, Msg=0x24, wParam=0x0, lParam=0xefd7f0) returned 0x0
[0110.085] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502c8, Msg=0x81, wParam=0x0, lParam=0xefd760) returned 0x1
[0110.085] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502c8, Msg=0x83, wParam=0x0, lParam=0xefd810) returned 0x0
[0110.085] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502c8, Msg=0x1, wParam=0x0, lParam=0xefd730) returned 0x0
[0110.086] SetTimer (hWnd=0x502c8, nIDEvent=0x9, uElapse=0x64, lpTimerFunc=0x0) returned 0x9
[0110.086] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 0
[0110.086] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 0
[0110.086] WaitMessage () returned 1
[0110.187] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0110.187] IsWindowUnicode (hWnd=0x502c8) returned 1
[0110.187] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0110.188] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0110.188] DispatchMessageW (lpMsg=0xefe7e0) returned 0x0
[0110.188] GetWindowThreadProcessId (in: hWnd=0x502c8, lpdwProcessId=0xefe110 | out: lpdwProcessId=0xefe110) returned 0x4b0
[0110.188] GetCurrentThreadId () returned 0x4b0
[0110.188] IsWindow (hWnd=0x502c8) returned 1
[0110.188] KillTimer (hWnd=0x502c8, uIDEvent=0x9) returned 1
[0110.188] DestroyWindow (hWnd=0x502c8) returned 1
[0110.188] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0110.189] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0110.189] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0110.192] CoTaskMemAlloc (cb=0x20c) returned 0x1085c50
[0110.192] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1085c50 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0110.192] CoTaskMemFree (pv=0x1085c50)
[0110.192] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefdaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0110.193] CoTaskMemAlloc (cb=0x280) returned 0x1db45170
[0110.193] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db45170, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0110.193] CoTaskMemFree (pv=0x1db45170)
[0110.193] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0110.193] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefe0d0) returned 1
[0110.193] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefe1b0 | out: lpFileInformation=0xefe1b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0110.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefe090) returned 1
[0110.193] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0110.193] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefe0d0) returned 1
[0110.193] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefe1b0 | out: lpFileInformation=0xefe1b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0110.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefe090) returned 1
[0110.194] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0110.194] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x602c8
[0110.194] SetWindowLongPtrW (hWnd=0x602c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0110.194] GetWindowLongPtrW (hWnd=0x602c8, nIndex=-4) returned 0x7ffcea425090
[0110.195] SetWindowLongPtrW (hWnd=0x602c8, nIndex=-4, dwNewLong=0x1b7d3c1c) returned 0x7ffcea425090
[0110.195] GetWindowLongPtrW (hWnd=0x602c8, nIndex=-4) returned 0x1b7d3c1c
[0110.195] GetWindowLongPtrW (hWnd=0x602c8, nIndex=-16) returned 0x4c00000
[0110.196] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x602c8, Msg=0x24, wParam=0x0, lParam=0xefd7f0) returned 0x0
[0110.196] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x602c8, Msg=0x81, wParam=0x0, lParam=0xefd760) returned 0x1
[0110.197] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x602c8, Msg=0x83, wParam=0x0, lParam=0xefd810) returned 0x0
[0110.197] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x602c8, Msg=0x1, wParam=0x0, lParam=0xefd730) returned 0x0
[0110.198] SetTimer (hWnd=0x602c8, nIDEvent=0xa, uElapse=0x64, lpTimerFunc=0x0) returned 0xa
[0110.198] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 0
[0110.198] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 0
[0110.198] WaitMessage () returned 1
[0110.311] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0110.312] IsWindowUnicode (hWnd=0x602c8) returned 1
[0110.312] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0110.312] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0110.312] DispatchMessageW (lpMsg=0xefe7e0) returned 0x0
[0110.312] GetWindowThreadProcessId (in: hWnd=0x602c8, lpdwProcessId=0xefe110 | out: lpdwProcessId=0xefe110) returned 0x4b0
[0110.312] GetCurrentThreadId () returned 0x4b0
[0110.312] IsWindow (hWnd=0x602c8) returned 1
[0110.312] KillTimer (hWnd=0x602c8, uIDEvent=0xa) returned 1
[0110.312] DestroyWindow (hWnd=0x602c8) returned 1
[0110.312] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x602c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0110.312] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x602c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0110.314] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x602c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0110.317] CoTaskMemAlloc (cb=0x20c) returned 0x1084710
[0110.317] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1084710 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0110.317] CoTaskMemFree (pv=0x1084710)
[0110.317] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefdaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0110.317] CoTaskMemAlloc (cb=0x280) returned 0x1db45170
[0110.317] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db45170, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0110.317] CoTaskMemFree (pv=0x1db45170)
[0110.317] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0110.317] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefe0d0) returned 1
[0110.317] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefe1b0 | out: lpFileInformation=0xefe1b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0110.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefe090) returned 1
[0110.318] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0110.318] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefe0d0) returned 1
[0110.318] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefe1b0 | out: lpFileInformation=0xefe1b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0110.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefe090) returned 1
[0110.318] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0110.318] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x702c8
[0110.319] SetWindowLongPtrW (hWnd=0x702c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0110.319] GetWindowLongPtrW (hWnd=0x702c8, nIndex=-4) returned 0x7ffcea425090
[0110.319] SetWindowLongPtrW (hWnd=0x702c8, nIndex=-4, dwNewLong=0x1b7d3fdc) returned 0x7ffcea425090
[0110.319] GetWindowLongPtrW (hWnd=0x702c8, nIndex=-4) returned 0x1b7d3fdc
[0110.319] GetWindowLongPtrW (hWnd=0x702c8, nIndex=-16) returned 0x4c00000
[0110.320] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x702c8, Msg=0x24, wParam=0x0, lParam=0xefd7f0) returned 0x0
[0110.320] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x702c8, Msg=0x81, wParam=0x0, lParam=0xefd760) returned 0x1
[0110.321] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x702c8, Msg=0x83, wParam=0x0, lParam=0xefd810) returned 0x0
[0110.321] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x702c8, Msg=0x1, wParam=0x0, lParam=0xefd730) returned 0x0
[0110.322] SetTimer (hWnd=0x702c8, nIDEvent=0xb, uElapse=0x64, lpTimerFunc=0x0) returned 0xb
[0110.322] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 0
[0110.322] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 0
[0110.322] WaitMessage () returned 1
[0110.359] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0110.359] IsWindowUnicode (hWnd=0x202d2) returned 1
[0110.359] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0110.359] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0110.359] DispatchMessageW (lpMsg=0xefe7e0) returned 0x0
[0110.360] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 0
[0110.360] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 0
[0110.360] WaitMessage () returned 1
[0110.421] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0110.421] IsWindowUnicode (hWnd=0x702c8) returned 1
[0110.421] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0110.421] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0110.421] DispatchMessageW (lpMsg=0xefe7e0) returned 0x0
[0110.421] GetWindowThreadProcessId (in: hWnd=0x702c8, lpdwProcessId=0xefe110 | out: lpdwProcessId=0xefe110) returned 0x4b0
[0110.421] GetCurrentThreadId () returned 0x4b0
[0110.421] IsWindow (hWnd=0x702c8) returned 1
[0110.421] KillTimer (hWnd=0x702c8, uIDEvent=0xb) returned 1
[0110.422] DestroyWindow (hWnd=0x702c8) returned 1
[0110.422] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x702c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0110.422] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x702c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0110.423] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x702c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0110.425] CoTaskMemAlloc (cb=0x20c) returned 0x1085c50
[0110.425] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1085c50 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0110.425] CoTaskMemFree (pv=0x1085c50)
[0110.426] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefdaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0110.426] CoTaskMemAlloc (cb=0x280) returned 0x1db45170
[0110.426] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db45170, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0110.426] CoTaskMemFree (pv=0x1db45170)
[0110.426] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0110.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefe0d0) returned 1
[0110.426] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefe1b0 | out: lpFileInformation=0xefe1b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0110.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefe090) returned 1
[0110.426] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0110.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefe0d0) returned 1
[0110.426] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefe1b0 | out: lpFileInformation=0xefe1b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0110.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefe090) returned 1
[0110.427] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0110.427] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x802c8
[0110.427] SetWindowLongPtrW (hWnd=0x802c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0110.427] GetWindowLongPtrW (hWnd=0x802c8, nIndex=-4) returned 0x7ffcea425090
[0110.428] SetWindowLongPtrW (hWnd=0x802c8, nIndex=-4, dwNewLong=0x1b7d3b2c) returned 0x7ffcea425090
[0110.428] GetWindowLongPtrW (hWnd=0x802c8, nIndex=-4) returned 0x1b7d3b2c
[0110.428] GetWindowLongPtrW (hWnd=0x802c8, nIndex=-16) returned 0x4c00000
[0110.429] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x802c8, Msg=0x24, wParam=0x0, lParam=0xefd7f0) returned 0x0
[0110.429] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x802c8, Msg=0x81, wParam=0x0, lParam=0xefd760) returned 0x1
[0110.429] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x802c8, Msg=0x83, wParam=0x0, lParam=0xefd810) returned 0x0
[0110.430] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x802c8, Msg=0x1, wParam=0x0, lParam=0xefd730) returned 0x0
[0110.430] SetTimer (hWnd=0x802c8, nIDEvent=0xc, uElapse=0x64, lpTimerFunc=0x0) returned 0xc
[0110.430] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 0
[0110.430] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 0
[0110.430] WaitMessage () returned 1
[0110.521] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0110.521] IsWindowUnicode (hWnd=0x102d8) returned 1
[0110.521] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0110.521] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0110.521] DispatchMessageW (lpMsg=0xefe7e0) returned 0x0
[0111.042] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0111.042] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0111.042] GetSystemMetrics (nIndex=42) returned 0
[0111.042] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefe060, nMaxCount=9 | out: lpString="02:00:00") returned 8
[0111.042] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefe060) returned 0x8
[0111.042] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0111.042] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0111.042] GetSystemMetrics (nIndex=42) returned 0
[0111.042] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefe000, nMaxCount=9 | out: lpString="02:00:00") returned 8
[0111.042] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefe000) returned 0x8
[0111.042] SetWindowTextW (hWnd=0x702c2, lpString="01:59:58") returned 1
[0111.042] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xc, wParam=0x0, lParam=0x2d223d4) returned 0x1
[0111.043] GetStockObject (i=5) returned 0x900015
[0111.043] GetDlgItem (hDlg=0x502b4, nIDDlgItem=459458) returned 0x702c2
[0111.043] SendMessageW (hWnd=0x702c2, Msg=0x202b, wParam=0x702c2, lParam=0xefd760) returned 0x0
[0111.043] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0x202b, wParam=0x702c2, lParam=0xefd760) returned 0x0
[0111.043] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0111.043] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0111.043] GetSystemMetrics (nIndex=42) returned 0
[0111.043] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefdec0, nMaxCount=9 | out: lpString="01:59:58") returned 8
[0111.043] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefdec0) returned 0x8
[0111.044] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0111.044] AdjustWindowRectEx (in: lpRect=0xefdef0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdef0) returned 1
[0111.044] SystemParametersInfoW (in: uiAction=0x100a, uiParam=0x0, pvParam=0xefdf38, fWinIni=0x0 | out: pvParam=0xefdf38) returned 1
[0111.044] SendMessageW (hWnd=0x502b4, Msg=0x127, wParam=0x30001, lParam=0x0) returned 0x0
[0111.044] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x127, wParam=0x30001, lParam=0x0) returned 0x0
[0111.044] DrawTextExW (in: hdc=0xffffffff8c0107c3, lpchText="01:59:58", cchText=8, lprc=0xefde58, format=0x102400, lpdtp=0x2d22810 | out: lpchText="01:59:58", lprc=0xefde58) returned 37
[0111.045] InvalidateRect (hWnd=0x702c2, lpRect=0x0, bErase=1) returned 1
[0111.045] GetWindowTextLengthW (hWnd=0x502b4) returned 15
[0111.045] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xf
[0111.045] GetSystemMetrics (nIndex=42) returned 0
[0111.045] GetWindowTextW (in: hWnd=0x502b4, lpString=0xefde30, nMaxCount=16 | out: lpString="Worm Locker 2.0") returned 15
[0111.045] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xd, wParam=0x10, lParam=0xefde30) returned 0xf
[0111.045] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0111.045] IsWindowUnicode (hWnd=0x702c2) returned 1
[0111.045] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0111.045] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0111.045] DispatchMessageW (lpMsg=0xefe7e0) returned 0x0
[0111.054] BeginPaint (in: hWnd=0x702c2, lpPaint=0xefde38 | out: lpPaint=0xefde38) returned 0xd0104fe
[0111.055] SelectPalette (hdc=0xd0104fe, hPal=0x220807ed, bForceBkgd=1) returned 0x88000b
[0111.055] CreateCompatibleDC (hdc=0xd0104fe) returned 0x100107e7
[0111.055] GetObjectType (h=0xd0104fe) returned 0x3
[0111.056] CreateCompatibleBitmap (hdc=0xd0104fe, cx=1, cy=1) returned 0x200507d7
[0111.056] GetDIBits (in: hdc=0xd0104fe, hbm=0x200507d7, start=0x0, cLines=0x0, lpvBits=0x0, lpbmi=0xefd7b8, usage=0x0 | out: lpvBits=0x0, lpbmi=0xefd7b8) returned 1
[0111.056] GetDIBits (in: hdc=0xd0104fe, hbm=0x200507d7, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0xefd7b8, usage=0x0 | out: lpvBits=0x0, lpbmi=0xefd7b8) returned 1
[0111.056] DeleteObject (ho=0x200507d7) returned 1
[0111.057] CreateDIBSection (in: hdc=0xd0104fe, lpbmi=0xefd878, usage=0x0, ppvBits=0xefde30, hSection=0x0, offset=0x0 | out: ppvBits=0xefde30) returned 0x28050778
[0111.057] SelectObject (hdc=0x100107e7, h=0x28050778) returned 0x85000f
[0111.057] GdipCreateFromHDC (hdc=0x100107e7, graphics=0xefddb8) returned 0x0
[0111.058] GdipTranslateWorldTransform (graphics=0x1c8f89c0, dx=0x7ffcca17ec22, dy=0xca117896fb4, order=0x0) returned 0x0
[0111.059] GdipSetClipRectI (graphics=0x1c8f89c0, x=0, y=0, width=145, height=37, combineMode=0x0) returned 0x0
[0111.059] GdipCreateMatrix (matrix=0xefdde0) returned 0x0
[0111.059] GdipGetWorldTransform (graphics=0x1c8f89c0, matrix=0x1c8f8d90) returned 0x0
[0111.059] GdipIsMatrixIdentity (matrix=0x1c8f8d90, result=0xefde48) returned 0x0
[0111.060] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1082860
[0111.061] GdipGetMatrixElements (matrix=0x1c8f8d90, matrixOut=0x1082860) returned 0x0
[0111.061] LocalFree (hMem=0x1082860) returned 0x0
[0111.064] GdipDeleteMatrix (matrix=0x1c8f8d90) returned 0x0
[0111.064] GdipCreateRegion (region=0xefdde0) returned 0x0
[0111.065] GdipGetClip (graphics=0x1c8f89c0, region=0x1c8f8ef0) returned 0x0
[0111.065] GdipIsInfiniteRegion (region=0x1c8f8ef0, graphics=0x1c8f89c0, result=0xefde40) returned 0x0
[0111.065] GdipSaveGraphics (graphics=0x1c8f89c0, state=0xefdee0) returned 0x0
[0111.065] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0111.065] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0111.065] GetSystemMetrics (nIndex=42) returned 0
[0111.065] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefdcc0, nMaxCount=9 | out: lpString="01:59:58") returned 8
[0111.065] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefdcc0) returned 0x8
[0111.065] GetClientRect (in: hWnd=0x702c2, lpRect=0xefde78 | out: lpRect=0xefde78) returned 1
[0111.066] GdipCreateRegion (region=0xefda50) returned 0x0
[0111.066] GdipGetClip (graphics=0x1c8f89c0, region=0x1c8f8fb0) returned 0x0
[0111.066] GdipCreateMatrix (matrix=0xefda50) returned 0x0
[0111.066] GdipGetWorldTransform (graphics=0x1c8f89c0, matrix=0x1c8f8dd0) returned 0x0
[0111.066] GdipIsMatrixIdentity (matrix=0x1c8f8dd0, result=0xefdab8) returned 0x0
[0111.066] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1082860
[0111.066] GdipGetMatrixElements (matrix=0x1c8f8dd0, matrixOut=0x1082860) returned 0x0
[0111.067] LocalFree (hMem=0x1082860) returned 0x0
[0111.068] GdipCombineRegionRegion (region=0x1c8f8fb0, region2=0x1c8f8ef0, combineMode=0x1) returned 0x0
[0111.068] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1082b60
[0111.068] GdipGetMatrixElements (matrix=0x1c8f8dd0, matrixOut=0x1082b60) returned 0x0
[0111.068] LocalFree (hMem=0x1082b60) returned 0x0
[0111.068] GdipDeleteMatrix (matrix=0x1c8f8dd0) returned 0x0
[0111.068] GdipIsInfiniteRegion (region=0x1c8f8fb0, graphics=0x1c8f89c0, result=0xefdb20) returned 0x0
[0111.068] GdipIsInfiniteRegion (region=0x1c8f8fb0, graphics=0x1c8f89c0, result=0xefdae0) returned 0x0
[0111.069] GdipGetRegionHRgn (region=0x1c8f8fb0, graphics=0x1c8f89c0, hRgn=0xefdae0) returned 0x0
[0111.070] GdipDeleteRegion (region=0x1c8f8fb0) returned 0x0
[0111.070] GdipGetDC (graphics=0x1c8f89c0, hdc=0xefdb28) returned 0x0
[0111.070] GetCurrentObject (hdc=0x100107e7, type=0x1) returned 0xb00017
[0111.070] GetCurrentObject (hdc=0x100107e7, type=0x2) returned 0x900010
[0111.070] GetCurrentObject (hdc=0x100107e7, type=0x7) returned 0x28050778
[0111.070] GetCurrentObject (hdc=0x100107e7, type=0x6) returned 0x8a01c2
[0111.070] SaveDC (hdc=0x100107e7) returned 1
[0111.073] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2704079d
[0111.074] GetClipRgn (hdc=0x100107e7, hrgn=0x2704079d) returned 0
[0111.074] SelectClipRgn (hdc=0x100107e7, hrgn=0x5504064d) returned 2
[0111.074] DeleteObject (ho=0x2704079d) returned 1
[0111.074] DeleteObject (ho=0x5504064d) returned 1
[0111.075] OffsetViewportOrgEx (in: hdc=0x100107e7, x=0, y=0, lppt=0x2d24190 | out: lppt=0x2d24190) returned 1
[0111.075] GetNearestColor (hdc=0x100107e7, color=0x0) returned 0x0
[0111.075] CreateSolidBrush (color=0x0) returned 0x1b100774
[0111.075] FillRect (hDC=0x100107e7, lprc=0xefdb60, hbr=0x1b100774) returned 1
[0111.075] DeleteObject (ho=0x1b100774) returned 1
[0111.075] RestoreDC (hdc=0x100107e7, nSavedDC=-1) returned 1
[0111.078] GdipReleaseDC (graphics=0x1c8f89c0, hdc=0x100107e7) returned 0x0
[0111.078] GdipRestoreGraphics (graphics=0x1c8f89c0, state=0xfffffffffdb20dbd) returned 0x0
[0111.079] GdipDeleteRegion (region=0x1c8f8ef0) returned 0x0
[0111.079] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0111.079] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0111.079] GetSystemMetrics (nIndex=42) returned 0
[0111.079] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefdcc0, nMaxCount=9 | out: lpString="01:59:58") returned 8
[0111.079] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefdcc0) returned 0x8
[0111.079] GdipGetDC (graphics=0x1c8f89c0, hdc=0xefdcc8) returned 0x0
[0111.079] GetCurrentObject (hdc=0x100107e7, type=0x1) returned 0xb00017
[0111.079] GetCurrentObject (hdc=0x100107e7, type=0x2) returned 0x900010
[0111.079] GetCurrentObject (hdc=0x100107e7, type=0x7) returned 0x28050778
[0111.079] GetCurrentObject (hdc=0x100107e7, type=0x6) returned 0x8a01c2
[0111.079] SaveDC (hdc=0x100107e7) returned 1
[0111.079] GetNearestColor (hdc=0x100107e7, color=0xffffff) returned 0xffffff
[0111.079] RestoreDC (hdc=0x100107e7, nSavedDC=-1) returned 1
[0111.079] GdipReleaseDC (graphics=0x1c8f89c0, hdc=0x100107e7) returned 0x0
[0111.080] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0111.080] AdjustWindowRectEx (in: lpRect=0xefdb80, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdb80) returned 1
[0111.081] GdipGetTextRenderingHint (graphics=0x1c8f89c0, mode=0xefdbd8) returned 0x0
[0111.081] GdipGetDC (graphics=0x1c8f89c0, hdc=0xefdbb8) returned 0x0
[0111.081] GetCurrentObject (hdc=0x100107e7, type=0x1) returned 0xb00017
[0111.081] GetCurrentObject (hdc=0x100107e7, type=0x2) returned 0x900010
[0111.081] GetCurrentObject (hdc=0x100107e7, type=0x7) returned 0x28050778
[0111.081] GetCurrentObject (hdc=0x100107e7, type=0x6) returned 0x8a01c2
[0111.082] SaveDC (hdc=0x100107e7) returned 1
[0111.084] GetTextAlign (hdc=0x100107e7) returned 0x0
[0111.085] GetTextColor (hdc=0x100107e7) returned 0x0
[0111.100] SetTextColor (hdc=0x100107e7, color=0xffffff) returned 0x0
[0111.100] GetCurrentObject (hdc=0x100107e7, type=0x6) returned 0x8a01c2
[0111.100] GetObjectW (in: h=0x8a01c2, c=92, pv=0xefd6c0 | out: pv=0xefd6c0) returned 92
[0111.100] SelectObject (hdc=0x100107e7, h=0x480a077f) returned 0x8a01c2
[0111.101] GetBkMode (hdc=0x100107e7) returned 2
[0111.102] SetBkMode (hdc=0x100107e7, mode=1) returned 2
[0111.102] DrawTextExW (in: hdc=0x100107e7, lpchText="01:59:58", cchText=8, lprc=0xefdb48, format=0x100000, lpdtp=0x2d24b28 | out: lpchText="01:59:58", lprc=0xefdb48) returned 37
[0111.122] RestoreDC (hdc=0x100107e7, nSavedDC=-1) returned 1
[0111.122] GdipReleaseDC (graphics=0x1c8f89c0, hdc=0x100107e7) returned 0x0
[0111.123] GdipGetDC (graphics=0x1c8f89c0, hdc=0xefddf8) returned 0x0
[0111.123] BitBlt (hdc=0xd0104fe, x=0, y=0, cx=145, cy=37, hdcSrc=0x100107e7, x1=0, y1=0, rop=0xcc0020) returned 1
[0111.125] GdipReleaseDC (graphics=0x1c8f89c0, hdc=0x100107e7) returned 0x0
[0111.125] SelectPalette (hdc=0xd0104fe, hPal=0x88000b, bForceBkgd=0) returned 0x220807ed
[0111.126] SelectObject (hdc=0x100107e7, h=0x85000f) returned 0x28050778
[0111.126] DeleteDC (hdc=0x100107e7) returned 1
[0111.126] GdipDeleteGraphics (graphics=0x1c8f89c0) returned 0x0
[0111.126] EndPaint (hWnd=0x702c2, lpPaint=0xefddd8) returned 1
[0111.127] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0111.127] IsWindowUnicode (hWnd=0x802c8) returned 1
[0111.127] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0111.127] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0111.127] DispatchMessageW (lpMsg=0xefe7e0) returned 0x0
[0111.127] GetWindowThreadProcessId (in: hWnd=0x802c8, lpdwProcessId=0xefe110 | out: lpdwProcessId=0xefe110) returned 0x4b0
[0111.127] GetCurrentThreadId () returned 0x4b0
[0111.127] IsWindow (hWnd=0x802c8) returned 1
[0111.127] KillTimer (hWnd=0x802c8, uIDEvent=0xc) returned 1
[0111.127] DestroyWindow (hWnd=0x802c8) returned 1
[0111.127] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x802c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0111.127] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x802c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0111.128] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x802c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0111.130] CoTaskMemAlloc (cb=0x20c) returned 0x1084710
[0111.130] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1084710 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0111.130] CoTaskMemFree (pv=0x1084710)
[0111.130] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefdaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0111.130] CoTaskMemAlloc (cb=0x280) returned 0x1db44c00
[0111.130] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db44c00, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0111.130] CoTaskMemFree (pv=0x1db44c00)
[0111.130] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0111.131] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefe0d0) returned 1
[0111.131] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefe1b0 | out: lpFileInformation=0xefe1b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0111.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefe090) returned 1
[0111.131] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0111.131] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefe0d0) returned 1
[0111.131] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefe1b0 | out: lpFileInformation=0xefe1b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0111.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefe090) returned 1
[0111.131] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0111.132] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x902c8
[0111.133] SetWindowLongPtrW (hWnd=0x902c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0111.133] GetWindowLongPtrW (hWnd=0x902c8, nIndex=-4) returned 0x7ffcea425090
[0111.133] SetWindowLongPtrW (hWnd=0x902c8, nIndex=-4, dwNewLong=0x1b7d3adc) returned 0x7ffcea425090
[0111.133] GetWindowLongPtrW (hWnd=0x902c8, nIndex=-4) returned 0x1b7d3adc
[0111.133] GetWindowLongPtrW (hWnd=0x902c8, nIndex=-16) returned 0x4c00000
[0111.134] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x902c8, Msg=0x24, wParam=0x0, lParam=0xefd7f0) returned 0x0
[0111.134] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x902c8, Msg=0x81, wParam=0x0, lParam=0xefd760) returned 0x1
[0111.135] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x902c8, Msg=0x83, wParam=0x0, lParam=0xefd810) returned 0x0
[0111.135] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x902c8, Msg=0x1, wParam=0x0, lParam=0xefd730) returned 0x0
[0111.136] SetTimer (hWnd=0x902c8, nIDEvent=0xd, uElapse=0x64, lpTimerFunc=0x0) returned 0xd
[0111.136] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0111.136] IsWindowUnicode (hWnd=0x19001c) returned 1
[0111.136] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0111.136] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0111.136] DispatchMessageW (lpMsg=0xefe7e0) returned 0x0
[0111.162] GetWindowThreadProcessId (in: hWnd=0x19001c, lpdwProcessId=0xefe180 | out: lpdwProcessId=0xefe180) returned 0x4b0
[0111.162] GetCurrentThreadId () returned 0x4b0
[0111.162] IsWindow (hWnd=0x19001c) returned 1
[0111.162] KillTimer (hWnd=0x19001c, uIDEvent=0x3) returned 1
[0111.162] DestroyWindow (hWnd=0x19001c) returned 1
[0111.162] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x19001c, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0111.162] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x19001c, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0111.163] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x19001c, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0111.657] BlockInput (fBlockIt=1) returned 1
[0111.667] CoTaskMemAlloc (cb=0x20c) returned 0x1087190
[0111.675] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1087190 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0111.675] CoTaskMemFree (pv=0x1087190)
[0111.675] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefda50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0111.675] CoTaskMemAlloc (cb=0x280) returned 0x1db471b0
[0111.675] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db471b0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0111.675] CoTaskMemFree (pv=0x1db471b0)
[0111.680] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefe0a0) returned 1
[0111.681] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\", nBufferLength=0x105, lpBuffer=0xefdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\", lpFilePart=0x0) returned 0x18
[0111.688] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\*", lpFindFileData=0xefddc0 | out: lpFindFileData=0xefddc0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x70d28e9c, ftLastAccessTime.dwHighDateTime=0x1d6f1dd, ftLastWriteTime.dwLowDateTime=0x70d28e9c, ftLastWriteTime.dwHighDateTime=0x1d6f1dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1db3c0f0
[0111.689] FindClose (in: hFindFile=0x1db3c0f0 | out: hFindFile=0x1db3c0f0) returned 1
[0111.691] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\*", lpFindFileData=0xefdcd0 | out: lpFindFileData=0xefdcd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x70d28e9c, ftLastAccessTime.dwHighDateTime=0x1d6f1dd, ftLastWriteTime.dwLowDateTime=0x70d28e9c, ftLastWriteTime.dwHighDateTime=0x1d6f1dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1db3c990
[0111.692] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x70d28e9c, ftLastAccessTime.dwHighDateTime=0x1d6f1dd, ftLastWriteTime.dwLowDateTime=0x70d28e9c, ftLastWriteTime.dwHighDateTime=0x1d6f1dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
[0111.692] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1d0589c0, ftCreationTime.dwHighDateTime=0x1d5f080, ftLastAccessTime.dwLowDateTime=0x3166e290, ftLastAccessTime.dwHighDateTime=0x1d5ed3a, ftLastWriteTime.dwLowDateTime=0x3166e290, ftLastWriteTime.dwHighDateTime=0x1d5ed3a, nFileSizeHigh=0x0, nFileSizeLow=0xd025, dwReserved0=0x0, dwReserved1=0x0, cFileName="-Q1btNNAQT.jpg", cAlternateFileName="-Q1BTN~1.JPG")) returned 1
[0111.692] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed6d60a0, ftCreationTime.dwHighDateTime=0x1d5ed07, ftLastAccessTime.dwLowDateTime=0xfccfab90, ftLastAccessTime.dwHighDateTime=0x1d5ef53, ftLastWriteTime.dwLowDateTime=0xfccfab90, ftLastWriteTime.dwHighDateTime=0x1d5ef53, nFileSizeHigh=0x0, nFileSizeLow=0x11f65, dwReserved0=0x0, dwReserved1=0x0, cFileName="-R9qX18qt uvQrw.png", cAlternateFileName="-R9QX1~1.PNG")) returned 1
[0111.692] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x287c04b0, ftCreationTime.dwHighDateTime=0x1d5ed5f, ftLastAccessTime.dwLowDateTime=0x10f9d740, ftLastAccessTime.dwHighDateTime=0x1d5e7ba, ftLastWriteTime.dwLowDateTime=0x10f9d740, ftLastWriteTime.dwHighDateTime=0x1d5e7ba, nFileSizeHigh=0x0, nFileSizeLow=0xcce3, dwReserved0=0x0, dwReserved1=0x0, cFileName="5jiGLsAS51cw.pdf", cAlternateFileName="5JIGLS~1.PDF")) returned 1
[0111.692] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4917e740, ftCreationTime.dwHighDateTime=0x1d5efb5, ftLastAccessTime.dwLowDateTime=0x262f4b0, ftLastAccessTime.dwHighDateTime=0x1d5ee58, ftLastWriteTime.dwLowDateTime=0x262f4b0, ftLastWriteTime.dwHighDateTime=0x1d5ee58, nFileSizeHigh=0x0, nFileSizeLow=0xa880, dwReserved0=0x0, dwReserved1=0x0, cFileName="6D5GybDLA.xlsx", cAlternateFileName="6D5GYB~1.XLS")) returned 1
[0111.693] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0218b70, ftCreationTime.dwHighDateTime=0x1d5e16c, ftLastAccessTime.dwLowDateTime=0xf7f06a10, ftLastAccessTime.dwHighDateTime=0x1d5ed37, ftLastWriteTime.dwLowDateTime=0xf7f06a10, ftLastWriteTime.dwHighDateTime=0x1d5ed37, nFileSizeHigh=0x0, nFileSizeLow=0x118b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="783SVZBUM4K35WHm3eRE.wav", cAlternateFileName="783SVZ~1.WAV")) returned 1
[0111.693] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e3fae00, ftCreationTime.dwHighDateTime=0x1d6f1dd, ftLastAccessTime.dwLowDateTime=0x2e3fae00, ftLastAccessTime.dwHighDateTime=0x1d6f1dd, ftLastWriteTime.dwLowDateTime=0x2b908900, ftLastWriteTime.dwHighDateTime=0x1d6f1dc, nFileSizeHigh=0x0, nFileSizeLow=0x2ea00, dwReserved0=0x0, dwReserved1=0x0, cFileName="8g4YJ5vYi5gsz9qg.exe", cAlternateFileName="8G4YJ5~1.EXE")) returned 1
[0111.693] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x927bcf60, ftCreationTime.dwHighDateTime=0x1d5eeb0, ftLastAccessTime.dwLowDateTime=0x1d0f95f0, ftLastAccessTime.dwHighDateTime=0x1d5e8ab, ftLastWriteTime.dwLowDateTime=0x1d0f95f0, ftLastWriteTime.dwHighDateTime=0x1d5e8ab, nFileSizeHigh=0x0, nFileSizeLow=0x2a22, dwReserved0=0x0, dwReserved1=0x0, cFileName="aAOxpPBgR6hc.wav", cAlternateFileName="AAOXPP~1.WAV")) returned 1
[0111.693] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc78ee2f0, ftCreationTime.dwHighDateTime=0x1d5ef50, ftLastAccessTime.dwLowDateTime=0x99f42e0, ftLastAccessTime.dwHighDateTime=0x1d5e559, ftLastWriteTime.dwLowDateTime=0x99f42e0, ftLastWriteTime.dwHighDateTime=0x1d5e559, nFileSizeHigh=0x0, nFileSizeLow=0x1211, dwReserved0=0x0, dwReserved1=0x0, cFileName="AZTWSqU.avi", cAlternateFileName="")) returned 1
[0111.693] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b75ac80, ftCreationTime.dwHighDateTime=0x1d5f0a9, ftLastAccessTime.dwLowDateTime=0xcef809f0, ftLastAccessTime.dwHighDateTime=0x1d5e392, ftLastWriteTime.dwLowDateTime=0xcef809f0, ftLastWriteTime.dwHighDateTime=0x1d5e392, nFileSizeHigh=0x0, nFileSizeLow=0xf78b, dwReserved0=0x0, dwReserved1=0x0, cFileName="B2Px0LCOjxIu PPh7hDJ.mkv", cAlternateFileName="B2PX0L~1.MKV")) returned 1
[0111.693] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2e428d0, ftCreationTime.dwHighDateTime=0x1d5e240, ftLastAccessTime.dwLowDateTime=0x234015b0, ftLastAccessTime.dwHighDateTime=0x1d5f050, ftLastWriteTime.dwLowDateTime=0x234015b0, ftLastWriteTime.dwHighDateTime=0x1d5f050, nFileSizeHigh=0x0, nFileSizeLow=0xbc9e, dwReserved0=0x0, dwReserved1=0x0, cFileName="bmu7titX2no.mp3", cAlternateFileName="BMU7TI~1.MP3")) returned 1
[0111.694] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9426180, ftCreationTime.dwHighDateTime=0x1d5e39f, ftLastAccessTime.dwLowDateTime=0xb0c0d870, ftLastAccessTime.dwHighDateTime=0x1d5f03c, ftLastWriteTime.dwLowDateTime=0xb0c0d870, ftLastWriteTime.dwHighDateTime=0x1d5f03c, nFileSizeHigh=0x0, nFileSizeLow=0x16e6e, dwReserved0=0x0, dwReserved1=0x0, cFileName="D6Yt.mp3", cAlternateFileName="")) returned 1
[0111.694] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x228e9c30, ftCreationTime.dwHighDateTime=0x1d5e1fb, ftLastAccessTime.dwLowDateTime=0xe5b57e10, ftLastAccessTime.dwHighDateTime=0x1d5e695, ftLastWriteTime.dwLowDateTime=0xe5b57e10, ftLastWriteTime.dwHighDateTime=0x1d5e695, nFileSizeHigh=0x0, nFileSizeLow=0xb7ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="D8fB.bmp", cAlternateFileName="")) returned 1
[0111.694] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee91fd60, ftCreationTime.dwHighDateTime=0x1d5ea3c, ftLastAccessTime.dwLowDateTime=0x404edc0, ftLastAccessTime.dwHighDateTime=0x1d5ed0c, ftLastWriteTime.dwLowDateTime=0x404edc0, ftLastWriteTime.dwHighDateTime=0x1d5ed0c, nFileSizeHigh=0x0, nFileSizeLow=0x12c0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="eMfraDDsfi.m4a", cAlternateFileName="EMFRAD~1.M4A")) returned 1
[0111.694] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2cc92c30, ftCreationTime.dwHighDateTime=0x1d5e181, ftLastAccessTime.dwLowDateTime=0x8dff5e40, ftLastAccessTime.dwHighDateTime=0x1d5e508, ftLastWriteTime.dwLowDateTime=0x8dff5e40, ftLastWriteTime.dwHighDateTime=0x1d5e508, nFileSizeHigh=0x0, nFileSizeLow=0x1a03, dwReserved0=0x0, dwReserved1=0x0, cFileName="F3pGdhW_LtYTRGqIv8.docx", cAlternateFileName="F3PGDH~1.DOC")) returned 1
[0111.694] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cc045e0, ftCreationTime.dwHighDateTime=0x1d5e122, ftLastAccessTime.dwLowDateTime=0x78f9e200, ftLastAccessTime.dwHighDateTime=0x1d5ec87, ftLastWriteTime.dwLowDateTime=0x78f9e200, ftLastWriteTime.dwHighDateTime=0x1d5ec87, nFileSizeHigh=0x0, nFileSizeLow=0x48c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fY9EtI1To8GFNfUe8L.mp3", cAlternateFileName="FY9ETI~1.MP3")) returned 1
[0111.695] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fae7900, ftCreationTime.dwHighDateTime=0x1d5e63b, ftLastAccessTime.dwLowDateTime=0x8dbf4aa0, ftLastAccessTime.dwHighDateTime=0x1d5e97f, ftLastWriteTime.dwLowDateTime=0x8dbf4aa0, ftLastWriteTime.dwHighDateTime=0x1d5e97f, nFileSizeHigh=0x0, nFileSizeLow=0x15fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="G1arb1fmSpiHf-oAIpM5.mp4", cAlternateFileName="G1ARB1~1.MP4")) returned 1
[0111.695] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ff55860, ftCreationTime.dwHighDateTime=0x1d5e8f3, ftLastAccessTime.dwLowDateTime=0x325dc010, ftLastAccessTime.dwHighDateTime=0x1d5e8e4, ftLastWriteTime.dwLowDateTime=0x325dc010, ftLastWriteTime.dwHighDateTime=0x1d5e8e4, nFileSizeHigh=0x0, nFileSizeLow=0x1628d, dwReserved0=0x0, dwReserved1=0x0, cFileName="i45PsiITjh_SeDKe.docx", cAlternateFileName="I45PSI~1.DOC")) returned 1
[0111.695] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72f08d80, ftCreationTime.dwHighDateTime=0x1d5e7fc, ftLastAccessTime.dwLowDateTime=0x66902120, ftLastAccessTime.dwHighDateTime=0x1d5e6d2, ftLastWriteTime.dwLowDateTime=0x66902120, ftLastWriteTime.dwHighDateTime=0x1d5e6d2, nFileSizeHigh=0x0, nFileSizeLow=0x7fc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iFXrA2.mkv", cAlternateFileName="")) returned 1
[0111.695] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc71b7cc0, ftCreationTime.dwHighDateTime=0x1d5e541, ftLastAccessTime.dwLowDateTime=0xc12b17f0, ftLastAccessTime.dwHighDateTime=0x1d5e139, ftLastWriteTime.dwLowDateTime=0xc12b17f0, ftLastWriteTime.dwHighDateTime=0x1d5e139, nFileSizeHigh=0x0, nFileSizeLow=0x1260, dwReserved0=0x0, dwReserved1=0x0, cFileName="iGcyw6tHGnuYa.avi", cAlternateFileName="IGCYW6~1.AVI")) returned 1
[0111.695] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x398d2580, ftCreationTime.dwHighDateTime=0x1d5ebe4, ftLastAccessTime.dwLowDateTime=0x153d76b0, ftLastAccessTime.dwHighDateTime=0x1d5e641, ftLastWriteTime.dwLowDateTime=0x153d76b0, ftLastWriteTime.dwHighDateTime=0x1d5e641, nFileSizeHigh=0x0, nFileSizeLow=0x10a51, dwReserved0=0x0, dwReserved1=0x0, cFileName="j1vV.flv", cAlternateFileName="")) returned 1
[0111.695] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x430aa7b0, ftCreationTime.dwHighDateTime=0x1d5e3c2, ftLastAccessTime.dwLowDateTime=0x7ac12880, ftLastAccessTime.dwHighDateTime=0x1d5e829, ftLastWriteTime.dwLowDateTime=0x7ac12880, ftLastWriteTime.dwHighDateTime=0x1d5e829, nFileSizeHigh=0x0, nFileSizeLow=0x17f87, dwReserved0=0x0, dwReserved1=0x0, cFileName="kjJi.bmp", cAlternateFileName="")) returned 1
[0111.696] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x207b6d50, ftCreationTime.dwHighDateTime=0x1d5e882, ftLastAccessTime.dwLowDateTime=0xd3eb3560, ftLastAccessTime.dwHighDateTime=0x1d5f0e2, ftLastWriteTime.dwLowDateTime=0xd3eb3560, ftLastWriteTime.dwHighDateTime=0x1d5f0e2, nFileSizeHigh=0x0, nFileSizeLow=0x25e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="LHbaE3zUi_VGyfB5.avi", cAlternateFileName="LHBAE3~1.AVI")) returned 1
[0111.696] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6cd8bb0, ftCreationTime.dwHighDateTime=0x1d5e930, ftLastAccessTime.dwLowDateTime=0xa960e480, ftLastAccessTime.dwHighDateTime=0x1d5e1b4, ftLastWriteTime.dwLowDateTime=0xa960e480, ftLastWriteTime.dwHighDateTime=0x1d5e1b4, nFileSizeHigh=0x0, nFileSizeLow=0xb79f, dwReserved0=0x0, dwReserved1=0x0, cFileName="n8tA1vtRF.pptx", cAlternateFileName="N8TA1V~1.PPT")) returned 1
[0111.696] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4405090, ftCreationTime.dwHighDateTime=0x1d5eb59, ftLastAccessTime.dwLowDateTime=0xdf0da2f0, ftLastAccessTime.dwHighDateTime=0x1d5e7d9, ftLastWriteTime.dwLowDateTime=0xdf0da2f0, ftLastWriteTime.dwHighDateTime=0x1d5e7d9, nFileSizeHigh=0x0, nFileSizeLow=0x1d20, dwReserved0=0x0, dwReserved1=0x0, cFileName="n_CE2UyUTD8hhgp1UNk.avi", cAlternateFileName="N_CE2U~1.AVI")) returned 1
[0111.697] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5873e60, ftCreationTime.dwHighDateTime=0x1d5f035, ftLastAccessTime.dwLowDateTime=0x4dcb3e40, ftLastAccessTime.dwHighDateTime=0x1d5f046, ftLastWriteTime.dwLowDateTime=0x4dcb3e40, ftLastWriteTime.dwHighDateTime=0x1d5f046, nFileSizeHigh=0x0, nFileSizeLow=0x9845, dwReserved0=0x0, dwReserved1=0x0, cFileName="oywBt0_fLo2nM lPSO.avi", cAlternateFileName="OYWBT0~1.AVI")) returned 1
[0111.697] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe91d3540, ftCreationTime.dwHighDateTime=0x1d5ef08, ftLastAccessTime.dwLowDateTime=0xb62fa80, ftLastAccessTime.dwHighDateTime=0x1d5e6db, ftLastWriteTime.dwLowDateTime=0xb62fa80, ftLastWriteTime.dwHighDateTime=0x1d5e6db, nFileSizeHigh=0x0, nFileSizeLow=0x11c2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pk87oz1B8x0DUr0T_S.bmp", cAlternateFileName="PK87OZ~1.BMP")) returned 1
[0111.697] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12975200, ftCreationTime.dwHighDateTime=0x1d5ed49, ftLastAccessTime.dwLowDateTime=0x4080930, ftLastAccessTime.dwHighDateTime=0x1d5e544, ftLastWriteTime.dwLowDateTime=0x4080930, ftLastWriteTime.dwHighDateTime=0x1d5e544, nFileSizeHigh=0x0, nFileSizeLow=0x9132, dwReserved0=0x0, dwReserved1=0x0, cFileName="SvNPBM-.gif", cAlternateFileName="")) returned 1
[0111.697] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c3e44f0, ftCreationTime.dwHighDateTime=0x1d5f061, ftLastAccessTime.dwLowDateTime=0x6fdc2630, ftLastAccessTime.dwHighDateTime=0x1d5e9ec, ftLastWriteTime.dwLowDateTime=0x6fdc2630, ftLastWriteTime.dwHighDateTime=0x1d5e9ec, nFileSizeHigh=0x0, nFileSizeLow=0x16ee1, dwReserved0=0x0, dwReserved1=0x0, cFileName="uFzk8u5NnfgLNoYtCu.flv", cAlternateFileName="UFZK8U~1.FLV")) returned 1
[0111.697] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9cc2020, ftCreationTime.dwHighDateTime=0x1d5e8d1, ftLastAccessTime.dwLowDateTime=0xb1bc2b0, ftLastAccessTime.dwHighDateTime=0x1d5e6b7, ftLastWriteTime.dwLowDateTime=0xb1bc2b0, ftLastWriteTime.dwHighDateTime=0x1d5e6b7, nFileSizeHigh=0x0, nFileSizeLow=0x10349, dwReserved0=0x0, dwReserved1=0x0, cFileName="VJvL6tO0ETnQke-rP9e.odt", cAlternateFileName="VJVL6T~1.ODT")) returned 1
[0111.698] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xede458d0, ftCreationTime.dwHighDateTime=0x1d5ef8d, ftLastAccessTime.dwLowDateTime=0x3c634dc0, ftLastAccessTime.dwHighDateTime=0x1d5e6f3, ftLastWriteTime.dwLowDateTime=0x3c634dc0, ftLastWriteTime.dwHighDateTime=0x1d5e6f3, nFileSizeHigh=0x0, nFileSizeLow=0x8a30, dwReserved0=0x0, dwReserved1=0x0, cFileName="VsezaQBBYQ18K1I.avi", cAlternateFileName="VSEZAQ~1.AVI")) returned 1
[0111.698] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xceb40a90, ftCreationTime.dwHighDateTime=0x1d5edef, ftLastAccessTime.dwLowDateTime=0x23a1a760, ftLastAccessTime.dwHighDateTime=0x1d5e18e, ftLastWriteTime.dwLowDateTime=0x23a1a760, ftLastWriteTime.dwHighDateTime=0x1d5e18e, nFileSizeHigh=0x0, nFileSizeLow=0x906b, dwReserved0=0x0, dwReserved1=0x0, cFileName="vTwtJ4Yn9Z2M.gif", cAlternateFileName="VTWTJ4~1.GIF")) returned 1
[0111.698] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbe439e30, ftCreationTime.dwHighDateTime=0x1d5eec8, ftLastAccessTime.dwLowDateTime=0x38d5e9d0, ftLastAccessTime.dwHighDateTime=0x1d5ee5d, ftLastWriteTime.dwLowDateTime=0x38d5e9d0, ftLastWriteTime.dwHighDateTime=0x1d5ee5d, nFileSizeHigh=0x0, nFileSizeLow=0xd77d, dwReserved0=0x0, dwReserved1=0x0, cFileName="W0nPkuSy3WYXP1R2S.mp4", cAlternateFileName="W0NPKU~1.MP4")) returned 1
[0111.698] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7fad4600, ftCreationTime.dwHighDateTime=0x1d5e7fa, ftLastAccessTime.dwLowDateTime=0x512e4220, ftLastAccessTime.dwHighDateTime=0x1d5e700, ftLastWriteTime.dwLowDateTime=0x512e4220, ftLastWriteTime.dwHighDateTime=0x1d5e700, nFileSizeHigh=0x0, nFileSizeLow=0x17177, dwReserved0=0x0, dwReserved1=0x0, cFileName="wb1N5W.mp4", cAlternateFileName="")) returned 1
[0111.698] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70601c9a, ftCreationTime.dwHighDateTime=0x1d6f1dd, ftLastAccessTime.dwLowDateTime=0x70601c9a, ftLastAccessTime.dwHighDateTime=0x1d6f1dd, ftLastWriteTime.dwLowDateTime=0x7064e09e, ftLastWriteTime.dwHighDateTime=0x1d6f1dd, nFileSizeHigh=0x0, nFileSizeLow=0x9, dwReserved0=0x0, dwReserved1=0x0, cFileName="worm_tool.sys", cAlternateFileName="WORM_T~1.SYS")) returned 1
[0111.699] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ee60160, ftCreationTime.dwHighDateTime=0x1d5f0da, ftLastAccessTime.dwLowDateTime=0x721eb070, ftLastAccessTime.dwHighDateTime=0x1d5ec8f, ftLastWriteTime.dwLowDateTime=0x721eb070, ftLastWriteTime.dwHighDateTime=0x1d5ec8f, nFileSizeHigh=0x0, nFileSizeLow=0xdf3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="X EakLD0TYMH1T.gif", cAlternateFileName="XEAKLD~1.GIF")) returned 1
[0111.699] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa53d5f30, ftCreationTime.dwHighDateTime=0x1d5eebd, ftLastAccessTime.dwLowDateTime=0xcf67db10, ftLastAccessTime.dwHighDateTime=0x1d5e769, ftLastWriteTime.dwLowDateTime=0xcf67db10, ftLastWriteTime.dwHighDateTime=0x1d5e769, nFileSizeHigh=0x0, nFileSizeLow=0x144c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="yA5RhtAAB12zR.mp3", cAlternateFileName="YA5RHT~1.MP3")) returned 1
[0111.699] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f076820, ftCreationTime.dwHighDateTime=0x1d5ec4a, ftLastAccessTime.dwLowDateTime=0xbdb9a050, ftLastAccessTime.dwHighDateTime=0x1d5ef0d, ftLastWriteTime.dwLowDateTime=0xbdb9a050, ftLastWriteTime.dwHighDateTime=0x1d5ef0d, nFileSizeHigh=0x0, nFileSizeLow=0x8062, dwReserved0=0x0, dwReserved1=0x0, cFileName="YJ1hhGAE6yj-Y.bmp", cAlternateFileName="YJ1HHG~1.BMP")) returned 1
[0111.699] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf73a8df0, ftCreationTime.dwHighDateTime=0x1d5e5ec, ftLastAccessTime.dwLowDateTime=0xe744390, ftLastAccessTime.dwHighDateTime=0x1d5e335, ftLastWriteTime.dwLowDateTime=0xe744390, ftLastWriteTime.dwHighDateTime=0x1d5e335, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Z Yv6OX_JjRd88R_", cAlternateFileName="ZYV6OX~1")) returned 1
[0111.699] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e27f360, ftCreationTime.dwHighDateTime=0x1d5ea49, ftLastAccessTime.dwLowDateTime=0xbca53020, ftLastAccessTime.dwHighDateTime=0x1d5eb49, ftLastWriteTime.dwLowDateTime=0xbca53020, ftLastWriteTime.dwHighDateTime=0x1d5eb49, nFileSizeHigh=0x0, nFileSizeLow=0x13d5b, dwReserved0=0x0, dwReserved1=0x0, cFileName="z2TwaHe fR3G.swf", cAlternateFileName="Z2TWAH~1.SWF")) returned 1
[0111.700] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce986680, ftCreationTime.dwHighDateTime=0x1d5e15d, ftLastAccessTime.dwLowDateTime=0x486a3d90, ftLastAccessTime.dwHighDateTime=0x1d5ea90, ftLastWriteTime.dwLowDateTime=0x486a3d90, ftLastWriteTime.dwHighDateTime=0x1d5ea90, nFileSizeHigh=0x0, nFileSizeLow=0x919, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZJ7 uJ.flv", cAlternateFileName="ZJ7UJ~1.FLV")) returned 1
[0111.700] FindNextFileW (in: hFindFile=0x1db3c990, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce986680, ftCreationTime.dwHighDateTime=0x1d5e15d, ftLastAccessTime.dwLowDateTime=0x486a3d90, ftLastAccessTime.dwHighDateTime=0x1d5ea90, ftLastWriteTime.dwLowDateTime=0x486a3d90, ftLastWriteTime.dwHighDateTime=0x1d5ea90, nFileSizeHigh=0x0, nFileSizeLow=0x919, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZJ7 uJ.flv", cAlternateFileName="ZJ7UJ~1.FLV")) returned 0
[0111.700] FindClose (in: hFindFile=0x1db3c990 | out: hFindFile=0x1db3c990) returned 1
[0111.700] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\*", lpFindFileData=0xefdd50 | out: lpFindFileData=0xefdd50*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x70d28e9c, ftLastAccessTime.dwHighDateTime=0x1d6f1dd, ftLastWriteTime.dwLowDateTime=0x70d28e9c, ftLastWriteTime.dwHighDateTime=0x1d6f1dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1db3c4b0
[0111.700] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x70d28e9c, ftLastAccessTime.dwHighDateTime=0x1d6f1dd, ftLastWriteTime.dwLowDateTime=0x70d28e9c, ftLastWriteTime.dwHighDateTime=0x1d6f1dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
[0111.701] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1d0589c0, ftCreationTime.dwHighDateTime=0x1d5f080, ftLastAccessTime.dwLowDateTime=0x3166e290, ftLastAccessTime.dwHighDateTime=0x1d5ed3a, ftLastWriteTime.dwLowDateTime=0x3166e290, ftLastWriteTime.dwHighDateTime=0x1d5ed3a, nFileSizeHigh=0x0, nFileSizeLow=0xd025, dwReserved0=0x0, dwReserved1=0x0, cFileName="-Q1btNNAQT.jpg", cAlternateFileName="-Q1BTN~1.JPG")) returned 1
[0111.701] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed6d60a0, ftCreationTime.dwHighDateTime=0x1d5ed07, ftLastAccessTime.dwLowDateTime=0xfccfab90, ftLastAccessTime.dwHighDateTime=0x1d5ef53, ftLastWriteTime.dwLowDateTime=0xfccfab90, ftLastWriteTime.dwHighDateTime=0x1d5ef53, nFileSizeHigh=0x0, nFileSizeLow=0x11f65, dwReserved0=0x0, dwReserved1=0x0, cFileName="-R9qX18qt uvQrw.png", cAlternateFileName="-R9QX1~1.PNG")) returned 1
[0111.701] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x287c04b0, ftCreationTime.dwHighDateTime=0x1d5ed5f, ftLastAccessTime.dwLowDateTime=0x10f9d740, ftLastAccessTime.dwHighDateTime=0x1d5e7ba, ftLastWriteTime.dwLowDateTime=0x10f9d740, ftLastWriteTime.dwHighDateTime=0x1d5e7ba, nFileSizeHigh=0x0, nFileSizeLow=0xcce3, dwReserved0=0x0, dwReserved1=0x0, cFileName="5jiGLsAS51cw.pdf", cAlternateFileName="5JIGLS~1.PDF")) returned 1
[0111.701] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4917e740, ftCreationTime.dwHighDateTime=0x1d5efb5, ftLastAccessTime.dwLowDateTime=0x262f4b0, ftLastAccessTime.dwHighDateTime=0x1d5ee58, ftLastWriteTime.dwLowDateTime=0x262f4b0, ftLastWriteTime.dwHighDateTime=0x1d5ee58, nFileSizeHigh=0x0, nFileSizeLow=0xa880, dwReserved0=0x0, dwReserved1=0x0, cFileName="6D5GybDLA.xlsx", cAlternateFileName="6D5GYB~1.XLS")) returned 1
[0111.702] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0218b70, ftCreationTime.dwHighDateTime=0x1d5e16c, ftLastAccessTime.dwLowDateTime=0xf7f06a10, ftLastAccessTime.dwHighDateTime=0x1d5ed37, ftLastWriteTime.dwLowDateTime=0xf7f06a10, ftLastWriteTime.dwHighDateTime=0x1d5ed37, nFileSizeHigh=0x0, nFileSizeLow=0x118b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="783SVZBUM4K35WHm3eRE.wav", cAlternateFileName="783SVZ~1.WAV")) returned 1
[0111.730] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e3fae00, ftCreationTime.dwHighDateTime=0x1d6f1dd, ftLastAccessTime.dwLowDateTime=0x2e3fae00, ftLastAccessTime.dwHighDateTime=0x1d6f1dd, ftLastWriteTime.dwLowDateTime=0x2b908900, ftLastWriteTime.dwHighDateTime=0x1d6f1dc, nFileSizeHigh=0x0, nFileSizeLow=0x2ea00, dwReserved0=0x0, dwReserved1=0x0, cFileName="8g4YJ5vYi5gsz9qg.exe", cAlternateFileName="8G4YJ5~1.EXE")) returned 1
[0111.740] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x927bcf60, ftCreationTime.dwHighDateTime=0x1d5eeb0, ftLastAccessTime.dwLowDateTime=0x1d0f95f0, ftLastAccessTime.dwHighDateTime=0x1d5e8ab, ftLastWriteTime.dwLowDateTime=0x1d0f95f0, ftLastWriteTime.dwHighDateTime=0x1d5e8ab, nFileSizeHigh=0x0, nFileSizeLow=0x2a22, dwReserved0=0x0, dwReserved1=0x0, cFileName="aAOxpPBgR6hc.wav", cAlternateFileName="AAOXPP~1.WAV")) returned 1
[0111.741] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc78ee2f0, ftCreationTime.dwHighDateTime=0x1d5ef50, ftLastAccessTime.dwLowDateTime=0x99f42e0, ftLastAccessTime.dwHighDateTime=0x1d5e559, ftLastWriteTime.dwLowDateTime=0x99f42e0, ftLastWriteTime.dwHighDateTime=0x1d5e559, nFileSizeHigh=0x0, nFileSizeLow=0x1211, dwReserved0=0x0, dwReserved1=0x0, cFileName="AZTWSqU.avi", cAlternateFileName="")) returned 1
[0111.744] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b75ac80, ftCreationTime.dwHighDateTime=0x1d5f0a9, ftLastAccessTime.dwLowDateTime=0xcef809f0, ftLastAccessTime.dwHighDateTime=0x1d5e392, ftLastWriteTime.dwLowDateTime=0xcef809f0, ftLastWriteTime.dwHighDateTime=0x1d5e392, nFileSizeHigh=0x0, nFileSizeLow=0xf78b, dwReserved0=0x0, dwReserved1=0x0, cFileName="B2Px0LCOjxIu PPh7hDJ.mkv", cAlternateFileName="B2PX0L~1.MKV")) returned 1
[0111.745] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2e428d0, ftCreationTime.dwHighDateTime=0x1d5e240, ftLastAccessTime.dwLowDateTime=0x234015b0, ftLastAccessTime.dwHighDateTime=0x1d5f050, ftLastWriteTime.dwLowDateTime=0x234015b0, ftLastWriteTime.dwHighDateTime=0x1d5f050, nFileSizeHigh=0x0, nFileSizeLow=0xbc9e, dwReserved0=0x0, dwReserved1=0x0, cFileName="bmu7titX2no.mp3", cAlternateFileName="BMU7TI~1.MP3")) returned 1
[0111.748] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9426180, ftCreationTime.dwHighDateTime=0x1d5e39f, ftLastAccessTime.dwLowDateTime=0xb0c0d870, ftLastAccessTime.dwHighDateTime=0x1d5f03c, ftLastWriteTime.dwLowDateTime=0xb0c0d870, ftLastWriteTime.dwHighDateTime=0x1d5f03c, nFileSizeHigh=0x0, nFileSizeLow=0x16e6e, dwReserved0=0x0, dwReserved1=0x0, cFileName="D6Yt.mp3", cAlternateFileName="")) returned 1
[0111.748] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x228e9c30, ftCreationTime.dwHighDateTime=0x1d5e1fb, ftLastAccessTime.dwLowDateTime=0xe5b57e10, ftLastAccessTime.dwHighDateTime=0x1d5e695, ftLastWriteTime.dwLowDateTime=0xe5b57e10, ftLastWriteTime.dwHighDateTime=0x1d5e695, nFileSizeHigh=0x0, nFileSizeLow=0xb7ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="D8fB.bmp", cAlternateFileName="")) returned 1
[0111.748] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee91fd60, ftCreationTime.dwHighDateTime=0x1d5ea3c, ftLastAccessTime.dwLowDateTime=0x404edc0, ftLastAccessTime.dwHighDateTime=0x1d5ed0c, ftLastWriteTime.dwLowDateTime=0x404edc0, ftLastWriteTime.dwHighDateTime=0x1d5ed0c, nFileSizeHigh=0x0, nFileSizeLow=0x12c0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="eMfraDDsfi.m4a", cAlternateFileName="EMFRAD~1.M4A")) returned 1
[0111.748] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2cc92c30, ftCreationTime.dwHighDateTime=0x1d5e181, ftLastAccessTime.dwLowDateTime=0x8dff5e40, ftLastAccessTime.dwHighDateTime=0x1d5e508, ftLastWriteTime.dwLowDateTime=0x8dff5e40, ftLastWriteTime.dwHighDateTime=0x1d5e508, nFileSizeHigh=0x0, nFileSizeLow=0x1a03, dwReserved0=0x0, dwReserved1=0x0, cFileName="F3pGdhW_LtYTRGqIv8.docx", cAlternateFileName="F3PGDH~1.DOC")) returned 1
[0111.748] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cc045e0, ftCreationTime.dwHighDateTime=0x1d5e122, ftLastAccessTime.dwLowDateTime=0x78f9e200, ftLastAccessTime.dwHighDateTime=0x1d5ec87, ftLastWriteTime.dwLowDateTime=0x78f9e200, ftLastWriteTime.dwHighDateTime=0x1d5ec87, nFileSizeHigh=0x0, nFileSizeLow=0x48c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fY9EtI1To8GFNfUe8L.mp3", cAlternateFileName="FY9ETI~1.MP3")) returned 1
[0111.749] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fae7900, ftCreationTime.dwHighDateTime=0x1d5e63b, ftLastAccessTime.dwLowDateTime=0x8dbf4aa0, ftLastAccessTime.dwHighDateTime=0x1d5e97f, ftLastWriteTime.dwLowDateTime=0x8dbf4aa0, ftLastWriteTime.dwHighDateTime=0x1d5e97f, nFileSizeHigh=0x0, nFileSizeLow=0x15fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="G1arb1fmSpiHf-oAIpM5.mp4", cAlternateFileName="G1ARB1~1.MP4")) returned 1
[0111.749] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ff55860, ftCreationTime.dwHighDateTime=0x1d5e8f3, ftLastAccessTime.dwLowDateTime=0x325dc010, ftLastAccessTime.dwHighDateTime=0x1d5e8e4, ftLastWriteTime.dwLowDateTime=0x325dc010, ftLastWriteTime.dwHighDateTime=0x1d5e8e4, nFileSizeHigh=0x0, nFileSizeLow=0x1628d, dwReserved0=0x0, dwReserved1=0x0, cFileName="i45PsiITjh_SeDKe.docx", cAlternateFileName="I45PSI~1.DOC")) returned 1
[0111.749] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72f08d80, ftCreationTime.dwHighDateTime=0x1d5e7fc, ftLastAccessTime.dwLowDateTime=0x66902120, ftLastAccessTime.dwHighDateTime=0x1d5e6d2, ftLastWriteTime.dwLowDateTime=0x66902120, ftLastWriteTime.dwHighDateTime=0x1d5e6d2, nFileSizeHigh=0x0, nFileSizeLow=0x7fc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iFXrA2.mkv", cAlternateFileName="")) returned 1
[0111.749] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc71b7cc0, ftCreationTime.dwHighDateTime=0x1d5e541, ftLastAccessTime.dwLowDateTime=0xc12b17f0, ftLastAccessTime.dwHighDateTime=0x1d5e139, ftLastWriteTime.dwLowDateTime=0xc12b17f0, ftLastWriteTime.dwHighDateTime=0x1d5e139, nFileSizeHigh=0x0, nFileSizeLow=0x1260, dwReserved0=0x0, dwReserved1=0x0, cFileName="iGcyw6tHGnuYa.avi", cAlternateFileName="IGCYW6~1.AVI")) returned 1
[0111.750] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x398d2580, ftCreationTime.dwHighDateTime=0x1d5ebe4, ftLastAccessTime.dwLowDateTime=0x153d76b0, ftLastAccessTime.dwHighDateTime=0x1d5e641, ftLastWriteTime.dwLowDateTime=0x153d76b0, ftLastWriteTime.dwHighDateTime=0x1d5e641, nFileSizeHigh=0x0, nFileSizeLow=0x10a51, dwReserved0=0x0, dwReserved1=0x0, cFileName="j1vV.flv", cAlternateFileName="")) returned 1
[0111.750] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x430aa7b0, ftCreationTime.dwHighDateTime=0x1d5e3c2, ftLastAccessTime.dwLowDateTime=0x7ac12880, ftLastAccessTime.dwHighDateTime=0x1d5e829, ftLastWriteTime.dwLowDateTime=0x7ac12880, ftLastWriteTime.dwHighDateTime=0x1d5e829, nFileSizeHigh=0x0, nFileSizeLow=0x17f87, dwReserved0=0x0, dwReserved1=0x0, cFileName="kjJi.bmp", cAlternateFileName="")) returned 1
[0111.750] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x207b6d50, ftCreationTime.dwHighDateTime=0x1d5e882, ftLastAccessTime.dwLowDateTime=0xd3eb3560, ftLastAccessTime.dwHighDateTime=0x1d5f0e2, ftLastWriteTime.dwLowDateTime=0xd3eb3560, ftLastWriteTime.dwHighDateTime=0x1d5f0e2, nFileSizeHigh=0x0, nFileSizeLow=0x25e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="LHbaE3zUi_VGyfB5.avi", cAlternateFileName="LHBAE3~1.AVI")) returned 1
[0111.750] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6cd8bb0, ftCreationTime.dwHighDateTime=0x1d5e930, ftLastAccessTime.dwLowDateTime=0xa960e480, ftLastAccessTime.dwHighDateTime=0x1d5e1b4, ftLastWriteTime.dwLowDateTime=0xa960e480, ftLastWriteTime.dwHighDateTime=0x1d5e1b4, nFileSizeHigh=0x0, nFileSizeLow=0xb79f, dwReserved0=0x0, dwReserved1=0x0, cFileName="n8tA1vtRF.pptx", cAlternateFileName="N8TA1V~1.PPT")) returned 1
[0111.750] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4405090, ftCreationTime.dwHighDateTime=0x1d5eb59, ftLastAccessTime.dwLowDateTime=0xdf0da2f0, ftLastAccessTime.dwHighDateTime=0x1d5e7d9, ftLastWriteTime.dwLowDateTime=0xdf0da2f0, ftLastWriteTime.dwHighDateTime=0x1d5e7d9, nFileSizeHigh=0x0, nFileSizeLow=0x1d20, dwReserved0=0x0, dwReserved1=0x0, cFileName="n_CE2UyUTD8hhgp1UNk.avi", cAlternateFileName="N_CE2U~1.AVI")) returned 1
[0111.750] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5873e60, ftCreationTime.dwHighDateTime=0x1d5f035, ftLastAccessTime.dwLowDateTime=0x4dcb3e40, ftLastAccessTime.dwHighDateTime=0x1d5f046, ftLastWriteTime.dwLowDateTime=0x4dcb3e40, ftLastWriteTime.dwHighDateTime=0x1d5f046, nFileSizeHigh=0x0, nFileSizeLow=0x9845, dwReserved0=0x0, dwReserved1=0x0, cFileName="oywBt0_fLo2nM lPSO.avi", cAlternateFileName="OYWBT0~1.AVI")) returned 1
[0111.750] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe91d3540, ftCreationTime.dwHighDateTime=0x1d5ef08, ftLastAccessTime.dwLowDateTime=0xb62fa80, ftLastAccessTime.dwHighDateTime=0x1d5e6db, ftLastWriteTime.dwLowDateTime=0xb62fa80, ftLastWriteTime.dwHighDateTime=0x1d5e6db, nFileSizeHigh=0x0, nFileSizeLow=0x11c2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pk87oz1B8x0DUr0T_S.bmp", cAlternateFileName="PK87OZ~1.BMP")) returned 1
[0111.751] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12975200, ftCreationTime.dwHighDateTime=0x1d5ed49, ftLastAccessTime.dwLowDateTime=0x4080930, ftLastAccessTime.dwHighDateTime=0x1d5e544, ftLastWriteTime.dwLowDateTime=0x4080930, ftLastWriteTime.dwHighDateTime=0x1d5e544, nFileSizeHigh=0x0, nFileSizeLow=0x9132, dwReserved0=0x0, dwReserved1=0x0, cFileName="SvNPBM-.gif", cAlternateFileName="")) returned 1
[0111.751] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c3e44f0, ftCreationTime.dwHighDateTime=0x1d5f061, ftLastAccessTime.dwLowDateTime=0x6fdc2630, ftLastAccessTime.dwHighDateTime=0x1d5e9ec, ftLastWriteTime.dwLowDateTime=0x6fdc2630, ftLastWriteTime.dwHighDateTime=0x1d5e9ec, nFileSizeHigh=0x0, nFileSizeLow=0x16ee1, dwReserved0=0x0, dwReserved1=0x0, cFileName="uFzk8u5NnfgLNoYtCu.flv", cAlternateFileName="UFZK8U~1.FLV")) returned 1
[0111.751] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9cc2020, ftCreationTime.dwHighDateTime=0x1d5e8d1, ftLastAccessTime.dwLowDateTime=0xb1bc2b0, ftLastAccessTime.dwHighDateTime=0x1d5e6b7, ftLastWriteTime.dwLowDateTime=0xb1bc2b0, ftLastWriteTime.dwHighDateTime=0x1d5e6b7, nFileSizeHigh=0x0, nFileSizeLow=0x10349, dwReserved0=0x0, dwReserved1=0x0, cFileName="VJvL6tO0ETnQke-rP9e.odt", cAlternateFileName="VJVL6T~1.ODT")) returned 1
[0111.751] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xede458d0, ftCreationTime.dwHighDateTime=0x1d5ef8d, ftLastAccessTime.dwLowDateTime=0x3c634dc0, ftLastAccessTime.dwHighDateTime=0x1d5e6f3, ftLastWriteTime.dwLowDateTime=0x3c634dc0, ftLastWriteTime.dwHighDateTime=0x1d5e6f3, nFileSizeHigh=0x0, nFileSizeLow=0x8a30, dwReserved0=0x0, dwReserved1=0x0, cFileName="VsezaQBBYQ18K1I.avi", cAlternateFileName="VSEZAQ~1.AVI")) returned 1
[0111.751] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xceb40a90, ftCreationTime.dwHighDateTime=0x1d5edef, ftLastAccessTime.dwLowDateTime=0x23a1a760, ftLastAccessTime.dwHighDateTime=0x1d5e18e, ftLastWriteTime.dwLowDateTime=0x23a1a760, ftLastWriteTime.dwHighDateTime=0x1d5e18e, nFileSizeHigh=0x0, nFileSizeLow=0x906b, dwReserved0=0x0, dwReserved1=0x0, cFileName="vTwtJ4Yn9Z2M.gif", cAlternateFileName="VTWTJ4~1.GIF")) returned 1
[0111.751] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbe439e30, ftCreationTime.dwHighDateTime=0x1d5eec8, ftLastAccessTime.dwLowDateTime=0x38d5e9d0, ftLastAccessTime.dwHighDateTime=0x1d5ee5d, ftLastWriteTime.dwLowDateTime=0x38d5e9d0, ftLastWriteTime.dwHighDateTime=0x1d5ee5d, nFileSizeHigh=0x0, nFileSizeLow=0xd77d, dwReserved0=0x0, dwReserved1=0x0, cFileName="W0nPkuSy3WYXP1R2S.mp4", cAlternateFileName="W0NPKU~1.MP4")) returned 1
[0111.751] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7fad4600, ftCreationTime.dwHighDateTime=0x1d5e7fa, ftLastAccessTime.dwLowDateTime=0x512e4220, ftLastAccessTime.dwHighDateTime=0x1d5e700, ftLastWriteTime.dwLowDateTime=0x512e4220, ftLastWriteTime.dwHighDateTime=0x1d5e700, nFileSizeHigh=0x0, nFileSizeLow=0x17177, dwReserved0=0x0, dwReserved1=0x0, cFileName="wb1N5W.mp4", cAlternateFileName="")) returned 1
[0111.752] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70601c9a, ftCreationTime.dwHighDateTime=0x1d6f1dd, ftLastAccessTime.dwLowDateTime=0x70601c9a, ftLastAccessTime.dwHighDateTime=0x1d6f1dd, ftLastWriteTime.dwLowDateTime=0x7064e09e, ftLastWriteTime.dwHighDateTime=0x1d6f1dd, nFileSizeHigh=0x0, nFileSizeLow=0x9, dwReserved0=0x0, dwReserved1=0x0, cFileName="worm_tool.sys", cAlternateFileName="WORM_T~1.SYS")) returned 1
[0111.752] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ee60160, ftCreationTime.dwHighDateTime=0x1d5f0da, ftLastAccessTime.dwLowDateTime=0x721eb070, ftLastAccessTime.dwHighDateTime=0x1d5ec8f, ftLastWriteTime.dwLowDateTime=0x721eb070, ftLastWriteTime.dwHighDateTime=0x1d5ec8f, nFileSizeHigh=0x0, nFileSizeLow=0xdf3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="X EakLD0TYMH1T.gif", cAlternateFileName="XEAKLD~1.GIF")) returned 1
[0111.752] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa53d5f30, ftCreationTime.dwHighDateTime=0x1d5eebd, ftLastAccessTime.dwLowDateTime=0xcf67db10, ftLastAccessTime.dwHighDateTime=0x1d5e769, ftLastWriteTime.dwLowDateTime=0xcf67db10, ftLastWriteTime.dwHighDateTime=0x1d5e769, nFileSizeHigh=0x0, nFileSizeLow=0x144c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="yA5RhtAAB12zR.mp3", cAlternateFileName="YA5RHT~1.MP3")) returned 1
[0111.752] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f076820, ftCreationTime.dwHighDateTime=0x1d5ec4a, ftLastAccessTime.dwLowDateTime=0xbdb9a050, ftLastAccessTime.dwHighDateTime=0x1d5ef0d, ftLastWriteTime.dwLowDateTime=0xbdb9a050, ftLastWriteTime.dwHighDateTime=0x1d5ef0d, nFileSizeHigh=0x0, nFileSizeLow=0x8062, dwReserved0=0x0, dwReserved1=0x0, cFileName="YJ1hhGAE6yj-Y.bmp", cAlternateFileName="YJ1HHG~1.BMP")) returned 1
[0111.752] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf73a8df0, ftCreationTime.dwHighDateTime=0x1d5e5ec, ftLastAccessTime.dwLowDateTime=0xe744390, ftLastAccessTime.dwHighDateTime=0x1d5e335, ftLastWriteTime.dwLowDateTime=0xe744390, ftLastWriteTime.dwHighDateTime=0x1d5e335, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Z Yv6OX_JjRd88R_", cAlternateFileName="ZYV6OX~1")) returned 1
[0111.752] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e27f360, ftCreationTime.dwHighDateTime=0x1d5ea49, ftLastAccessTime.dwLowDateTime=0xbca53020, ftLastAccessTime.dwHighDateTime=0x1d5eb49, ftLastWriteTime.dwLowDateTime=0xbca53020, ftLastWriteTime.dwHighDateTime=0x1d5eb49, nFileSizeHigh=0x0, nFileSizeLow=0x13d5b, dwReserved0=0x0, dwReserved1=0x0, cFileName="z2TwaHe fR3G.swf", cAlternateFileName="Z2TWAH~1.SWF")) returned 1
[0111.753] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce986680, ftCreationTime.dwHighDateTime=0x1d5e15d, ftLastAccessTime.dwLowDateTime=0x486a3d90, ftLastAccessTime.dwHighDateTime=0x1d5ea90, ftLastWriteTime.dwLowDateTime=0x486a3d90, ftLastWriteTime.dwHighDateTime=0x1d5ea90, nFileSizeHigh=0x0, nFileSizeLow=0x919, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZJ7 uJ.flv", cAlternateFileName="ZJ7UJ~1.FLV")) returned 1
[0111.753] FindNextFileW (in: hFindFile=0x1db3c4b0, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0
[0111.753] FindClose (in: hFindFile=0x1db3c4b0 | out: hFindFile=0x1db3c4b0) returned 1
[0111.753] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\*", lpFindFileData=0xefdcd0 | out: lpFindFileData=0xefdcd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf73a8df0, ftCreationTime.dwHighDateTime=0x1d5e5ec, ftLastAccessTime.dwLowDateTime=0xe744390, ftLastAccessTime.dwHighDateTime=0x1d5e335, ftLastWriteTime.dwLowDateTime=0xe744390, ftLastWriteTime.dwHighDateTime=0x1d5e335, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1db3c570
[0111.753] FindNextFileW (in: hFindFile=0x1db3c570, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf73a8df0, ftCreationTime.dwHighDateTime=0x1d5e5ec, ftLastAccessTime.dwLowDateTime=0xe744390, ftLastAccessTime.dwHighDateTime=0x1d5e335, ftLastWriteTime.dwLowDateTime=0xe744390, ftLastWriteTime.dwHighDateTime=0x1d5e335, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
[0111.753] FindNextFileW (in: hFindFile=0x1db3c570, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46b75df0, ftCreationTime.dwHighDateTime=0x1d5ee34, ftLastAccessTime.dwLowDateTime=0x6c6cf360, ftLastAccessTime.dwHighDateTime=0x1d5e386, ftLastWriteTime.dwLowDateTime=0x6c6cf360, ftLastWriteTime.dwHighDateTime=0x1d5e386, nFileSizeHigh=0x0, nFileSizeLow=0xa860, dwReserved0=0x0, dwReserved1=0x0, cFileName="-VozkKaIANbyfaf2PF.swf", cAlternateFileName="-VOZKK~1.SWF")) returned 1
[0111.754] FindNextFileW (in: hFindFile=0x1db3c570, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea7d400, ftCreationTime.dwHighDateTime=0x1d5e464, ftLastAccessTime.dwLowDateTime=0x53c4a690, ftLastAccessTime.dwHighDateTime=0x1d5e562, ftLastWriteTime.dwLowDateTime=0x53c4a690, ftLastWriteTime.dwHighDateTime=0x1d5e562, nFileSizeHigh=0x0, nFileSizeLow=0x554f, dwReserved0=0x0, dwReserved1=0x0, cFileName="8KnL.m4a", cAlternateFileName="")) returned 1
[0111.754] FindNextFileW (in: hFindFile=0x1db3c570, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4650bdc0, ftCreationTime.dwHighDateTime=0x1d5ea1f, ftLastAccessTime.dwLowDateTime=0x1a6e2120, ftLastAccessTime.dwHighDateTime=0x1d5e4bb, ftLastWriteTime.dwLowDateTime=0x1a6e2120, ftLastWriteTime.dwHighDateTime=0x1d5e4bb, nFileSizeHigh=0x0, nFileSizeLow=0x767, dwReserved0=0x0, dwReserved1=0x0, cFileName="boCy7zpuGQHKnY7zpp.mkv", cAlternateFileName="BOCY7Z~1.MKV")) returned 1
[0111.754] FindNextFileW (in: hFindFile=0x1db3c570, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf6a96c0, ftCreationTime.dwHighDateTime=0x1d5e0b1, ftLastAccessTime.dwLowDateTime=0x16f1a290, ftLastAccessTime.dwHighDateTime=0x1d5e4d1, ftLastWriteTime.dwLowDateTime=0x16f1a290, ftLastWriteTime.dwHighDateTime=0x1d5e4d1, nFileSizeHigh=0x0, nFileSizeLow=0x102af, dwReserved0=0x0, dwReserved1=0x0, cFileName="gl9EW8kB8hZkMWu.docx", cAlternateFileName="GL9EW8~1.DOC")) returned 1
[0111.754] FindNextFileW (in: hFindFile=0x1db3c570, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadd6bf10, ftCreationTime.dwHighDateTime=0x1d5e7b0, ftLastAccessTime.dwLowDateTime=0x397b1560, ftLastAccessTime.dwHighDateTime=0x1d5ebea, ftLastWriteTime.dwLowDateTime=0x397b1560, ftLastWriteTime.dwHighDateTime=0x1d5ebea, nFileSizeHigh=0x0, nFileSizeLow=0x1575e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Gs8x9.jpg", cAlternateFileName="")) returned 1
[0111.754] FindNextFileW (in: hFindFile=0x1db3c570, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35d4070, ftCreationTime.dwHighDateTime=0x1d5ed2a, ftLastAccessTime.dwLowDateTime=0xf062c250, ftLastAccessTime.dwHighDateTime=0x1d5e113, ftLastWriteTime.dwLowDateTime=0xf062c250, ftLastWriteTime.dwHighDateTime=0x1d5e113, nFileSizeHigh=0x0, nFileSizeLow=0x25f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="NcdRYDpzm_y0yX.mkv", cAlternateFileName="NCDRYD~1.MKV")) returned 1
[0111.754] FindNextFileW (in: hFindFile=0x1db3c570, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9f3d4d0, ftCreationTime.dwHighDateTime=0x1d5e7ff, ftLastAccessTime.dwLowDateTime=0x79c170, ftLastAccessTime.dwHighDateTime=0x1d5ef4c, ftLastWriteTime.dwLowDateTime=0x79c170, ftLastWriteTime.dwHighDateTime=0x1d5ef4c, nFileSizeHigh=0x0, nFileSizeLow=0x4465, dwReserved0=0x0, dwReserved1=0x0, cFileName="NM5P64Qloz5o2Pc6maz.avi", cAlternateFileName="NM5P64~1.AVI")) returned 1
[0111.755] FindNextFileW (in: hFindFile=0x1db3c570, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e2e2290, ftCreationTime.dwHighDateTime=0x1d5eb61, ftLastAccessTime.dwLowDateTime=0x5d69820, ftLastAccessTime.dwHighDateTime=0x1d5e356, ftLastWriteTime.dwLowDateTime=0x5d69820, ftLastWriteTime.dwHighDateTime=0x1d5e356, nFileSizeHigh=0x0, nFileSizeLow=0xb0d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PXeSuBVYnDKe9j.gif", cAlternateFileName="PXESUB~1.GIF")) returned 1
[0111.755] FindNextFileW (in: hFindFile=0x1db3c570, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92127a80, ftCreationTime.dwHighDateTime=0x1d5e9b3, ftLastAccessTime.dwLowDateTime=0xe77c1ed0, ftLastAccessTime.dwHighDateTime=0x1d5e8ba, ftLastWriteTime.dwLowDateTime=0xe77c1ed0, ftLastWriteTime.dwHighDateTime=0x1d5e8ba, nFileSizeHigh=0x0, nFileSizeLow=0x29c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="qHQvcOjYY.csv", cAlternateFileName="QHQVCO~1.CSV")) returned 1
[0111.755] FindNextFileW (in: hFindFile=0x1db3c570, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda5fcbe0, ftCreationTime.dwHighDateTime=0x1d5e624, ftLastAccessTime.dwLowDateTime=0xc6cd5550, ftLastAccessTime.dwHighDateTime=0x1d5eaea, ftLastWriteTime.dwLowDateTime=0xc6cd5550, ftLastWriteTime.dwHighDateTime=0x1d5eaea, nFileSizeHigh=0x0, nFileSizeLow=0x13468, dwReserved0=0x0, dwReserved1=0x0, cFileName="Re7VDVuURVwl9kR.bmp", cAlternateFileName="RE7VDV~1.BMP")) returned 1
[0111.755] FindNextFileW (in: hFindFile=0x1db3c570, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0cc02c0, ftCreationTime.dwHighDateTime=0x1d5ee6b, ftLastAccessTime.dwLowDateTime=0x2be1d000, ftLastAccessTime.dwHighDateTime=0x1d5e25e, ftLastWriteTime.dwLowDateTime=0x2be1d000, ftLastWriteTime.dwHighDateTime=0x1d5e25e, nFileSizeHigh=0x0, nFileSizeLow=0xe81a, dwReserved0=0x0, dwReserved1=0x0, cFileName="xc1cEbR_hV5v.pps", cAlternateFileName="XC1CEB~1.PPS")) returned 1
[0111.755] FindNextFileW (in: hFindFile=0x1db3c570, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fb8e80, ftCreationTime.dwHighDateTime=0x1d5e627, ftLastAccessTime.dwLowDateTime=0x13aaf610, ftLastAccessTime.dwHighDateTime=0x1d5ef24, ftLastWriteTime.dwLowDateTime=0x13aaf610, ftLastWriteTime.dwHighDateTime=0x1d5ef24, nFileSizeHigh=0x0, nFileSizeLow=0x11cbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="ytqlJrGd cBCL6XP7F.mp4", cAlternateFileName="YTQLJR~1.MP4")) returned 1
[0111.756] FindNextFileW (in: hFindFile=0x1db3c570, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fb8e80, ftCreationTime.dwHighDateTime=0x1d5e627, ftLastAccessTime.dwLowDateTime=0x13aaf610, ftLastAccessTime.dwHighDateTime=0x1d5ef24, ftLastWriteTime.dwLowDateTime=0x13aaf610, ftLastWriteTime.dwHighDateTime=0x1d5ef24, nFileSizeHigh=0x0, nFileSizeLow=0x11cbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="ytqlJrGd cBCL6XP7F.mp4", cAlternateFileName="YTQLJR~1.MP4")) returned 0
[0111.756] FindClose (in: hFindFile=0x1db3c570 | out: hFindFile=0x1db3c570) returned 1
[0111.756] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\*", lpFindFileData=0xefdd50 | out: lpFindFileData=0xefdd50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf73a8df0, ftCreationTime.dwHighDateTime=0x1d5e5ec, ftLastAccessTime.dwLowDateTime=0xe744390, ftLastAccessTime.dwHighDateTime=0x1d5e335, ftLastWriteTime.dwLowDateTime=0xe744390, ftLastWriteTime.dwHighDateTime=0x1d5e335, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1db3c210
[0111.756] FindNextFileW (in: hFindFile=0x1db3c210, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf73a8df0, ftCreationTime.dwHighDateTime=0x1d5e5ec, ftLastAccessTime.dwLowDateTime=0xe744390, ftLastAccessTime.dwHighDateTime=0x1d5e335, ftLastWriteTime.dwLowDateTime=0xe744390, ftLastWriteTime.dwHighDateTime=0x1d5e335, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
[0111.756] FindNextFileW (in: hFindFile=0x1db3c210, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46b75df0, ftCreationTime.dwHighDateTime=0x1d5ee34, ftLastAccessTime.dwLowDateTime=0x6c6cf360, ftLastAccessTime.dwHighDateTime=0x1d5e386, ftLastWriteTime.dwLowDateTime=0x6c6cf360, ftLastWriteTime.dwHighDateTime=0x1d5e386, nFileSizeHigh=0x0, nFileSizeLow=0xa860, dwReserved0=0x0, dwReserved1=0x0, cFileName="-VozkKaIANbyfaf2PF.swf", cAlternateFileName="-VOZKK~1.SWF")) returned 1
[0111.756] FindNextFileW (in: hFindFile=0x1db3c210, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea7d400, ftCreationTime.dwHighDateTime=0x1d5e464, ftLastAccessTime.dwLowDateTime=0x53c4a690, ftLastAccessTime.dwHighDateTime=0x1d5e562, ftLastWriteTime.dwLowDateTime=0x53c4a690, ftLastWriteTime.dwHighDateTime=0x1d5e562, nFileSizeHigh=0x0, nFileSizeLow=0x554f, dwReserved0=0x0, dwReserved1=0x0, cFileName="8KnL.m4a", cAlternateFileName="")) returned 1
[0111.757] FindNextFileW (in: hFindFile=0x1db3c210, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4650bdc0, ftCreationTime.dwHighDateTime=0x1d5ea1f, ftLastAccessTime.dwLowDateTime=0x1a6e2120, ftLastAccessTime.dwHighDateTime=0x1d5e4bb, ftLastWriteTime.dwLowDateTime=0x1a6e2120, ftLastWriteTime.dwHighDateTime=0x1d5e4bb, nFileSizeHigh=0x0, nFileSizeLow=0x767, dwReserved0=0x0, dwReserved1=0x0, cFileName="boCy7zpuGQHKnY7zpp.mkv", cAlternateFileName="BOCY7Z~1.MKV")) returned 1
[0111.757] FindNextFileW (in: hFindFile=0x1db3c210, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf6a96c0, ftCreationTime.dwHighDateTime=0x1d5e0b1, ftLastAccessTime.dwLowDateTime=0x16f1a290, ftLastAccessTime.dwHighDateTime=0x1d5e4d1, ftLastWriteTime.dwLowDateTime=0x16f1a290, ftLastWriteTime.dwHighDateTime=0x1d5e4d1, nFileSizeHigh=0x0, nFileSizeLow=0x102af, dwReserved0=0x0, dwReserved1=0x0, cFileName="gl9EW8kB8hZkMWu.docx", cAlternateFileName="GL9EW8~1.DOC")) returned 1
[0111.757] FindNextFileW (in: hFindFile=0x1db3c210, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadd6bf10, ftCreationTime.dwHighDateTime=0x1d5e7b0, ftLastAccessTime.dwLowDateTime=0x397b1560, ftLastAccessTime.dwHighDateTime=0x1d5ebea, ftLastWriteTime.dwLowDateTime=0x397b1560, ftLastWriteTime.dwHighDateTime=0x1d5ebea, nFileSizeHigh=0x0, nFileSizeLow=0x1575e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Gs8x9.jpg", cAlternateFileName="")) returned 1
[0111.757] FindNextFileW (in: hFindFile=0x1db3c210, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35d4070, ftCreationTime.dwHighDateTime=0x1d5ed2a, ftLastAccessTime.dwLowDateTime=0xf062c250, ftLastAccessTime.dwHighDateTime=0x1d5e113, ftLastWriteTime.dwLowDateTime=0xf062c250, ftLastWriteTime.dwHighDateTime=0x1d5e113, nFileSizeHigh=0x0, nFileSizeLow=0x25f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="NcdRYDpzm_y0yX.mkv", cAlternateFileName="NCDRYD~1.MKV")) returned 1
[0111.757] FindNextFileW (in: hFindFile=0x1db3c210, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9f3d4d0, ftCreationTime.dwHighDateTime=0x1d5e7ff, ftLastAccessTime.dwLowDateTime=0x79c170, ftLastAccessTime.dwHighDateTime=0x1d5ef4c, ftLastWriteTime.dwLowDateTime=0x79c170, ftLastWriteTime.dwHighDateTime=0x1d5ef4c, nFileSizeHigh=0x0, nFileSizeLow=0x4465, dwReserved0=0x0, dwReserved1=0x0, cFileName="NM5P64Qloz5o2Pc6maz.avi", cAlternateFileName="NM5P64~1.AVI")) returned 1
[0111.757] FindNextFileW (in: hFindFile=0x1db3c210, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e2e2290, ftCreationTime.dwHighDateTime=0x1d5eb61, ftLastAccessTime.dwLowDateTime=0x5d69820, ftLastAccessTime.dwHighDateTime=0x1d5e356, ftLastWriteTime.dwLowDateTime=0x5d69820, ftLastWriteTime.dwHighDateTime=0x1d5e356, nFileSizeHigh=0x0, nFileSizeLow=0xb0d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PXeSuBVYnDKe9j.gif", cAlternateFileName="PXESUB~1.GIF")) returned 1
[0111.758] FindNextFileW (in: hFindFile=0x1db3c210, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92127a80, ftCreationTime.dwHighDateTime=0x1d5e9b3, ftLastAccessTime.dwLowDateTime=0xe77c1ed0, ftLastAccessTime.dwHighDateTime=0x1d5e8ba, ftLastWriteTime.dwLowDateTime=0xe77c1ed0, ftLastWriteTime.dwHighDateTime=0x1d5e8ba, nFileSizeHigh=0x0, nFileSizeLow=0x29c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="qHQvcOjYY.csv", cAlternateFileName="QHQVCO~1.CSV")) returned 1
[0111.758] FindNextFileW (in: hFindFile=0x1db3c210, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda5fcbe0, ftCreationTime.dwHighDateTime=0x1d5e624, ftLastAccessTime.dwLowDateTime=0xc6cd5550, ftLastAccessTime.dwHighDateTime=0x1d5eaea, ftLastWriteTime.dwLowDateTime=0xc6cd5550, ftLastWriteTime.dwHighDateTime=0x1d5eaea, nFileSizeHigh=0x0, nFileSizeLow=0x13468, dwReserved0=0x0, dwReserved1=0x0, cFileName="Re7VDVuURVwl9kR.bmp", cAlternateFileName="RE7VDV~1.BMP")) returned 1
[0111.758] FindNextFileW (in: hFindFile=0x1db3c210, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0cc02c0, ftCreationTime.dwHighDateTime=0x1d5ee6b, ftLastAccessTime.dwLowDateTime=0x2be1d000, ftLastAccessTime.dwHighDateTime=0x1d5e25e, ftLastWriteTime.dwLowDateTime=0x2be1d000, ftLastWriteTime.dwHighDateTime=0x1d5e25e, nFileSizeHigh=0x0, nFileSizeLow=0xe81a, dwReserved0=0x0, dwReserved1=0x0, cFileName="xc1cEbR_hV5v.pps", cAlternateFileName="XC1CEB~1.PPS")) returned 1
[0111.758] FindNextFileW (in: hFindFile=0x1db3c210, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fb8e80, ftCreationTime.dwHighDateTime=0x1d5e627, ftLastAccessTime.dwLowDateTime=0x13aaf610, ftLastAccessTime.dwHighDateTime=0x1d5ef24, ftLastWriteTime.dwLowDateTime=0x13aaf610, ftLastWriteTime.dwHighDateTime=0x1d5ef24, nFileSizeHigh=0x0, nFileSizeLow=0x11cbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="ytqlJrGd cBCL6XP7F.mp4", cAlternateFileName="YTQLJR~1.MP4")) returned 1
[0111.758] FindNextFileW (in: hFindFile=0x1db3c210, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0
[0111.758] FindClose (in: hFindFile=0x1db3c210 | out: hFindFile=0x1db3c210) returned 1
[0111.758] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefdfe0) returned 1
[0111.758] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefdfa0) returned 1
[0111.758] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefe0a0) returned 1
[0111.758] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\", nBufferLength=0x105, lpBuffer=0xefdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\", lpFilePart=0x0) returned 0x1a
[0111.759] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\*", lpFindFileData=0xefddc0 | out: lpFindFileData=0xefddc0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xa2dc870b, ftLastAccessTime.dwHighDateTime=0x1d5d80c, ftLastWriteTime.dwLowDateTime=0x70d28e9c, ftLastWriteTime.dwHighDateTime=0x1d6f1dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1db3c030
[0111.759] FindClose (in: hFindFile=0x1db3c030 | out: hFindFile=0x1db3c030) returned 1
[0111.759] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\*", lpFindFileData=0xefdcd0 | out: lpFindFileData=0xefdcd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x70d28e9c, ftLastAccessTime.dwHighDateTime=0x1d6f1dd, ftLastWriteTime.dwLowDateTime=0x70d28e9c, ftLastWriteTime.dwHighDateTime=0x1d6f1dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1db3cb70
[0111.759] FindNextFileW (in: hFindFile=0x1db3cb70, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x70d28e9c, ftLastAccessTime.dwHighDateTime=0x1d6f1dd, ftLastWriteTime.dwLowDateTime=0x70d28e9c, ftLastWriteTime.dwHighDateTime=0x1d6f1dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
[0111.759] FindNextFileW (in: hFindFile=0x1db3cb70, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7064e09e, ftCreationTime.dwHighDateTime=0x1d6f1dd, ftLastAccessTime.dwLowDateTime=0x7064e09e, ftLastAccessTime.dwHighDateTime=0x1d6f1dd, ftLastWriteTime.dwLowDateTime=0x706c096d, ftLastWriteTime.dwHighDateTime=0x1d6f1dd, nFileSizeHigh=0x0, nFileSizeLow=0x9, dwReserved0=0x0, dwReserved1=0x0, cFileName="worm_tool.sys", cAlternateFileName="WORM_T~1.SYS")) returned 1
[0111.760] FindNextFileW (in: hFindFile=0x1db3cb70, lpFindFileData=0xefdd00 | out: lpFindFileData=0xefdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7064e09e, ftCreationTime.dwHighDateTime=0x1d6f1dd, ftLastAccessTime.dwLowDateTime=0x7064e09e, ftLastAccessTime.dwHighDateTime=0x1d6f1dd, ftLastWriteTime.dwLowDateTime=0x706c096d, ftLastWriteTime.dwHighDateTime=0x1d6f1dd, nFileSizeHigh=0x0, nFileSizeLow=0x9, dwReserved0=0x0, dwReserved1=0x0, cFileName="worm_tool.sys", cAlternateFileName="WORM_T~1.SYS")) returned 0
[0111.760] FindClose (in: hFindFile=0x1db3cb70 | out: hFindFile=0x1db3cb70) returned 1
[0111.760] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\*", lpFindFileData=0xefdd50 | out: lpFindFileData=0xefdd50*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x70d28e9c, ftLastAccessTime.dwHighDateTime=0x1d6f1dd, ftLastWriteTime.dwLowDateTime=0x70d28e9c, ftLastWriteTime.dwHighDateTime=0x1d6f1dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1db3cc30
[0111.760] FindNextFileW (in: hFindFile=0x1db3cc30, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x70d28e9c, ftLastAccessTime.dwHighDateTime=0x1d6f1dd, ftLastWriteTime.dwLowDateTime=0x70d28e9c, ftLastWriteTime.dwHighDateTime=0x1d6f1dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
[0111.760] FindNextFileW (in: hFindFile=0x1db3cc30, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7064e09e, ftCreationTime.dwHighDateTime=0x1d6f1dd, ftLastAccessTime.dwLowDateTime=0x7064e09e, ftLastAccessTime.dwHighDateTime=0x1d6f1dd, ftLastWriteTime.dwLowDateTime=0x706c096d, ftLastWriteTime.dwHighDateTime=0x1d6f1dd, nFileSizeHigh=0x0, nFileSizeLow=0x9, dwReserved0=0x0, dwReserved1=0x0, cFileName="worm_tool.sys", cAlternateFileName="WORM_T~1.SYS")) returned 1
[0111.760] FindNextFileW (in: hFindFile=0x1db3cc30, lpFindFileData=0xefdd80 | out: lpFindFileData=0xefdd80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0
[0111.760] FindClose (in: hFindFile=0x1db3cc30 | out: hFindFile=0x1db3cc30) returned 1
[0111.760] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefdfe0) returned 1
[0111.760] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefdfa0) returned 1
[0111.940] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\-Q1btNNAQT.jpg", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\-Q1btNNAQT.jpg", lpFilePart=0x0) returned 0x26
[0111.940] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0111.940] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\-Q1btNNAQT.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\-q1btnnaqt.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d0
[0111.941] GetFileType (hFile=0x3d0) returned 0x1
[0111.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0111.941] GetFileType (hFile=0x3d0) returned 0x1
[0111.941] GetFileSize (in: hFile=0x3d0, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0xd025
[0111.942] ReadFile (in: hFile=0x3d0, lpBuffer=0x2d2ffe0, nNumberOfBytesToRead=0xd025, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2d2ffe0*, lpNumberOfBytesRead=0xefdfb8*=0xd025, lpOverlapped=0x0) returned 1
[0111.944] CloseHandle (hObject=0x3d0) returned 1
[0111.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0xefd800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x45
[0111.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0xefd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x45
[0111.956] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefddd0) returned 1
[0111.956] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0xefdeb0 | out: lpFileInformation=0xefdeb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fdfbae, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x982bc0b8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x982bc0b8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1
[0111.956] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefdd90) returned 1
[0112.376] BCryptGetFipsAlgorithmMode (in: pfEnabled=0xefde80 | out: pfEnabled=0xefde80) returned 0x0
[0113.258] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\-Q1btNNAQT.jpg", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\-Q1btNNAQT.jpg", lpFilePart=0x0) returned 0x26
[0113.258] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0113.258] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\-Q1btNNAQT.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\-q1btnnaqt.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x410
[0113.275] GetFileType (hFile=0x410) returned 0x1
[0113.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0113.283] GetFileType (hFile=0x410) returned 0x1
[0113.283] WriteFile (in: hFile=0x410, lpBuffer=0x2e05748*, nNumberOfBytesToWrite=0xd030, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2e05748*, lpNumberOfBytesWritten=0xefe018*=0xd030, lpOverlapped=0x0) returned 1
[0113.311] CloseHandle (hObject=0x410) returned 1
[0113.323] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\-R9qX18qt uvQrw.png", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\-R9qX18qt uvQrw.png", lpFilePart=0x0) returned 0x2b
[0113.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0113.324] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\-R9qX18qt uvQrw.png" (normalized: "c:\\users\\fd1hvy\\desktop\\-r9qx18qt uvqrw.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x410
[0113.324] GetFileType (hFile=0x410) returned 0x1
[0113.324] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0113.324] GetFileType (hFile=0x410) returned 0x1
[0113.324] GetFileSize (in: hFile=0x410, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x11f65
[0113.326] ReadFile (in: hFile=0x410, lpBuffer=0x2e129f0, nNumberOfBytesToRead=0x11f65, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2e129f0*, lpNumberOfBytesRead=0xefdfb8*=0x11f65, lpOverlapped=0x0) returned 1
[0113.328] CloseHandle (hObject=0x410) returned 1
[0113.573] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\-R9qX18qt uvQrw.png", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\-R9qX18qt uvQrw.png", lpFilePart=0x0) returned 0x2b
[0113.573] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0113.573] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\-R9qX18qt uvQrw.png" (normalized: "c:\\users\\fd1hvy\\desktop\\-r9qx18qt uvqrw.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0113.583] GetFileType (hFile=0x278) returned 0x1
[0113.583] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0113.583] GetFileType (hFile=0x278) returned 0x1
[0113.583] WriteFile (in: hFile=0x278, lpBuffer=0x2d2bac0*, nNumberOfBytesToWrite=0x11f70, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2d2bac0*, lpNumberOfBytesWritten=0xefe018*=0x11f70, lpOverlapped=0x0) returned 1
[0113.585] CloseHandle (hObject=0x278) returned 1
[0113.609] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\5jiGLsAS51cw.pdf", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\5jiGLsAS51cw.pdf", lpFilePart=0x0) returned 0x28
[0113.613] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0113.613] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\5jiGLsAS51cw.pdf" (normalized: "c:\\users\\fd1hvy\\desktop\\5jiglsas51cw.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0113.616] GetFileType (hFile=0x278) returned 0x1
[0113.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0113.619] GetFileType (hFile=0x278) returned 0x1
[0113.619] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0xcce3
[0113.619] ReadFile (in: hFile=0x278, lpBuffer=0x2d3dcb8, nNumberOfBytesToRead=0xcce3, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dcb8*, lpNumberOfBytesRead=0xefdfb8*=0xcce3, lpOverlapped=0x0) returned 1
[0113.621] CloseHandle (hObject=0x278) returned 1
[0113.781] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\5jiGLsAS51cw.pdf", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\5jiGLsAS51cw.pdf", lpFilePart=0x0) returned 0x28
[0113.781] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0113.781] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\5jiGLsAS51cw.pdf" (normalized: "c:\\users\\fd1hvy\\desktop\\5jiglsas51cw.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0113.810] GetFileType (hFile=0x278) returned 0x1
[0113.811] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0113.811] GetFileType (hFile=0x278) returned 0x1
[0113.811] WriteFile (in: hFile=0x278, lpBuffer=0x2dda8c0*, nNumberOfBytesToWrite=0xccf0, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2dda8c0*, lpNumberOfBytesWritten=0xefe018*=0xccf0, lpOverlapped=0x0) returned 1
[0113.866] CloseHandle (hObject=0x278) returned 1
[0113.906] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\6D5GybDLA.xlsx", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\6D5GybDLA.xlsx", lpFilePart=0x0) returned 0x26
[0113.908] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0113.908] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\6D5GybDLA.xlsx" (normalized: "c:\\users\\fd1hvy\\desktop\\6d5gybdla.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0113.910] GetFileType (hFile=0x278) returned 0x1
[0113.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0113.910] GetFileType (hFile=0x278) returned 0x1
[0113.910] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0xa880
[0113.910] ReadFile (in: hFile=0x278, lpBuffer=0x2de7828, nNumberOfBytesToRead=0xa880, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2de7828*, lpNumberOfBytesRead=0xefdfb8*=0xa880, lpOverlapped=0x0) returned 1
[0113.921] CloseHandle (hObject=0x278) returned 1
[0113.956] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\6D5GybDLA.xlsx", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\6D5GybDLA.xlsx", lpFilePart=0x0) returned 0x26
[0113.956] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0113.956] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\6D5GybDLA.xlsx" (normalized: "c:\\users\\fd1hvy\\desktop\\6d5gybdla.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0113.969] GetFileType (hFile=0x278) returned 0x1
[0113.970] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0113.970] GetFileType (hFile=0x278) returned 0x1
[0113.970] WriteFile (in: hFile=0x278, lpBuffer=0x2e7d470*, nNumberOfBytesToWrite=0xa890, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2e7d470*, lpNumberOfBytesWritten=0xefe018*=0xa890, lpOverlapped=0x0) returned 1
[0113.983] CloseHandle (hObject=0x278) returned 1
[0114.019] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\783SVZBUM4K35WHm3eRE.wav", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\783SVZBUM4K35WHm3eRE.wav", lpFilePart=0x0) returned 0x30
[0114.019] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0114.019] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\783SVZBUM4K35WHm3eRE.wav" (normalized: "c:\\users\\fd1hvy\\desktop\\783svzbum4k35whm3ere.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0114.019] GetFileType (hFile=0x278) returned 0x1
[0114.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0114.019] GetFileType (hFile=0x278) returned 0x1
[0114.019] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x118b6
[0114.021] ReadFile (in: hFile=0x278, lpBuffer=0x2e87f98, nNumberOfBytesToRead=0x118b6, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2e87f98*, lpNumberOfBytesRead=0xefdfb8*=0x118b6, lpOverlapped=0x0) returned 1
[0114.023] CloseHandle (hObject=0x278) returned 1
[0114.117] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\783SVZBUM4K35WHm3eRE.wav", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\783SVZBUM4K35WHm3eRE.wav", lpFilePart=0x0) returned 0x30
[0114.117] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0114.117] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\783SVZBUM4K35WHm3eRE.wav" (normalized: "c:\\users\\fd1hvy\\desktop\\783svzbum4k35whm3ere.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0114.161] GetFileType (hFile=0x278) returned 0x1
[0114.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0114.162] GetFileType (hFile=0x278) returned 0x1
[0114.162] WriteFile (in: hFile=0x278, lpBuffer=0x2f32c78*, nNumberOfBytesToWrite=0x118c0, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2f32c78*, lpNumberOfBytesWritten=0xefe018*=0x118c0, lpOverlapped=0x0) returned 1
[0114.169] CloseHandle (hObject=0x278) returned 1
[0114.194] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\8g4YJ5vYi5gsz9qg.exe", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\8g4YJ5vYi5gsz9qg.exe", lpFilePart=0x0) returned 0x2c
[0114.194] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0114.196] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\8g4YJ5vYi5gsz9qg.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\8g4yj5vyi5gsz9qg.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0114.199] GetFileType (hFile=0x278) returned 0x1
[0114.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0114.203] GetFileType (hFile=0x278) returned 0x1
[0114.203] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x2ea00
[0114.207] ReadFile (in: hFile=0x278, lpBuffer=0x12d115a0, nNumberOfBytesToRead=0x2ea00, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x12d115a0*, lpNumberOfBytesRead=0xefdfb8*=0x2ea00, lpOverlapped=0x0) returned 1
[0114.324] CloseHandle (hObject=0x278) returned 1
[0114.423] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\8g4YJ5vYi5gsz9qg.exe", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\8g4YJ5vYi5gsz9qg.exe", lpFilePart=0x0) returned 0x2c
[0114.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0114.423] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\8g4YJ5vYi5gsz9qg.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\8g4yj5vyi5gsz9qg.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0114.435] GetFileType (hFile=0x278) returned 0x1
[0114.435] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0114.437] GetFileType (hFile=0x278) returned 0x1
[0114.437] WriteFile (in: hFile=0x278, lpBuffer=0x12dfa880*, nNumberOfBytesToWrite=0x2ea10, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x12dfa880*, lpNumberOfBytesWritten=0xefe018*=0x2ea10, lpOverlapped=0x0) returned 1
[0114.476] CloseHandle (hObject=0x278) returned 1
[0114.501] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\aAOxpPBgR6hc.wav", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\aAOxpPBgR6hc.wav", lpFilePart=0x0) returned 0x28
[0114.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0114.501] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\aAOxpPBgR6hc.wav" (normalized: "c:\\users\\fd1hvy\\desktop\\aaoxppbgr6hc.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0114.502] GetFileType (hFile=0x278) returned 0x1
[0114.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0114.503] GetFileType (hFile=0x278) returned 0x1
[0114.503] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x2a22
[0114.503] ReadFile (in: hFile=0x278, lpBuffer=0x2fbacf0, nNumberOfBytesToRead=0x2a22, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2fbacf0*, lpNumberOfBytesRead=0xefdfb8*=0x2a22, lpOverlapped=0x0) returned 1
[0114.508] CloseHandle (hObject=0x278) returned 1
[0114.660] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\aAOxpPBgR6hc.wav", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\aAOxpPBgR6hc.wav", lpFilePart=0x0) returned 0x28
[0114.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0114.660] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\aAOxpPBgR6hc.wav" (normalized: "c:\\users\\fd1hvy\\desktop\\aaoxppbgr6hc.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0114.692] GetFileType (hFile=0x278) returned 0x1
[0114.692] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0114.692] GetFileType (hFile=0x278) returned 0x1
[0114.692] WriteFile (in: hFile=0x278, lpBuffer=0x303e278*, nNumberOfBytesToWrite=0x2a30, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x303e278*, lpNumberOfBytesWritten=0xefe018*=0x2a30, lpOverlapped=0x0) returned 1
[0114.730] CloseHandle (hObject=0x278) returned 1
[0114.887] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\AZTWSqU.avi", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\AZTWSqU.avi", lpFilePart=0x0) returned 0x23
[0114.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0114.888] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\AZTWSqU.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\aztwsqu.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0114.888] GetFileType (hFile=0x278) returned 0x1
[0114.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0114.888] GetFileType (hFile=0x278) returned 0x1
[0114.888] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x1211
[0114.889] ReadFile (in: hFile=0x278, lpBuffer=0x3040f10, nNumberOfBytesToRead=0x1211, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x3040f10*, lpNumberOfBytesRead=0xefdfb8*=0x1211, lpOverlapped=0x0) returned 1
[0114.889] CloseHandle (hObject=0x278) returned 1
[0114.992] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\AZTWSqU.avi", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\AZTWSqU.avi", lpFilePart=0x0) returned 0x23
[0114.993] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0114.993] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\AZTWSqU.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\aztwsqu.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0114.994] GetFileType (hFile=0x278) returned 0x1
[0114.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0114.994] GetFileType (hFile=0x278) returned 0x1
[0114.994] WriteFile (in: hFile=0x278, lpBuffer=0x30bcc48*, nNumberOfBytesToWrite=0x1220, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x30bcc48*, lpNumberOfBytesWritten=0xefe018*=0x1220, lpOverlapped=0x0) returned 1
[0114.997] CloseHandle (hObject=0x278) returned 1
[0114.998] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\B2Px0LCOjxIu PPh7hDJ.mkv", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\B2Px0LCOjxIu PPh7hDJ.mkv", lpFilePart=0x0) returned 0x30
[0114.998] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0114.998] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\B2Px0LCOjxIu PPh7hDJ.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\b2px0lcojxiu pph7hdj.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0114.998] GetFileType (hFile=0x278) returned 0x1
[0114.999] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0114.999] GetFileType (hFile=0x278) returned 0x1
[0114.999] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0xf78b
[0115.000] ReadFile (in: hFile=0x278, lpBuffer=0x30be0f0, nNumberOfBytesToRead=0xf78b, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x30be0f0*, lpNumberOfBytesRead=0xefdfb8*=0xf78b, lpOverlapped=0x0) returned 1
[0115.001] CloseHandle (hObject=0x278) returned 1
[0115.032] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\B2Px0LCOjxIu PPh7hDJ.mkv", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\B2Px0LCOjxIu PPh7hDJ.mkv", lpFilePart=0x0) returned 0x30
[0115.032] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0115.032] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\B2Px0LCOjxIu PPh7hDJ.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\b2px0lcojxiu pph7hdj.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0115.034] GetFileType (hFile=0x278) returned 0x1
[0115.034] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0115.034] GetFileType (hFile=0x278) returned 0x1
[0115.034] WriteFile (in: hFile=0x278, lpBuffer=0x2d5cb60*, nNumberOfBytesToWrite=0xf790, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2d5cb60*, lpNumberOfBytesWritten=0xefe018*=0xf790, lpOverlapped=0x0) returned 1
[0115.036] CloseHandle (hObject=0x278) returned 1
[0115.038] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\bmu7titX2no.mp3", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\bmu7titX2no.mp3", lpFilePart=0x0) returned 0x27
[0115.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0115.038] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\bmu7titX2no.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\bmu7titx2no.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0115.038] GetFileType (hFile=0x278) returned 0x1
[0115.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0115.065] GetFileType (hFile=0x278) returned 0x1
[0115.065] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0xbc9e
[0115.065] ReadFile (in: hFile=0x278, lpBuffer=0x2d6c588, nNumberOfBytesToRead=0xbc9e, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2d6c588*, lpNumberOfBytesRead=0xefdfb8*=0xbc9e, lpOverlapped=0x0) returned 1
[0115.066] CloseHandle (hObject=0x278) returned 1
[0115.134] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\bmu7titX2no.mp3", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\bmu7titX2no.mp3", lpFilePart=0x0) returned 0x27
[0115.134] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0115.134] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\bmu7titX2no.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\bmu7titx2no.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0115.135] GetFileType (hFile=0x278) returned 0x1
[0115.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0115.136] GetFileType (hFile=0x278) returned 0x1
[0115.136] WriteFile (in: hFile=0x278, lpBuffer=0x2e060a0*, nNumberOfBytesToWrite=0xbca0, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2e060a0*, lpNumberOfBytesWritten=0xefe018*=0xbca0, lpOverlapped=0x0) returned 1
[0115.137] CloseHandle (hObject=0x278) returned 1
[0115.140] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\D6Yt.mp3", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\D6Yt.mp3", lpFilePart=0x0) returned 0x20
[0115.140] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0115.140] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\D6Yt.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\d6yt.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0115.140] GetFileType (hFile=0x278) returned 0x1
[0115.140] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0115.140] GetFileType (hFile=0x278) returned 0x1
[0115.140] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x16e6e
[0115.141] ReadFile (in: hFile=0x278, lpBuffer=0x12e5fb58, nNumberOfBytesToRead=0x16e6e, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x12e5fb58*, lpNumberOfBytesRead=0xefdfb8*=0x16e6e, lpOverlapped=0x0) returned 1
[0115.144] CloseHandle (hObject=0x278) returned 1
[0115.229] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\D6Yt.mp3", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\D6Yt.mp3", lpFilePart=0x0) returned 0x20
[0115.229] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0115.229] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\D6Yt.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\d6yt.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0115.234] GetFileType (hFile=0x278) returned 0x1
[0115.234] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0115.234] GetFileType (hFile=0x278) returned 0x1
[0115.234] WriteFile (in: hFile=0x278, lpBuffer=0x12ed2428*, nNumberOfBytesToWrite=0x16e70, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x12ed2428*, lpNumberOfBytesWritten=0xefe018*=0x16e70, lpOverlapped=0x0) returned 1
[0115.236] CloseHandle (hObject=0x278) returned 1
[0115.239] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\D8fB.bmp", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\D8fB.bmp", lpFilePart=0x0) returned 0x20
[0115.239] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0115.240] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\D8fB.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\d8fb.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0115.250] GetFileType (hFile=0x278) returned 0x1
[0115.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0115.250] GetFileType (hFile=0x278) returned 0x1
[0115.250] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0xb7ab
[0115.250] ReadFile (in: hFile=0x278, lpBuffer=0x2e88440, nNumberOfBytesToRead=0xb7ab, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2e88440*, lpNumberOfBytesRead=0xefdfb8*=0xb7ab, lpOverlapped=0x0) returned 1
[0115.251] CloseHandle (hObject=0x278) returned 1
[0115.341] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\D8fB.bmp", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\D8fB.bmp", lpFilePart=0x0) returned 0x20
[0115.341] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0115.341] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\D8fB.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\d8fb.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0115.342] GetFileType (hFile=0x278) returned 0x1
[0115.342] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0115.342] GetFileType (hFile=0x278) returned 0x1
[0115.342] WriteFile (in: hFile=0x278, lpBuffer=0x2f20df0*, nNumberOfBytesToWrite=0xb7b0, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2f20df0*, lpNumberOfBytesWritten=0xefe018*=0xb7b0, lpOverlapped=0x0) returned 1
[0115.344] CloseHandle (hObject=0x278) returned 1
[0115.346] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\eMfraDDsfi.m4a", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\eMfraDDsfi.m4a", lpFilePart=0x0) returned 0x26
[0115.346] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0115.346] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\eMfraDDsfi.m4a" (normalized: "c:\\users\\fd1hvy\\desktop\\emfraddsfi.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0115.346] GetFileType (hFile=0x278) returned 0x1
[0115.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0115.346] GetFileType (hFile=0x278) returned 0x1
[0115.346] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x12c0b
[0115.346] ReadFile (in: hFile=0x278, lpBuffer=0x2f2c7f8, nNumberOfBytesToRead=0x12c0b, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2c7f8*, lpNumberOfBytesRead=0xefdfb8*=0x12c0b, lpOverlapped=0x0) returned 1
[0115.348] CloseHandle (hObject=0x278) returned 1
[0115.365] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\eMfraDDsfi.m4a", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\eMfraDDsfi.m4a", lpFilePart=0x0) returned 0x26
[0115.365] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0115.365] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\eMfraDDsfi.m4a" (normalized: "c:\\users\\fd1hvy\\desktop\\emfraddsfi.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0115.367] GetFileType (hFile=0x278) returned 0x1
[0115.367] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0115.367] GetFileType (hFile=0x278) returned 0x1
[0115.367] WriteFile (in: hFile=0x278, lpBuffer=0x2fdaec8*, nNumberOfBytesToWrite=0x12c10, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2fdaec8*, lpNumberOfBytesWritten=0xefe018*=0x12c10, lpOverlapped=0x0) returned 1
[0115.377] CloseHandle (hObject=0x278) returned 1
[0115.380] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\F3pGdhW_LtYTRGqIv8.docx", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\F3pGdhW_LtYTRGqIv8.docx", lpFilePart=0x0) returned 0x2f
[0115.380] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0115.380] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\F3pGdhW_LtYTRGqIv8.docx" (normalized: "c:\\users\\fd1hvy\\desktop\\f3pgdhw_ltytrgqiv8.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0115.380] GetFileType (hFile=0x278) returned 0x1
[0115.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0115.380] GetFileType (hFile=0x278) returned 0x1
[0115.380] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x1a03
[0115.380] ReadFile (in: hFile=0x278, lpBuffer=0x2fedd60, nNumberOfBytesToRead=0x1a03, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2fedd60*, lpNumberOfBytesRead=0xefdfb8*=0x1a03, lpOverlapped=0x0) returned 1
[0115.381] CloseHandle (hObject=0x278) returned 1
[0115.456] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\F3pGdhW_LtYTRGqIv8.docx", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\F3pGdhW_LtYTRGqIv8.docx", lpFilePart=0x0) returned 0x2f
[0115.456] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0115.456] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\F3pGdhW_LtYTRGqIv8.docx" (normalized: "c:\\users\\fd1hvy\\desktop\\f3pgdhw_ltytrgqiv8.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0115.457] GetFileType (hFile=0x278) returned 0x1
[0115.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0115.457] GetFileType (hFile=0x278) returned 0x1
[0115.457] WriteFile (in: hFile=0x278, lpBuffer=0x2d1ad90*, nNumberOfBytesToWrite=0x1a10, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2d1ad90*, lpNumberOfBytesWritten=0xefe018*=0x1a10, lpOverlapped=0x0) returned 1
[0115.458] CloseHandle (hObject=0x278) returned 1
[0115.459] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\fY9EtI1To8GFNfUe8L.mp3", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\fY9EtI1To8GFNfUe8L.mp3", lpFilePart=0x0) returned 0x2e
[0115.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0115.459] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\fY9EtI1To8GFNfUe8L.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\fy9eti1to8gfnfue8l.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0115.459] GetFileType (hFile=0x278) returned 0x1
[0115.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0115.460] GetFileType (hFile=0x278) returned 0x1
[0115.460] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x48c0
[0115.460] ReadFile (in: hFile=0x278, lpBuffer=0x2d1ca48, nNumberOfBytesToRead=0x48c0, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2d1ca48*, lpNumberOfBytesRead=0xefdfb8*=0x48c0, lpOverlapped=0x0) returned 1
[0115.480] CloseHandle (hObject=0x278) returned 1
[0115.533] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\fY9EtI1To8GFNfUe8L.mp3", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\fY9EtI1To8GFNfUe8L.mp3", lpFilePart=0x0) returned 0x2e
[0115.533] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0115.533] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\fY9EtI1To8GFNfUe8L.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\fy9eti1to8gfnfue8l.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0115.534] GetFileType (hFile=0x278) returned 0x1
[0115.534] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0115.535] GetFileType (hFile=0x278) returned 0x1
[0115.535] WriteFile (in: hFile=0x278, lpBuffer=0x2da9b80*, nNumberOfBytesToWrite=0x48d0, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2da9b80*, lpNumberOfBytesWritten=0xefe018*=0x48d0, lpOverlapped=0x0) returned 1
[0115.537] CloseHandle (hObject=0x278) returned 1
[0115.544] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\G1arb1fmSpiHf-oAIpM5.mp4", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\G1arb1fmSpiHf-oAIpM5.mp4", lpFilePart=0x0) returned 0x30
[0115.544] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0115.544] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\G1arb1fmSpiHf-oAIpM5.mp4" (normalized: "c:\\users\\fd1hvy\\desktop\\g1arb1fmspihf-oaipm5.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0115.545] GetFileType (hFile=0x278) returned 0x1
[0115.546] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0115.546] GetFileType (hFile=0x278) returned 0x1
[0115.546] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x15fa
[0115.546] ReadFile (in: hFile=0x278, lpBuffer=0x2dae708, nNumberOfBytesToRead=0x15fa, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2dae708*, lpNumberOfBytesRead=0xefdfb8*=0x15fa, lpOverlapped=0x0) returned 1
[0115.548] CloseHandle (hObject=0x278) returned 1
[0115.646] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\G1arb1fmSpiHf-oAIpM5.mp4", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\G1arb1fmSpiHf-oAIpM5.mp4", lpFilePart=0x0) returned 0x30
[0115.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0115.646] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\G1arb1fmSpiHf-oAIpM5.mp4" (normalized: "c:\\users\\fd1hvy\\desktop\\g1arb1fmspihf-oaipm5.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0115.696] GetFileType (hFile=0x278) returned 0x1
[0115.696] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0115.696] GetFileType (hFile=0x278) returned 0x1
[0115.698] WriteFile (in: hFile=0x278, lpBuffer=0x2e2b7a0*, nNumberOfBytesToWrite=0x1600, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2e2b7a0*, lpNumberOfBytesWritten=0xefe018*=0x1600, lpOverlapped=0x0) returned 1
[0115.702] CloseHandle (hObject=0x278) returned 1
[0115.703] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\i45PsiITjh_SeDKe.docx", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\i45PsiITjh_SeDKe.docx", lpFilePart=0x0) returned 0x2d
[0115.703] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0115.704] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\i45PsiITjh_SeDKe.docx" (normalized: "c:\\users\\fd1hvy\\desktop\\i45psiitjh_sedke.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0115.704] GetFileType (hFile=0x278) returned 0x1
[0115.704] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0115.704] GetFileType (hFile=0x278) returned 0x1
[0115.704] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x1628d
[0115.705] ReadFile (in: hFile=0x278, lpBuffer=0x12f25a80, nNumberOfBytesToRead=0x1628d, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x12f25a80*, lpNumberOfBytesRead=0xefdfb8*=0x1628d, lpOverlapped=0x0) returned 1
[0115.708] CloseHandle (hObject=0x278) returned 1
[0115.866] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\i45PsiITjh_SeDKe.docx", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\i45PsiITjh_SeDKe.docx", lpFilePart=0x0) returned 0x2d
[0115.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0115.866] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\i45PsiITjh_SeDKe.docx" (normalized: "c:\\users\\fd1hvy\\desktop\\i45psiitjh_sedke.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0115.868] GetFileType (hFile=0x278) returned 0x1
[0115.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0115.869] GetFileType (hFile=0x278) returned 0x1
[0115.869] WriteFile (in: hFile=0x278, lpBuffer=0x12f3bd48*, nNumberOfBytesToWrite=0x16290, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x12f3bd48*, lpNumberOfBytesWritten=0xefe018*=0x16290, lpOverlapped=0x0) returned 1
[0115.871] CloseHandle (hObject=0x278) returned 1
[0115.877] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\iFXrA2.mkv", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\iFXrA2.mkv", lpFilePart=0x0) returned 0x22
[0115.877] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0115.877] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\iFXrA2.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\ifxra2.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0115.877] GetFileType (hFile=0x278) returned 0x1
[0115.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0115.877] GetFileType (hFile=0x278) returned 0x1
[0115.877] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x7fc0
[0115.878] ReadFile (in: hFile=0x278, lpBuffer=0x2ccbef8, nNumberOfBytesToRead=0x7fc0, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2ccbef8*, lpNumberOfBytesRead=0xefdfb8*=0x7fc0, lpOverlapped=0x0) returned 1
[0115.879] CloseHandle (hObject=0x278) returned 1
[0115.989] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\iFXrA2.mkv", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\iFXrA2.mkv", lpFilePart=0x0) returned 0x22
[0115.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0115.990] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\iFXrA2.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\ifxra2.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0115.991] GetFileType (hFile=0x278) returned 0x1
[0115.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0115.991] GetFileType (hFile=0x278) returned 0x1
[0115.991] WriteFile (in: hFile=0x278, lpBuffer=0x2d6a330*, nNumberOfBytesToWrite=0x7fd0, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2d6a330*, lpNumberOfBytesWritten=0xefe018*=0x7fd0, lpOverlapped=0x0) returned 1
[0116.029] CloseHandle (hObject=0x278) returned 1
[0116.044] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\iGcyw6tHGnuYa.avi", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\iGcyw6tHGnuYa.avi", lpFilePart=0x0) returned 0x29
[0116.045] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0116.045] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\iGcyw6tHGnuYa.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\igcyw6thgnuya.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0116.045] GetFileType (hFile=0x278) returned 0x1
[0116.045] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0116.045] GetFileType (hFile=0x278) returned 0x1
[0116.045] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x1260
[0116.045] ReadFile (in: hFile=0x278, lpBuffer=0x2d72568, nNumberOfBytesToRead=0x1260, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2d72568*, lpNumberOfBytesRead=0xefdfb8*=0x1260, lpOverlapped=0x0) returned 1
[0116.046] CloseHandle (hObject=0x278) returned 1
[0116.060] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\iGcyw6tHGnuYa.avi", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\iGcyw6tHGnuYa.avi", lpFilePart=0x0) returned 0x29
[0116.060] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0116.060] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\iGcyw6tHGnuYa.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\igcyw6thgnuya.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0116.061] GetFileType (hFile=0x278) returned 0x1
[0116.061] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0116.061] GetFileType (hFile=0x278) returned 0x1
[0116.061] WriteFile (in: hFile=0x278, lpBuffer=0x2dee428*, nNumberOfBytesToWrite=0x1270, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2dee428*, lpNumberOfBytesWritten=0xefe018*=0x1270, lpOverlapped=0x0) returned 1
[0116.062] CloseHandle (hObject=0x278) returned 1
[0116.063] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\j1vV.flv", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\j1vV.flv", lpFilePart=0x0) returned 0x20
[0116.063] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0116.063] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\j1vV.flv" (normalized: "c:\\users\\fd1hvy\\desktop\\j1vv.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0116.064] GetFileType (hFile=0x278) returned 0x1
[0116.064] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0116.064] GetFileType (hFile=0x278) returned 0x1
[0116.064] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x10a51
[0116.064] ReadFile (in: hFile=0x278, lpBuffer=0x2def900, nNumberOfBytesToRead=0x10a51, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2def900*, lpNumberOfBytesRead=0xefdfb8*=0x10a51, lpOverlapped=0x0) returned 1
[0116.065] CloseHandle (hObject=0x278) returned 1
[0116.127] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\j1vV.flv", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\j1vV.flv", lpFilePart=0x0) returned 0x20
[0116.127] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0116.127] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\j1vV.flv" (normalized: "c:\\users\\fd1hvy\\desktop\\j1vv.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0116.128] GetFileType (hFile=0x278) returned 0x1
[0116.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0116.128] GetFileType (hFile=0x278) returned 0x1
[0116.129] WriteFile (in: hFile=0x278, lpBuffer=0x2e97ac0*, nNumberOfBytesToWrite=0x10a60, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2e97ac0*, lpNumberOfBytesWritten=0xefe018*=0x10a60, lpOverlapped=0x0) returned 1
[0116.130] CloseHandle (hObject=0x278) returned 1
[0116.133] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kjJi.bmp", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kjJi.bmp", lpFilePart=0x0) returned 0x20
[0116.133] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0116.133] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\kjJi.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\kjji.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0116.133] GetFileType (hFile=0x278) returned 0x1
[0116.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0116.133] GetFileType (hFile=0x278) returned 0x1
[0116.133] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x17f87
[0116.134] ReadFile (in: hFile=0x278, lpBuffer=0x12ca2e40, nNumberOfBytesToRead=0x17f87, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x12ca2e40*, lpNumberOfBytesRead=0xefdfb8*=0x17f87, lpOverlapped=0x0) returned 1
[0116.136] CloseHandle (hObject=0x278) returned 1
[0116.242] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kjJi.bmp", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kjJi.bmp", lpFilePart=0x0) returned 0x20
[0116.242] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0116.242] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\kjJi.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\kjji.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0116.244] GetFileType (hFile=0x278) returned 0x1
[0116.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0116.244] GetFileType (hFile=0x278) returned 0x1
[0116.244] WriteFile (in: hFile=0x278, lpBuffer=0x12d1aca8*, nNumberOfBytesToWrite=0x17f90, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x12d1aca8*, lpNumberOfBytesWritten=0xefe018*=0x17f90, lpOverlapped=0x0) returned 1
[0116.247] CloseHandle (hObject=0x278) returned 1
[0116.251] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\LHbaE3zUi_VGyfB5.avi", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\LHbaE3zUi_VGyfB5.avi", lpFilePart=0x0) returned 0x2c
[0116.251] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0116.251] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\LHbaE3zUi_VGyfB5.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\lhbae3zui_vgyfb5.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0116.251] GetFileType (hFile=0x278) returned 0x1
[0116.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0116.251] GetFileType (hFile=0x278) returned 0x1
[0116.251] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x25e8
[0116.251] ReadFile (in: hFile=0x278, lpBuffer=0x2d1f200, nNumberOfBytesToRead=0x25e8, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2d1f200*, lpNumberOfBytesRead=0xefdfb8*=0x25e8, lpOverlapped=0x0) returned 1
[0116.252] CloseHandle (hObject=0x278) returned 1
[0116.272] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\LHbaE3zUi_VGyfB5.avi", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\LHbaE3zUi_VGyfB5.avi", lpFilePart=0x0) returned 0x2c
[0116.272] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0116.272] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\LHbaE3zUi_VGyfB5.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\lhbae3zui_vgyfb5.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0118.559] GetFileType (hFile=0x278) returned 0x1
[0118.559] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0118.559] GetFileType (hFile=0x278) returned 0x1
[0118.559] WriteFile (in: hFile=0x278, lpBuffer=0x2da14d8*, nNumberOfBytesToWrite=0x25f0, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2da14d8*, lpNumberOfBytesWritten=0xefe018*=0x25f0, lpOverlapped=0x0) returned 1
[0118.560] CloseHandle (hObject=0x278) returned 1
[0118.569] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\n8tA1vtRF.pptx", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\n8tA1vtRF.pptx", lpFilePart=0x0) returned 0x26
[0118.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0118.569] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\n8tA1vtRF.pptx" (normalized: "c:\\users\\fd1hvy\\desktop\\n8ta1vtrf.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0118.569] GetFileType (hFile=0x278) returned 0x1
[0118.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0118.572] GetFileType (hFile=0x278) returned 0x1
[0118.572] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0xb79f
[0118.572] ReadFile (in: hFile=0x278, lpBuffer=0x2da3d50, nNumberOfBytesToRead=0xb79f, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2da3d50*, lpNumberOfBytesRead=0xefdfb8*=0xb79f, lpOverlapped=0x0) returned 1
[0118.573] CloseHandle (hObject=0x278) returned 1
[0118.594] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\n8tA1vtRF.pptx", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\n8tA1vtRF.pptx", lpFilePart=0x0) returned 0x26
[0118.594] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0118.594] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\n8tA1vtRF.pptx" (normalized: "c:\\users\\fd1hvy\\desktop\\n8ta1vtrf.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0118.596] GetFileType (hFile=0x278) returned 0x1
[0118.596] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0118.596] GetFileType (hFile=0x278) returned 0x1
[0118.596] WriteFile (in: hFile=0x278, lpBuffer=0x2e3c6d0*, nNumberOfBytesToWrite=0xb7a0, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2e3c6d0*, lpNumberOfBytesWritten=0xefe018*=0xb7a0, lpOverlapped=0x0) returned 1
[0118.598] CloseHandle (hObject=0x278) returned 1
[0118.600] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\n_CE2UyUTD8hhgp1UNk.avi", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\n_CE2UyUTD8hhgp1UNk.avi", lpFilePart=0x0) returned 0x2f
[0118.600] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0118.600] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\n_CE2UyUTD8hhgp1UNk.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\n_ce2uyutd8hhgp1unk.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0118.601] GetFileType (hFile=0x278) returned 0x1
[0118.601] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0118.644] GetFileType (hFile=0x278) returned 0x1
[0118.644] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x1d20
[0118.644] ReadFile (in: hFile=0x278, lpBuffer=0x2e480f8, nNumberOfBytesToRead=0x1d20, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2e480f8*, lpNumberOfBytesRead=0xefdfb8*=0x1d20, lpOverlapped=0x0) returned 1
[0118.645] CloseHandle (hObject=0x278) returned 1
[0118.664] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\n_CE2UyUTD8hhgp1UNk.avi", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\n_CE2UyUTD8hhgp1UNk.avi", lpFilePart=0x0) returned 0x2f
[0118.664] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0118.664] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\n_CE2UyUTD8hhgp1UNk.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\n_ce2uyutd8hhgp1unk.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0118.666] GetFileType (hFile=0x278) returned 0x1
[0118.666] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0118.666] GetFileType (hFile=0x278) returned 0x1
[0118.666] WriteFile (in: hFile=0x278, lpBuffer=0x2ec7578*, nNumberOfBytesToWrite=0x1d30, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2ec7578*, lpNumberOfBytesWritten=0xefe018*=0x1d30, lpOverlapped=0x0) returned 1
[0118.667] CloseHandle (hObject=0x278) returned 1
[0118.695] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\oywBt0_fLo2nM lPSO.avi", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\oywBt0_fLo2nM lPSO.avi", lpFilePart=0x0) returned 0x2e
[0118.695] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0118.695] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\oywBt0_fLo2nM lPSO.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\oywbt0_flo2nm lpso.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0118.696] GetFileType (hFile=0x278) returned 0x1
[0118.696] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0118.696] GetFileType (hFile=0x278) returned 0x1
[0118.696] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x9845
[0118.697] ReadFile (in: hFile=0x278, lpBuffer=0x2ec9550, nNumberOfBytesToRead=0x9845, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2ec9550*, lpNumberOfBytesRead=0xefdfb8*=0x9845, lpOverlapped=0x0) returned 1
[0118.698] CloseHandle (hObject=0x278) returned 1
[0118.763] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\oywBt0_fLo2nM lPSO.avi", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\oywBt0_fLo2nM lPSO.avi", lpFilePart=0x0) returned 0x2e
[0118.763] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0118.763] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\oywBt0_fLo2nM lPSO.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\oywbt0_flo2nm lpso.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0118.765] GetFileType (hFile=0x278) returned 0x1
[0118.765] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0118.765] GetFileType (hFile=0x278) returned 0x1
[0118.765] WriteFile (in: hFile=0x278, lpBuffer=0x2d71a38*, nNumberOfBytesToWrite=0x9850, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2d71a38*, lpNumberOfBytesWritten=0xefe018*=0x9850, lpOverlapped=0x0) returned 1
[0118.767] CloseHandle (hObject=0x278) returned 1
[0118.769] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Pk87oz1B8x0DUr0T_S.bmp", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Pk87oz1B8x0DUr0T_S.bmp", lpFilePart=0x0) returned 0x2e
[0118.769] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0118.769] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Pk87oz1B8x0DUr0T_S.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\pk87oz1b8x0dur0t_s.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0118.769] GetFileType (hFile=0x278) returned 0x1
[0118.769] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0118.770] GetFileType (hFile=0x278) returned 0x1
[0118.770] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x11c2c
[0118.770] ReadFile (in: hFile=0x278, lpBuffer=0x2d7b530, nNumberOfBytesToRead=0x11c2c, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2d7b530*, lpNumberOfBytesRead=0xefdfb8*=0x11c2c, lpOverlapped=0x0) returned 1
[0118.771] CloseHandle (hObject=0x278) returned 1
[0118.886] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Pk87oz1B8x0DUr0T_S.bmp", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Pk87oz1B8x0DUr0T_S.bmp", lpFilePart=0x0) returned 0x2e
[0118.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0118.886] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Pk87oz1B8x0DUr0T_S.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\pk87oz1b8x0dur0t_s.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0118.888] GetFileType (hFile=0x278) returned 0x1
[0118.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0118.888] GetFileType (hFile=0x278) returned 0x1
[0118.888] WriteFile (in: hFile=0x278, lpBuffer=0x2e26ef8*, nNumberOfBytesToWrite=0x11c30, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2e26ef8*, lpNumberOfBytesWritten=0xefe018*=0x11c30, lpOverlapped=0x0) returned 1
[0118.891] CloseHandle (hObject=0x278) returned 1
[0118.897] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\SvNPBM-.gif", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\SvNPBM-.gif", lpFilePart=0x0) returned 0x23
[0118.897] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0118.898] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\SvNPBM-.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\svnpbm-.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0118.911] GetFileType (hFile=0x278) returned 0x1
[0118.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0118.912] GetFileType (hFile=0x278) returned 0x1
[0118.912] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x9132
[0118.913] ReadFile (in: hFile=0x278, lpBuffer=0x2e38da0, nNumberOfBytesToRead=0x9132, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2e38da0*, lpNumberOfBytesRead=0xefdfb8*=0x9132, lpOverlapped=0x0) returned 1
[0118.928] CloseHandle (hObject=0x278) returned 1
[0118.971] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\SvNPBM-.gif", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\SvNPBM-.gif", lpFilePart=0x0) returned 0x23
[0118.971] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0118.971] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\SvNPBM-.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\svnpbm-.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0118.973] GetFileType (hFile=0x278) returned 0x1
[0118.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0118.973] GetFileType (hFile=0x278) returned 0x1
[0118.973] WriteFile (in: hFile=0x278, lpBuffer=0x2d05008*, nNumberOfBytesToWrite=0x9140, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2d05008*, lpNumberOfBytesWritten=0xefe018*=0x9140, lpOverlapped=0x0) returned 1
[0118.975] CloseHandle (hObject=0x278) returned 1
[0119.043] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\uFzk8u5NnfgLNoYtCu.flv", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\uFzk8u5NnfgLNoYtCu.flv", lpFilePart=0x0) returned 0x2e
[0119.066] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0119.067] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\uFzk8u5NnfgLNoYtCu.flv" (normalized: "c:\\users\\fd1hvy\\desktop\\ufzk8u5nnfglnoytcu.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0119.067] GetFileType (hFile=0x278) returned 0x1
[0119.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0119.067] GetFileType (hFile=0x278) returned 0x1
[0119.067] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x16ee1
[0119.067] ReadFile (in: hFile=0x278, lpBuffer=0x12d6d440, nNumberOfBytesToRead=0x16ee1, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x12d6d440*, lpNumberOfBytesRead=0xefdfb8*=0x16ee1, lpOverlapped=0x0) returned 1
[0119.069] CloseHandle (hObject=0x278) returned 1
[0119.091] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\uFzk8u5NnfgLNoYtCu.flv", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\uFzk8u5NnfgLNoYtCu.flv", lpFilePart=0x0) returned 0x2e
[0119.092] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0119.092] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\uFzk8u5NnfgLNoYtCu.flv" (normalized: "c:\\users\\fd1hvy\\desktop\\ufzk8u5nnfglnoytcu.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0119.093] GetFileType (hFile=0x278) returned 0x1
[0119.093] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0119.093] GetFileType (hFile=0x278) returned 0x1
[0119.093] WriteFile (in: hFile=0x278, lpBuffer=0x12ddff88*, nNumberOfBytesToWrite=0x16ef0, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x12ddff88*, lpNumberOfBytesWritten=0xefe018*=0x16ef0, lpOverlapped=0x0) returned 1
[0119.095] CloseHandle (hObject=0x278) returned 1
[0119.100] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\VJvL6tO0ETnQke-rP9e.odt", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\VJvL6tO0ETnQke-rP9e.odt", lpFilePart=0x0) returned 0x2f
[0119.100] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0119.100] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\VJvL6tO0ETnQke-rP9e.odt" (normalized: "c:\\users\\fd1hvy\\desktop\\vjvl6to0etnqke-rp9e.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0119.100] GetFileType (hFile=0x278) returned 0x1
[0119.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0119.100] GetFileType (hFile=0x278) returned 0x1
[0119.100] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x10349
[0119.100] ReadFile (in: hFile=0x278, lpBuffer=0x2d84b68, nNumberOfBytesToRead=0x10349, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2d84b68*, lpNumberOfBytesRead=0xefdfb8*=0x10349, lpOverlapped=0x0) returned 1
[0119.143] CloseHandle (hObject=0x278) returned 1
[0119.174] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\VJvL6tO0ETnQke-rP9e.odt", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\VJvL6tO0ETnQke-rP9e.odt", lpFilePart=0x0) returned 0x2f
[0119.174] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0119.174] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\VJvL6tO0ETnQke-rP9e.odt" (normalized: "c:\\users\\fd1hvy\\desktop\\vjvl6to0etnqke-rp9e.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0119.176] GetFileType (hFile=0x278) returned 0x1
[0119.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0119.176] GetFileType (hFile=0x278) returned 0x1
[0119.176] WriteFile (in: hFile=0x278, lpBuffer=0x2e2b7f8*, nNumberOfBytesToWrite=0x10350, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2e2b7f8*, lpNumberOfBytesWritten=0xefe018*=0x10350, lpOverlapped=0x0) returned 1
[0119.178] CloseHandle (hObject=0x278) returned 1
[0119.180] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\VsezaQBBYQ18K1I.avi", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\VsezaQBBYQ18K1I.avi", lpFilePart=0x0) returned 0x2b
[0119.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0119.181] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\VsezaQBBYQ18K1I.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\vsezaqbbyq18k1i.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0119.181] GetFileType (hFile=0x278) returned 0x1
[0119.181] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0119.181] GetFileType (hFile=0x278) returned 0x1
[0119.181] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x8a30
[0119.181] ReadFile (in: hFile=0x278, lpBuffer=0x2e3bde0, nNumberOfBytesToRead=0x8a30, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2e3bde0*, lpNumberOfBytesRead=0xefdfb8*=0x8a30, lpOverlapped=0x0) returned 1
[0119.182] CloseHandle (hObject=0x278) returned 1
[0119.237] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\VsezaQBBYQ18K1I.avi", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\VsezaQBBYQ18K1I.avi", lpFilePart=0x0) returned 0x2b
[0119.237] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0119.237] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\VsezaQBBYQ18K1I.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\vsezaqbbyq18k1i.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0119.239] GetFileType (hFile=0x278) returned 0x1
[0119.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0119.239] GetFileType (hFile=0x278) returned 0x1
[0119.239] WriteFile (in: hFile=0x278, lpBuffer=0x2edd3b0*, nNumberOfBytesToWrite=0x8a40, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2edd3b0*, lpNumberOfBytesWritten=0xefe018*=0x8a40, lpOverlapped=0x0) returned 1
[0119.254] CloseHandle (hObject=0x278) returned 1
[0119.256] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vTwtJ4Yn9Z2M.gif", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vTwtJ4Yn9Z2M.gif", lpFilePart=0x0) returned 0x28
[0119.256] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0119.256] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\vTwtJ4Yn9Z2M.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\vtwtj4yn9z2m.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0119.257] GetFileType (hFile=0x278) returned 0x1
[0119.257] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0119.257] GetFileType (hFile=0x278) returned 0x1
[0119.257] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x906b
[0119.258] ReadFile (in: hFile=0x278, lpBuffer=0x2ee6078, nNumberOfBytesToRead=0x906b, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2ee6078*, lpNumberOfBytesRead=0xefdfb8*=0x906b, lpOverlapped=0x0) returned 1
[0119.260] CloseHandle (hObject=0x278) returned 1
[0119.449] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vTwtJ4Yn9Z2M.gif", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vTwtJ4Yn9Z2M.gif", lpFilePart=0x0) returned 0x28
[0119.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0119.449] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\vTwtJ4Yn9Z2M.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\vtwtj4yn9z2m.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0119.537] GetFileType (hFile=0x278) returned 0x1
[0119.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0119.537] GetFileType (hFile=0x278) returned 0x1
[0119.537] WriteFile (in: hFile=0x278, lpBuffer=0x2f89540*, nNumberOfBytesToWrite=0x9070, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2f89540*, lpNumberOfBytesWritten=0xefe018*=0x9070, lpOverlapped=0x0) returned 1
[0119.540] CloseHandle (hObject=0x278) returned 1
[0119.544] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\W0nPkuSy3WYXP1R2S.mp4", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\W0nPkuSy3WYXP1R2S.mp4", lpFilePart=0x0) returned 0x2d
[0119.544] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0119.544] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\W0nPkuSy3WYXP1R2S.mp4" (normalized: "c:\\users\\fd1hvy\\desktop\\w0npkusy3wyxp1r2s.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0119.545] GetFileType (hFile=0x278) returned 0x1
[0119.545] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0119.545] GetFileType (hFile=0x278) returned 0x1
[0119.545] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0xd77d
[0119.547] ReadFile (in: hFile=0x278, lpBuffer=0x2f92848, nNumberOfBytesToRead=0xd77d, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2f92848*, lpNumberOfBytesRead=0xefdfb8*=0xd77d, lpOverlapped=0x0) returned 1
[0119.552] CloseHandle (hObject=0x278) returned 1
[0119.668] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\W0nPkuSy3WYXP1R2S.mp4", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\W0nPkuSy3WYXP1R2S.mp4", lpFilePart=0x0) returned 0x2d
[0119.668] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0119.668] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\W0nPkuSy3WYXP1R2S.mp4" (normalized: "c:\\users\\fd1hvy\\desktop\\w0npkusy3wyxp1r2s.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0119.670] GetFileType (hFile=0x278) returned 0x1
[0119.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0119.670] GetFileType (hFile=0x278) returned 0x1
[0119.670] WriteFile (in: hFile=0x278, lpBuffer=0x3031168*, nNumberOfBytesToWrite=0xd780, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x3031168*, lpNumberOfBytesWritten=0xefe018*=0xd780, lpOverlapped=0x0) returned 1
[0119.672] CloseHandle (hObject=0x278) returned 1
[0119.675] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\wb1N5W.mp4", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\wb1N5W.mp4", lpFilePart=0x0) returned 0x22
[0119.675] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0119.675] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\wb1N5W.mp4" (normalized: "c:\\users\\fd1hvy\\desktop\\wb1n5w.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0119.675] GetFileType (hFile=0x278) returned 0x1
[0119.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0119.675] GetFileType (hFile=0x278) returned 0x1
[0119.675] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x17177
[0119.676] ReadFile (in: hFile=0x278, lpBuffer=0x12e32480, nNumberOfBytesToRead=0x17177, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x12e32480*, lpNumberOfBytesRead=0xefdfb8*=0x17177, lpOverlapped=0x0) returned 1
[0119.678] CloseHandle (hObject=0x278) returned 1
[0119.940] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\wb1N5W.mp4", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\wb1N5W.mp4", lpFilePart=0x0) returned 0x22
[0119.940] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0119.940] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\wb1N5W.mp4" (normalized: "c:\\users\\fd1hvy\\desktop\\wb1n5w.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0119.942] GetFileType (hFile=0x278) returned 0x1
[0119.942] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0119.942] GetFileType (hFile=0x278) returned 0x1
[0119.942] WriteFile (in: hFile=0x278, lpBuffer=0x12ea5c98*, nNumberOfBytesToWrite=0x17180, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x12ea5c98*, lpNumberOfBytesWritten=0xefe018*=0x17180, lpOverlapped=0x0) returned 1
[0119.946] CloseHandle (hObject=0x278) returned 1
[0119.949] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\worm_tool.sys", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\worm_tool.sys", lpFilePart=0x0) returned 0x25
[0119.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0119.949] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\worm_tool.sys" (normalized: "c:\\users\\fd1hvy\\desktop\\worm_tool.sys"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0119.949] GetFileType (hFile=0x278) returned 0x1
[0119.949] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0119.949] GetFileType (hFile=0x278) returned 0x1
[0119.949] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x9
[0119.949] ReadFile (in: hFile=0x278, lpBuffer=0x2d0c010, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2d0c010*, lpNumberOfBytesRead=0xefdfb8*=0x9, lpOverlapped=0x0) returned 1
[0119.949] CloseHandle (hObject=0x278) returned 1
[0119.969] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\worm_tool.sys", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\worm_tool.sys", lpFilePart=0x0) returned 0x25
[0119.969] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0119.969] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\worm_tool.sys" (normalized: "c:\\users\\fd1hvy\\desktop\\worm_tool.sys"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0119.970] GetFileType (hFile=0x278) returned 0x1
[0119.970] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0119.970] GetFileType (hFile=0x278) returned 0x1
[0119.970] WriteFile (in: hFile=0x278, lpBuffer=0x2d837a0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xefdec8, lpOverlapped=0x0 | out: lpBuffer=0x2d837a0*, lpNumberOfBytesWritten=0xefdec8*=0x10, lpOverlapped=0x0) returned 1
[0119.972] CloseHandle (hObject=0x278) returned 1
[0119.973] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\X EakLD0TYMH1T.gif", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\X EakLD0TYMH1T.gif", lpFilePart=0x0) returned 0x2a
[0119.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0119.973] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\X EakLD0TYMH1T.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\x eakld0tymh1t.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0119.973] GetFileType (hFile=0x278) returned 0x1
[0119.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0119.973] GetFileType (hFile=0x278) returned 0x1
[0119.973] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0xdf3a
[0119.973] ReadFile (in: hFile=0x278, lpBuffer=0x2d848f0, nNumberOfBytesToRead=0xdf3a, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2d848f0*, lpNumberOfBytesRead=0xefdfb8*=0xdf3a, lpOverlapped=0x0) returned 1
[0119.975] CloseHandle (hObject=0x278) returned 1
[0120.081] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\X EakLD0TYMH1T.gif", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\X EakLD0TYMH1T.gif", lpFilePart=0x0) returned 0x2a
[0120.081] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.081] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\X EakLD0TYMH1T.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\x eakld0tymh1t.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.083] GetFileType (hFile=0x278) returned 0x1
[0120.083] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.083] GetFileType (hFile=0x278) returned 0x1
[0120.083] WriteFile (in: hFile=0x278, lpBuffer=0x2e24950*, nNumberOfBytesToWrite=0xdf40, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2e24950*, lpNumberOfBytesWritten=0xefe018*=0xdf40, lpOverlapped=0x0) returned 1
[0120.085] CloseHandle (hObject=0x278) returned 1
[0120.103] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\yA5RhtAAB12zR.mp3", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\yA5RhtAAB12zR.mp3", lpFilePart=0x0) returned 0x29
[0120.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.103] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\yA5RhtAAB12zR.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\ya5rhtaab12zr.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.103] GetFileType (hFile=0x278) returned 0x1
[0120.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.103] GetFileType (hFile=0x278) returned 0x1
[0120.103] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x144c5
[0120.104] ReadFile (in: hFile=0x278, lpBuffer=0x2e32b18, nNumberOfBytesToRead=0x144c5, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2e32b18*, lpNumberOfBytesRead=0xefdfb8*=0x144c5, lpOverlapped=0x0) returned 1
[0120.105] CloseHandle (hObject=0x278) returned 1
[0120.223] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\yA5RhtAAB12zR.mp3", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\yA5RhtAAB12zR.mp3", lpFilePart=0x0) returned 0x29
[0120.223] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.223] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\yA5RhtAAB12zR.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\ya5rhtaab12zr.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.285] GetFileType (hFile=0x278) returned 0x1
[0120.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.285] GetFileType (hFile=0x278) returned 0x1
[0120.286] WriteFile (in: hFile=0x278, lpBuffer=0x2ee5c28*, nNumberOfBytesToWrite=0x144d0, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2ee5c28*, lpNumberOfBytesWritten=0xefe018*=0x144d0, lpOverlapped=0x0) returned 1
[0120.288] CloseHandle (hObject=0x278) returned 1
[0120.292] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\YJ1hhGAE6yj-Y.bmp", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\YJ1hhGAE6yj-Y.bmp", lpFilePart=0x0) returned 0x29
[0120.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.292] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\YJ1hhGAE6yj-Y.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\yj1hhgae6yj-y.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.292] GetFileType (hFile=0x278) returned 0x1
[0120.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.293] GetFileType (hFile=0x278) returned 0x1
[0120.293] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x8062
[0120.293] ReadFile (in: hFile=0x278, lpBuffer=0x2efa380, nNumberOfBytesToRead=0x8062, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2efa380*, lpNumberOfBytesRead=0xefdfb8*=0x8062, lpOverlapped=0x0) returned 1
[0120.294] CloseHandle (hObject=0x278) returned 1
[0120.319] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\YJ1hhGAE6yj-Y.bmp", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\YJ1hhGAE6yj-Y.bmp", lpFilePart=0x0) returned 0x29
[0120.319] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.319] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\YJ1hhGAE6yj-Y.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\yj1hhgae6yj-y.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.395] GetFileType (hFile=0x278) returned 0x1
[0120.395] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.395] GetFileType (hFile=0x278) returned 0x1
[0120.395] WriteFile (in: hFile=0x278, lpBuffer=0x2da0828*, nNumberOfBytesToWrite=0x8070, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2da0828*, lpNumberOfBytesWritten=0xefe018*=0x8070, lpOverlapped=0x0) returned 1
[0120.398] CloseHandle (hObject=0x278) returned 1
[0120.401] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\z2TwaHe fR3G.swf", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\z2TwaHe fR3G.swf", lpFilePart=0x0) returned 0x28
[0120.401] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.402] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\z2TwaHe fR3G.swf" (normalized: "c:\\users\\fd1hvy\\desktop\\z2twahe fr3g.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.402] GetFileType (hFile=0x278) returned 0x1
[0120.402] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.402] GetFileType (hFile=0x278) returned 0x1
[0120.402] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x13d5b
[0120.402] ReadFile (in: hFile=0x278, lpBuffer=0x2da8b20, nNumberOfBytesToRead=0x13d5b, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2da8b20*, lpNumberOfBytesRead=0xefdfb8*=0x13d5b, lpOverlapped=0x0) returned 1
[0120.404] CloseHandle (hObject=0x278) returned 1
[0120.428] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\z2TwaHe fR3G.swf", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\z2TwaHe fR3G.swf", lpFilePart=0x0) returned 0x28
[0120.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.428] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\z2TwaHe fR3G.swf" (normalized: "c:\\users\\fd1hvy\\desktop\\z2twahe fr3g.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.473] GetFileType (hFile=0x278) returned 0x1
[0120.473] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.473] GetFileType (hFile=0x278) returned 0x1
[0120.473] WriteFile (in: hFile=0x278, lpBuffer=0x2e5a878*, nNumberOfBytesToWrite=0x13d60, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2e5a878*, lpNumberOfBytesWritten=0xefe018*=0x13d60, lpOverlapped=0x0) returned 1
[0120.475] CloseHandle (hObject=0x278) returned 1
[0120.480] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\ZJ7 uJ.flv", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\ZJ7 uJ.flv", lpFilePart=0x0) returned 0x22
[0120.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.480] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\ZJ7 uJ.flv" (normalized: "c:\\users\\fd1hvy\\desktop\\zj7 uj.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.480] GetFileType (hFile=0x278) returned 0x1
[0120.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.480] GetFileType (hFile=0x278) returned 0x1
[0120.480] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x919
[0120.480] ReadFile (in: hFile=0x278, lpBuffer=0x2e6f178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6f178*, lpNumberOfBytesRead=0xefdfb8*=0x919, lpOverlapped=0x0) returned 1
[0120.481] CloseHandle (hObject=0x278) returned 1
[0120.500] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\ZJ7 uJ.flv", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\ZJ7 uJ.flv", lpFilePart=0x0) returned 0x22
[0120.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.500] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\ZJ7 uJ.flv" (normalized: "c:\\users\\fd1hvy\\desktop\\zj7 uj.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.501] GetFileType (hFile=0x278) returned 0x1
[0120.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.502] GetFileType (hFile=0x278) returned 0x1
[0120.502] WriteFile (in: hFile=0x278, lpBuffer=0x2ee92e0*, nNumberOfBytesToWrite=0x920, lpNumberOfBytesWritten=0xefdec8, lpOverlapped=0x0 | out: lpBuffer=0x2ee92e0*, lpNumberOfBytesWritten=0xefdec8*=0x920, lpOverlapped=0x0) returned 1
[0120.502] CloseHandle (hObject=0x278) returned 1
[0120.504] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\-VozkKaIANbyfaf2PF.swf", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\-VozkKaIANbyfaf2PF.swf", lpFilePart=0x0) returned 0x3f
[0120.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.504] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\-VozkKaIANbyfaf2PF.swf" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\-vozkkaianbyfaf2pf.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.504] GetFileType (hFile=0x278) returned 0x1
[0120.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.504] GetFileType (hFile=0x278) returned 0x1
[0120.504] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0xa860
[0120.504] ReadFile (in: hFile=0x278, lpBuffer=0x2eea460, nNumberOfBytesToRead=0xa860, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2eea460*, lpNumberOfBytesRead=0xefdfb8*=0xa860, lpOverlapped=0x0) returned 1
[0120.505] CloseHandle (hObject=0x278) returned 1
[0120.543] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\-VozkKaIANbyfaf2PF.swf", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\-VozkKaIANbyfaf2PF.swf", lpFilePart=0x0) returned 0x3f
[0120.543] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.543] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\-VozkKaIANbyfaf2PF.swf" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\-vozkkaianbyfaf2pf.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.544] GetFileType (hFile=0x278) returned 0x1
[0120.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.544] GetFileType (hFile=0x278) returned 0x1
[0120.545] WriteFile (in: hFile=0x278, lpBuffer=0x2d827e8*, nNumberOfBytesToWrite=0xa870, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2d827e8*, lpNumberOfBytesWritten=0xefe018*=0xa870, lpOverlapped=0x0) returned 1
[0120.546] CloseHandle (hObject=0x278) returned 1
[0120.549] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\8KnL.m4a", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\8KnL.m4a", lpFilePart=0x0) returned 0x31
[0120.549] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.549] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\8KnL.m4a" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\8knl.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.549] GetFileType (hFile=0x278) returned 0x1
[0120.549] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.549] GetFileType (hFile=0x278) returned 0x1
[0120.549] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x554f
[0120.549] ReadFile (in: hFile=0x278, lpBuffer=0x2d8d310, nNumberOfBytesToRead=0x554f, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2d8d310*, lpNumberOfBytesRead=0xefdfb8*=0x554f, lpOverlapped=0x0) returned 1
[0120.550] CloseHandle (hObject=0x278) returned 1
[0120.566] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\8KnL.m4a", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\8KnL.m4a", lpFilePart=0x0) returned 0x31
[0120.566] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.566] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\8KnL.m4a" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\8knl.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.567] GetFileType (hFile=0x278) returned 0x1
[0120.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.567] GetFileType (hFile=0x278) returned 0x1
[0120.567] WriteFile (in: hFile=0x278, lpBuffer=0x2e1e2d0*, nNumberOfBytesToWrite=0x5550, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2e1e2d0*, lpNumberOfBytesWritten=0xefe018*=0x5550, lpOverlapped=0x0) returned 1
[0120.569] CloseHandle (hObject=0x278) returned 1
[0120.633] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\boCy7zpuGQHKnY7zpp.mkv", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\boCy7zpuGQHKnY7zpp.mkv", lpFilePart=0x0) returned 0x3f
[0120.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.633] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\boCy7zpuGQHKnY7zpp.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\bocy7zpugqhkny7zpp.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.633] GetFileType (hFile=0x278) returned 0x1
[0120.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.633] GetFileType (hFile=0x278) returned 0x1
[0120.633] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x767
[0120.633] ReadFile (in: hFile=0x278, lpBuffer=0x2e24258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2e24258*, lpNumberOfBytesRead=0xefdfb8*=0x767, lpOverlapped=0x0) returned 1
[0120.634] CloseHandle (hObject=0x278) returned 1
[0120.646] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\boCy7zpuGQHKnY7zpp.mkv", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\boCy7zpuGQHKnY7zpp.mkv", lpFilePart=0x0) returned 0x3f
[0120.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.646] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\boCy7zpuGQHKnY7zpp.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\bocy7zpugqhkny7zpp.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.647] GetFileType (hFile=0x278) returned 0x1
[0120.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.647] GetFileType (hFile=0x278) returned 0x1
[0120.647] WriteFile (in: hFile=0x278, lpBuffer=0x2e9dba8*, nNumberOfBytesToWrite=0x770, lpNumberOfBytesWritten=0xefdec8, lpOverlapped=0x0 | out: lpBuffer=0x2e9dba8*, lpNumberOfBytesWritten=0xefdec8*=0x770, lpOverlapped=0x0) returned 1
[0120.649] CloseHandle (hObject=0x278) returned 1
[0120.653] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\gl9EW8kB8hZkMWu.docx", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\gl9EW8kB8hZkMWu.docx", lpFilePart=0x0) returned 0x3d
[0120.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.653] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\gl9EW8kB8hZkMWu.docx" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\gl9ew8kb8hzkmwu.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.653] GetFileType (hFile=0x278) returned 0x1
[0120.653] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.653] GetFileType (hFile=0x278) returned 0x1
[0120.653] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x102af
[0120.653] ReadFile (in: hFile=0x278, lpBuffer=0x2e9ed28, nNumberOfBytesToRead=0x102af, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2e9ed28*, lpNumberOfBytesRead=0xefdfb8*=0x102af, lpOverlapped=0x0) returned 1
[0120.655] CloseHandle (hObject=0x278) returned 1
[0120.742] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\gl9EW8kB8hZkMWu.docx", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\gl9EW8kB8hZkMWu.docx", lpFilePart=0x0) returned 0x3d
[0120.743] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.743] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\gl9EW8kB8hZkMWu.docx" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\gl9ew8kb8hzkmwu.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.744] GetFileType (hFile=0x278) returned 0x1
[0120.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.744] GetFileType (hFile=0x278) returned 0x1
[0120.744] WriteFile (in: hFile=0x278, lpBuffer=0x2d4b280*, nNumberOfBytesToWrite=0x102b0, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2d4b280*, lpNumberOfBytesWritten=0xefe018*=0x102b0, lpOverlapped=0x0) returned 1
[0120.747] CloseHandle (hObject=0x278) returned 1
[0120.753] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\Gs8x9.jpg", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\Gs8x9.jpg", lpFilePart=0x0) returned 0x32
[0120.753] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.753] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\Gs8x9.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\gs8x9.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.753] GetFileType (hFile=0x278) returned 0x1
[0120.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.753] GetFileType (hFile=0x278) returned 0x1
[0120.754] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x1575e
[0120.754] ReadFile (in: hFile=0x278, lpBuffer=0x12fbc2c8, nNumberOfBytesToRead=0x1575e, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x12fbc2c8*, lpNumberOfBytesRead=0xefdfb8*=0x1575e, lpOverlapped=0x0) returned 1
[0120.757] CloseHandle (hObject=0x278) returned 1
[0120.814] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\Gs8x9.jpg", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\Gs8x9.jpg", lpFilePart=0x0) returned 0x32
[0120.814] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.814] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\Gs8x9.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\gs8x9.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.816] GetFileType (hFile=0x278) returned 0x1
[0120.816] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.816] GetFileType (hFile=0x278) returned 0x1
[0120.816] WriteFile (in: hFile=0x278, lpBuffer=0x12cd7750*, nNumberOfBytesToWrite=0x15760, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x12cd7750*, lpNumberOfBytesWritten=0xefe018*=0x15760, lpOverlapped=0x0) returned 1
[0120.818] CloseHandle (hObject=0x278) returned 1
[0120.829] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\NcdRYDpzm_y0yX.mkv", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\NcdRYDpzm_y0yX.mkv", lpFilePart=0x0) returned 0x3b
[0120.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.829] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\NcdRYDpzm_y0yX.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\ncdrydpzm_y0yx.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.830] GetFileType (hFile=0x278) returned 0x1
[0120.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.830] GetFileType (hFile=0x278) returned 0x1
[0120.830] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x25f4
[0120.830] ReadFile (in: hFile=0x278, lpBuffer=0x2ccc018, nNumberOfBytesToRead=0x25f4, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2ccc018*, lpNumberOfBytesRead=0xefdfb8*=0x25f4, lpOverlapped=0x0) returned 1
[0120.831] CloseHandle (hObject=0x278) returned 1
[0120.953] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\NcdRYDpzm_y0yX.mkv", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\NcdRYDpzm_y0yX.mkv", lpFilePart=0x0) returned 0x3b
[0120.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.953] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\NcdRYDpzm_y0yX.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\ncdrydpzm_y0yx.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.954] GetFileType (hFile=0x278) returned 0x1
[0120.955] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.955] GetFileType (hFile=0x278) returned 0x1
[0120.955] WriteFile (in: hFile=0x278, lpBuffer=0x2d4e348*, nNumberOfBytesToWrite=0x2600, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2d4e348*, lpNumberOfBytesWritten=0xefe018*=0x2600, lpOverlapped=0x0) returned 1
[0120.956] CloseHandle (hObject=0x278) returned 1
[0120.957] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\NM5P64Qloz5o2Pc6maz.avi", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\NM5P64Qloz5o2Pc6maz.avi", lpFilePart=0x0) returned 0x40
[0120.957] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0120.957] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\NM5P64Qloz5o2Pc6maz.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\nm5p64qloz5o2pc6maz.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0120.957] GetFileType (hFile=0x278) returned 0x1
[0120.957] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0120.957] GetFileType (hFile=0x278) returned 0x1
[0120.957] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x4465
[0120.957] ReadFile (in: hFile=0x278, lpBuffer=0x2d50c28, nNumberOfBytesToRead=0x4465, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2d50c28*, lpNumberOfBytesRead=0xefdfb8*=0x4465, lpOverlapped=0x0) returned 1
[0120.958] CloseHandle (hObject=0x278) returned 1
[0121.018] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\NM5P64Qloz5o2Pc6maz.avi", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\NM5P64Qloz5o2Pc6maz.avi", lpFilePart=0x0) returned 0x40
[0121.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0121.018] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\NM5P64Qloz5o2Pc6maz.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\nm5p64qloz5o2pc6maz.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0121.019] GetFileType (hFile=0x278) returned 0x1
[0121.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0121.019] GetFileType (hFile=0x278) returned 0x1
[0121.020] WriteFile (in: hFile=0x278, lpBuffer=0x2ddc4f0*, nNumberOfBytesToWrite=0x4470, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2ddc4f0*, lpNumberOfBytesWritten=0xefe018*=0x4470, lpOverlapped=0x0) returned 1
[0121.021] CloseHandle (hObject=0x278) returned 1
[0121.024] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\PXeSuBVYnDKe9j.gif", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\PXeSuBVYnDKe9j.gif", lpFilePart=0x0) returned 0x3b
[0121.024] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0121.024] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\PXeSuBVYnDKe9j.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\pxesubvyndke9j.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0121.024] GetFileType (hFile=0x278) returned 0x1
[0121.024] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0121.024] GetFileType (hFile=0x278) returned 0x1
[0121.024] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0xb0d1
[0121.024] ReadFile (in: hFile=0x278, lpBuffer=0x2de0c40, nNumberOfBytesToRead=0xb0d1, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2de0c40*, lpNumberOfBytesRead=0xefdfb8*=0xb0d1, lpOverlapped=0x0) returned 1
[0121.025] CloseHandle (hObject=0x278) returned 1
[0121.105] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\PXeSuBVYnDKe9j.gif", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\PXeSuBVYnDKe9j.gif", lpFilePart=0x0) returned 0x3b
[0121.105] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0121.105] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\PXeSuBVYnDKe9j.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\pxesubvyndke9j.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0121.107] GetFileType (hFile=0x278) returned 0x1
[0121.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0121.107] GetFileType (hFile=0x278) returned 0x1
[0121.107] WriteFile (in: hFile=0x278, lpBuffer=0x2e78180*, nNumberOfBytesToWrite=0xb0e0, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2e78180*, lpNumberOfBytesWritten=0xefe018*=0xb0e0, lpOverlapped=0x0) returned 1
[0121.109] CloseHandle (hObject=0x278) returned 1
[0121.113] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\qHQvcOjYY.csv", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\qHQvcOjYY.csv", lpFilePart=0x0) returned 0x36
[0121.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0121.114] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\qHQvcOjYY.csv" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\qhqvcojyy.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0121.114] GetFileType (hFile=0x278) returned 0x1
[0121.114] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0121.114] GetFileType (hFile=0x278) returned 0x1
[0121.114] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x29c8
[0121.114] ReadFile (in: hFile=0x278, lpBuffer=0x2e83518, nNumberOfBytesToRead=0x29c8, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2e83518*, lpNumberOfBytesRead=0xefdfb8*=0x29c8, lpOverlapped=0x0) returned 1
[0121.115] CloseHandle (hObject=0x278) returned 1
[0121.165] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\qHQvcOjYY.csv", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\qHQvcOjYY.csv", lpFilePart=0x0) returned 0x36
[0121.165] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0121.165] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\qHQvcOjYY.csv" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\qhqvcojyy.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0121.166] GetFileType (hFile=0x278) returned 0x1
[0121.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0121.166] GetFileType (hFile=0x278) returned 0x1
[0121.167] WriteFile (in: hFile=0x278, lpBuffer=0x2d09870*, nNumberOfBytesToWrite=0x29d0, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2d09870*, lpNumberOfBytesWritten=0xefe018*=0x29d0, lpOverlapped=0x0) returned 1
[0121.168] CloseHandle (hObject=0x278) returned 1
[0121.173] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\Re7VDVuURVwl9kR.bmp", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\Re7VDVuURVwl9kR.bmp", lpFilePart=0x0) returned 0x3c
[0121.173] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0121.173] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\Re7VDVuURVwl9kR.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\re7vdvuurvwl9kr.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0121.173] GetFileType (hFile=0x278) returned 0x1
[0121.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0121.173] GetFileType (hFile=0x278) returned 0x1
[0121.173] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x13468
[0121.173] ReadFile (in: hFile=0x278, lpBuffer=0x2d0c500, nNumberOfBytesToRead=0x13468, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2d0c500*, lpNumberOfBytesRead=0xefdfb8*=0x13468, lpOverlapped=0x0) returned 1
[0121.174] CloseHandle (hObject=0x278) returned 1
[0121.295] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\Re7VDVuURVwl9kR.bmp", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\Re7VDVuURVwl9kR.bmp", lpFilePart=0x0) returned 0x3c
[0121.296] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0121.296] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\Re7VDVuURVwl9kR.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\re7vdvuurvwl9kr.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0121.298] GetFileType (hFile=0x278) returned 0x1
[0121.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0121.298] GetFileType (hFile=0x278) returned 0x1
[0121.298] WriteFile (in: hFile=0x278, lpBuffer=0x2dbc780*, nNumberOfBytesToWrite=0x13470, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2dbc780*, lpNumberOfBytesWritten=0xefe018*=0x13470, lpOverlapped=0x0) returned 1
[0121.300] CloseHandle (hObject=0x278) returned 1
[0121.607] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\xc1cEbR_hV5v.pps", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\xc1cEbR_hV5v.pps", lpFilePart=0x0) returned 0x39
[0121.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0121.607] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\xc1cEbR_hV5v.pps" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\xc1cebr_hv5v.pps"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0121.607] GetFileType (hFile=0x278) returned 0x1
[0121.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0121.607] GetFileType (hFile=0x278) returned 0x1
[0121.608] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0xe81a
[0121.608] ReadFile (in: hFile=0x278, lpBuffer=0x2dcfec0, nNumberOfBytesToRead=0xe81a, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2dcfec0*, lpNumberOfBytesRead=0xefdfb8*=0xe81a, lpOverlapped=0x0) returned 1
[0121.609] CloseHandle (hObject=0x278) returned 1
[0121.632] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\xc1cEbR_hV5v.pps", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\xc1cEbR_hV5v.pps", lpFilePart=0x0) returned 0x39
[0121.632] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0121.632] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\xc1cEbR_hV5v.pps" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\xc1cebr_hv5v.pps"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0121.689] GetFileType (hFile=0x278) returned 0x1
[0121.689] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0121.689] GetFileType (hFile=0x278) returned 0x1
[0121.689] WriteFile (in: hFile=0x278, lpBuffer=0x2e719c0*, nNumberOfBytesToWrite=0xe820, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2e719c0*, lpNumberOfBytesWritten=0xefe018*=0xe820, lpOverlapped=0x0) returned 1
[0121.692] CloseHandle (hObject=0x278) returned 1
[0121.890] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\ytqlJrGd cBCL6XP7F.mp4", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\ytqlJrGd cBCL6XP7F.mp4", lpFilePart=0x0) returned 0x3f
[0121.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0121.890] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\ytqlJrGd cBCL6XP7F.mp4" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\ytqljrgd cbcl6xp7f.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0121.891] GetFileType (hFile=0x278) returned 0x1
[0121.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0121.891] GetFileType (hFile=0x278) returned 0x1
[0121.891] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x11cbe
[0121.891] ReadFile (in: hFile=0x278, lpBuffer=0x2e804b8, nNumberOfBytesToRead=0x11cbe, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2e804b8*, lpNumberOfBytesRead=0xefdfb8*=0x11cbe, lpOverlapped=0x0) returned 1
[0121.892] CloseHandle (hObject=0x278) returned 1
[0121.962] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\ytqlJrGd cBCL6XP7F.mp4", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\ytqlJrGd cBCL6XP7F.mp4", lpFilePart=0x0) returned 0x3f
[0121.962] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0121.962] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Z Yv6OX_JjRd88R_\\ytqlJrGd cBCL6XP7F.mp4" (normalized: "c:\\users\\fd1hvy\\desktop\\z yv6ox_jjrd88r_\\ytqljrgd cbcl6xp7f.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0121.976] GetFileType (hFile=0x278) returned 0x1
[0121.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0121.977] GetFileType (hFile=0x278) returned 0x1
[0121.977] WriteFile (in: hFile=0x278, lpBuffer=0x2d43470*, nNumberOfBytesToWrite=0x11cc0, lpNumberOfBytesWritten=0xefe018, lpOverlapped=0x0 | out: lpBuffer=0x2d43470*, lpNumberOfBytesWritten=0xefe018*=0x11cc0, lpOverlapped=0x0) returned 1
[0121.979] CloseHandle (hObject=0x278) returned 1
[0122.051] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\worm_tool.sys", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\worm_tool.sys", lpFilePart=0x0) returned 0x27
[0122.051] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0122.051] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Downloads\\worm_tool.sys" (normalized: "c:\\users\\fd1hvy\\downloads\\worm_tool.sys"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0122.051] GetFileType (hFile=0x278) returned 0x1
[0122.051] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0122.051] GetFileType (hFile=0x278) returned 0x1
[0122.051] GetFileSize (in: hFile=0x278, lpFileSizeHigh=0xefe088 | out: lpFileSizeHigh=0xefe088*=0x0) returned 0x9
[0122.051] ReadFile (in: hFile=0x278, lpBuffer=0x2d55400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xefdfb8, lpOverlapped=0x0 | out: lpBuffer=0x2d55400*, lpNumberOfBytesRead=0xefdfb8*=0x9, lpOverlapped=0x0) returned 1
[0122.051] CloseHandle (hObject=0x278) returned 1
[0122.065] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\worm_tool.sys", nBufferLength=0x105, lpBuffer=0xefd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\worm_tool.sys", lpFilePart=0x0) returned 0x27
[0122.065] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefdee0) returned 1
[0122.065] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Downloads\\worm_tool.sys" (normalized: "c:\\users\\fd1hvy\\downloads\\worm_tool.sys"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x278
[0122.067] GetFileType (hFile=0x278) returned 0x1
[0122.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefde50) returned 1
[0122.067] GetFileType (hFile=0x278) returned 0x1
[0122.067] WriteFile (in: hFile=0x278, lpBuffer=0x2dccb90*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xefdec8, lpOverlapped=0x0 | out: lpBuffer=0x2dccb90*, lpNumberOfBytesWritten=0xefdec8*=0x10, lpOverlapped=0x0) returned 1
[0122.068] CloseHandle (hObject=0x278) returned 1
[0122.077] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0122.078] GetMessageA (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0122.078] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0122.078] DispatchMessageA (lpMsg=0xefe7e0) returned 0x1
[0122.078] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0122.078] IsWindowUnicode (hWnd=0x202d2) returned 1
[0122.078] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0122.078] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0122.079] DispatchMessageW (lpMsg=0xefe7e0) returned 0x0
[0122.079] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0122.079] IsWindowUnicode (hWnd=0x902c8) returned 1
[0122.079] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0122.079] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0122.079] DispatchMessageW (lpMsg=0xefe7e0) returned 0x0
[0122.095] GetWindowThreadProcessId (in: hWnd=0x902c8, lpdwProcessId=0xefe110 | out: lpdwProcessId=0xefe110) returned 0x4b0
[0122.095] GetCurrentThreadId () returned 0x4b0
[0122.095] IsWindow (hWnd=0x902c8) returned 1
[0122.095] KillTimer (hWnd=0x902c8, uIDEvent=0xd) returned 1
[0122.095] DestroyWindow (hWnd=0x902c8) returned 1
[0122.095] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x902c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0122.095] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x902c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0122.096] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x902c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0122.098] CoTaskMemAlloc (cb=0x20c) returned 0x10862b0
[0122.098] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10862b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0122.099] CoTaskMemFree (pv=0x10862b0)
[0122.099] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefdaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0122.099] CoTaskMemAlloc (cb=0x280) returned 0x1db45410
[0122.099] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db45410, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0122.099] CoTaskMemFree (pv=0x1db45410)
[0122.099] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0122.099] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefe0d0) returned 1
[0122.099] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefe1b0 | out: lpFileInformation=0xefe1b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0122.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefe090) returned 1
[0122.100] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0122.100] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefe0d0) returned 1
[0122.100] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefe1b0 | out: lpFileInformation=0xefe1b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0122.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefe090) returned 1
[0122.101] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0122.101] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0xa02c8
[0122.102] SetWindowLongPtrW (hWnd=0xa02c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0122.102] GetWindowLongPtrW (hWnd=0xa02c8, nIndex=-4) returned 0x7ffcea425090
[0122.102] SetWindowLongPtrW (hWnd=0xa02c8, nIndex=-4, dwNewLong=0x1b7d3c1c) returned 0x7ffcea425090
[0122.102] GetWindowLongPtrW (hWnd=0xa02c8, nIndex=-4) returned 0x1b7d3c1c
[0122.102] GetWindowLongPtrW (hWnd=0xa02c8, nIndex=-16) returned 0x4c00000
[0122.103] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xa02c8, Msg=0x24, wParam=0x0, lParam=0xefd7f0) returned 0x0
[0122.103] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xa02c8, Msg=0x81, wParam=0x0, lParam=0xefd760) returned 0x1
[0122.104] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xa02c8, Msg=0x83, wParam=0x0, lParam=0xefd810) returned 0x0
[0122.104] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xa02c8, Msg=0x1, wParam=0x0, lParam=0xefd730) returned 0x0
[0122.105] SetTimer (hWnd=0xa02c8, nIDEvent=0xe, uElapse=0x64, lpTimerFunc=0x0) returned 0xe
[0122.105] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0122.105] IsWindowUnicode (hWnd=0x102d8) returned 1
[0122.105] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0122.105] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0122.105] DispatchMessageW (lpMsg=0xefe7e0) returned 0x0
[0122.105] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0122.106] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0122.106] GetSystemMetrics (nIndex=42) returned 0
[0122.106] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefe060, nMaxCount=9 | out: lpString="01:59:58") returned 8
[0122.106] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefe060) returned 0x8
[0122.106] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0122.106] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0122.106] GetSystemMetrics (nIndex=42) returned 0
[0122.106] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefe000, nMaxCount=9 | out: lpString="01:59:58") returned 8
[0122.106] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefe000) returned 0x8
[0122.106] SetWindowTextW (hWnd=0x702c2, lpString="01:59:47") returned 1
[0122.106] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xc, wParam=0x0, lParam=0x2dcef4c) returned 0x1
[0122.106] GetStockObject (i=5) returned 0x900015
[0122.106] GetDlgItem (hDlg=0x502b4, nIDDlgItem=459458) returned 0x702c2
[0122.106] SendMessageW (hWnd=0x702c2, Msg=0x202b, wParam=0x702c2, lParam=0xefd760) returned 0x0
[0122.106] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0x202b, wParam=0x702c2, lParam=0xefd760) returned 0x0
[0122.107] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0122.107] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0122.107] GetSystemMetrics (nIndex=42) returned 0
[0122.107] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefdec0, nMaxCount=9 | out: lpString="01:59:47") returned 8
[0122.107] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefdec0) returned 0x8
[0122.107] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0122.107] AdjustWindowRectEx (in: lpRect=0xefdef0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdef0) returned 1
[0122.107] DrawTextExW (in: hdc=0xffffffff8c0107c3, lpchText="01:59:47", cchText=8, lprc=0xefde58, format=0x102400, lpdtp=0x2dcf240 | out: lpchText="01:59:47", lprc=0xefde58) returned 37
[0122.108] InvalidateRect (hWnd=0x702c2, lpRect=0x0, bErase=1) returned 1
[0122.108] GetWindowTextLengthW (hWnd=0x502b4) returned 15
[0122.108] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xf
[0122.108] GetSystemMetrics (nIndex=42) returned 0
[0122.108] GetWindowTextW (in: hWnd=0x502b4, lpString=0xefde30, nMaxCount=16 | out: lpString="Worm Locker 2.0") returned 15
[0122.108] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xd, wParam=0x10, lParam=0xefde30) returned 0xf
[0122.108] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0122.109] IsWindowUnicode (hWnd=0x702c2) returned 1
[0122.109] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0122.109] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0122.109] DispatchMessageW (lpMsg=0xefe7e0) returned 0x0
[0122.110] BeginPaint (in: hWnd=0x702c2, lpPaint=0xefde38 | out: lpPaint=0xefde38) returned 0x10105d6
[0122.110] SelectPalette (hdc=0x10105d6, hPal=0x220807ed, bForceBkgd=1) returned 0x88000b
[0122.111] CreateCompatibleDC (hdc=0x10105d6) returned 0x140107e9
[0122.111] SelectObject (hdc=0x140107e9, h=0x28050778) returned 0x85000f
[0122.111] GdipCreateFromHDC (hdc=0x140107e9, graphics=0xefddb8) returned 0x0
[0122.112] GdipTranslateWorldTransform (graphics=0x1c8f8e10, dx=0x7ffcca17ec22, dy=0xca117896fb4, order=0x0) returned 0x0
[0122.112] GdipSetClipRectI (graphics=0x1c8f8e10, x=0, y=0, width=145, height=37, combineMode=0x0) returned 0x0
[0122.112] GdipCreateMatrix (matrix=0xefdde0) returned 0x0
[0122.112] GdipGetWorldTransform (graphics=0x1c8f8e10, matrix=0x1c8f91e0) returned 0x0
[0122.112] GdipIsMatrixIdentity (matrix=0x1c8f91e0, result=0xefde48) returned 0x0
[0122.112] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db48cb0
[0122.112] GdipGetMatrixElements (matrix=0x1c8f91e0, matrixOut=0x1db48cb0) returned 0x0
[0122.112] LocalFree (hMem=0x1db48cb0) returned 0x0
[0122.112] GdipDeleteMatrix (matrix=0x1c8f91e0) returned 0x0
[0122.113] GdipCreateRegion (region=0xefdde0) returned 0x0
[0122.113] GdipGetClip (graphics=0x1c8f8e10, region=0x1c8f8a50) returned 0x0
[0122.113] GdipIsInfiniteRegion (region=0x1c8f8a50, graphics=0x1c8f8e10, result=0xefde40) returned 0x0
[0122.113] GdipSaveGraphics (graphics=0x1c8f8e10, state=0xefdee0) returned 0x0
[0122.113] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0122.113] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0122.113] GetSystemMetrics (nIndex=42) returned 0
[0122.113] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefdcc0, nMaxCount=9 | out: lpString="01:59:47") returned 8
[0122.113] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefdcc0) returned 0x8
[0122.113] GetClientRect (in: hWnd=0x702c2, lpRect=0xefde78 | out: lpRect=0xefde78) returned 1
[0122.113] GdipCreateRegion (region=0xefda50) returned 0x0
[0122.113] GdipGetClip (graphics=0x1c8f8e10, region=0x1c8f8b10) returned 0x0
[0122.113] GdipCreateMatrix (matrix=0xefda50) returned 0x0
[0122.113] GdipGetWorldTransform (graphics=0x1c8f8e10, matrix=0x1c8f9220) returned 0x0
[0122.113] GdipIsMatrixIdentity (matrix=0x1c8f9220, result=0xefdab8) returned 0x0
[0122.113] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db49570
[0122.113] GdipGetMatrixElements (matrix=0x1c8f9220, matrixOut=0x1db49570) returned 0x0
[0122.113] LocalFree (hMem=0x1db49570) returned 0x0
[0122.114] GdipCombineRegionRegion (region=0x1c8f8b10, region2=0x1c8f8a50, combineMode=0x1) returned 0x0
[0122.114] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db489b0
[0122.114] GdipGetMatrixElements (matrix=0x1c8f9220, matrixOut=0x1db489b0) returned 0x0
[0122.114] LocalFree (hMem=0x1db489b0) returned 0x0
[0122.114] GdipDeleteMatrix (matrix=0x1c8f9220) returned 0x0
[0122.114] GdipIsInfiniteRegion (region=0x1c8f8b10, graphics=0x1c8f8e10, result=0xefdb20) returned 0x0
[0122.114] GdipIsInfiniteRegion (region=0x1c8f8b10, graphics=0x1c8f8e10, result=0xefdae0) returned 0x0
[0122.114] GdipGetRegionHRgn (region=0x1c8f8b10, graphics=0x1c8f8e10, hRgn=0xefdae0) returned 0x0
[0122.114] GdipDeleteRegion (region=0x1c8f8b10) returned 0x0
[0122.114] GdipGetDC (graphics=0x1c8f8e10, hdc=0xefdb28) returned 0x0
[0122.114] GetCurrentObject (hdc=0x140107e9, type=0x1) returned 0xb00017
[0122.114] GetCurrentObject (hdc=0x140107e9, type=0x2) returned 0x900010
[0122.114] GetCurrentObject (hdc=0x140107e9, type=0x7) returned 0x28050778
[0122.114] GetCurrentObject (hdc=0x140107e9, type=0x6) returned 0x8a01c2
[0122.114] SaveDC (hdc=0x140107e9) returned 1
[0122.114] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5604064d
[0122.114] GetClipRgn (hdc=0x140107e9, hrgn=0x5604064d) returned 0
[0122.115] SelectClipRgn (hdc=0x140107e9, hrgn=0x2a04079d) returned 2
[0122.115] DeleteObject (ho=0x5604064d) returned 1
[0122.115] DeleteObject (ho=0x2a04079d) returned 1
[0122.115] OffsetViewportOrgEx (in: hdc=0x140107e9, x=0, y=0, lppt=0x2dcf958 | out: lppt=0x2dcf958) returned 1
[0122.115] GetNearestColor (hdc=0x140107e9, color=0x0) returned 0x0
[0122.115] CreateSolidBrush (color=0x0) returned 0x1c100774
[0122.115] FillRect (hDC=0x140107e9, lprc=0xefdb60, hbr=0x1c100774) returned 1
[0122.116] DeleteObject (ho=0x1c100774) returned 1
[0122.116] RestoreDC (hdc=0x140107e9, nSavedDC=-1) returned 1
[0122.123] GdipReleaseDC (graphics=0x1c8f8e10, hdc=0x140107e9) returned 0x0
[0122.123] GdipRestoreGraphics (graphics=0x1c8f8e10, state=0xfffffffffdb00dbd) returned 0x0
[0122.123] GdipDeleteRegion (region=0x1c8f8a50) returned 0x0
[0122.123] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0122.123] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0122.123] GetSystemMetrics (nIndex=42) returned 0
[0122.123] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefdcc0, nMaxCount=9 | out: lpString="01:59:47") returned 8
[0122.123] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefdcc0) returned 0x8
[0122.123] GdipGetDC (graphics=0x1c8f8e10, hdc=0xefdcc8) returned 0x0
[0122.123] GetCurrentObject (hdc=0x140107e9, type=0x1) returned 0xb00017
[0122.123] GetCurrentObject (hdc=0x140107e9, type=0x2) returned 0x900010
[0122.123] GetCurrentObject (hdc=0x140107e9, type=0x7) returned 0x28050778
[0122.123] GetCurrentObject (hdc=0x140107e9, type=0x6) returned 0x8a01c2
[0122.125] SaveDC (hdc=0x140107e9) returned 1
[0122.125] GetNearestColor (hdc=0x140107e9, color=0xffffff) returned 0xffffff
[0122.126] RestoreDC (hdc=0x140107e9, nSavedDC=-1) returned 1
[0122.126] GdipReleaseDC (graphics=0x1c8f8e10, hdc=0x140107e9) returned 0x0
[0122.126] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0122.126] AdjustWindowRectEx (in: lpRect=0xefdb80, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefdb80) returned 1
[0122.126] GdipGetTextRenderingHint (graphics=0x1c8f8e10, mode=0xefdbd8) returned 0x0
[0122.126] GdipGetDC (graphics=0x1c8f8e10, hdc=0xefdbb8) returned 0x0
[0122.126] GetCurrentObject (hdc=0x140107e9, type=0x1) returned 0xb00017
[0122.126] GetCurrentObject (hdc=0x140107e9, type=0x2) returned 0x900010
[0122.126] GetCurrentObject (hdc=0x140107e9, type=0x7) returned 0x28050778
[0122.127] GetCurrentObject (hdc=0x140107e9, type=0x6) returned 0x8a01c2
[0122.127] SaveDC (hdc=0x140107e9) returned 1
[0122.127] GetTextAlign (hdc=0x140107e9) returned 0x0
[0122.127] GetTextColor (hdc=0x140107e9) returned 0x0
[0122.127] SetTextColor (hdc=0x140107e9, color=0xffffff) returned 0x0
[0122.127] GetCurrentObject (hdc=0x140107e9, type=0x6) returned 0x8a01c2
[0122.127] GetObjectW (in: h=0x8a01c2, c=92, pv=0xefd6c0 | out: pv=0xefd6c0) returned 92
[0122.127] SelectObject (hdc=0x140107e9, h=0x480a077f) returned 0x8a01c2
[0122.127] GetBkMode (hdc=0x140107e9) returned 2
[0122.127] SetBkMode (hdc=0x140107e9, mode=1) returned 2
[0122.127] DrawTextExW (in: hdc=0x140107e9, lpchText="01:59:47", cchText=8, lprc=0xefdb48, format=0x100000, lpdtp=0x2dd02f0 | out: lpchText="01:59:47", lprc=0xefdb48) returned 37
[0122.128] RestoreDC (hdc=0x140107e9, nSavedDC=-1) returned 1
[0122.128] GdipReleaseDC (graphics=0x1c8f8e10, hdc=0x140107e9) returned 0x0
[0122.128] GdipGetDC (graphics=0x1c8f8e10, hdc=0xefddf8) returned 0x0
[0122.128] BitBlt (hdc=0x10105d6, x=0, y=0, cx=145, cy=37, hdcSrc=0x140107e9, x1=0, y1=0, rop=0xcc0020) returned 1
[0122.129] GdipReleaseDC (graphics=0x1c8f8e10, hdc=0x140107e9) returned 0x0
[0122.129] SelectPalette (hdc=0x10105d6, hPal=0x88000b, bForceBkgd=0) returned 0x220807ed
[0122.129] SelectObject (hdc=0x140107e9, h=0x85000f) returned 0x28050778
[0122.129] DeleteDC (hdc=0x140107e9) returned 1
[0122.129] GdipDeleteGraphics (graphics=0x1c8f8e10) returned 0x0
[0122.129] EndPaint (hWnd=0x702c2, lpPaint=0xefddd8) returned 1
[0122.129] PeekMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xefe7e0) returned 1
[0122.129] IsWindowUnicode (hWnd=0x1502b8) returned 1
[0122.129] GetMessageW (in: lpMsg=0xefe7e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xefe7e0) returned 1
[0122.129] TranslateMessage (lpMsg=0xefe7e0) returned 0
[0122.129] DispatchMessageW (lpMsg=0xefe7e0)
[0122.274] GetWindowThreadProcessId (in: hWnd=0x1502b8, lpdwProcessId=0xefe120 | out: lpdwProcessId=0xefe120) returned 0x4b0
[0122.274] GetCurrentThreadId () returned 0x4b0
[0122.274] IsWindow (hWnd=0x1502b8) returned 1
[0122.274] KillTimer (hWnd=0x1502b8, uIDEvent=0x5) returned 1
[0122.274] DestroyWindow (hWnd=0x1502b8) returned 1
[0122.275] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1502b8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0122.275] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1502b8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0122.275] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1502b8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0122.281] LocalAlloc (uFlags=0x0, uBytes=0x12) returned 0x1db45050
[0122.281] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x1db44cb0
[0122.283] ShellExecuteExW (in: pExecInfo=0x2dd07d8*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="shutdown", lpParameters="/r /t 0", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2dd07d8*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="shutdown", lpParameters="/r /t 0", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x5d0)) returned 1
[0122.418] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xefd980 | out: lpdwProcessId=0xefd980) returned 0x4b0
[0122.418] GetCurrentThreadId () returned 0x4b0
[0122.418] IsWindow (hWnd=0x102da) returned 1
[0122.418] KillTimer (hWnd=0x102da, uIDEvent=0x7) returned 1
[0122.418] DestroyWindow (hWnd=0x102da) returned 1
[0122.418] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x102da, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0122.418] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x102da, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0122.419] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x102da, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0122.421] LocalAlloc (uFlags=0x0, uBytes=0x4a) returned 0x1db3ca50
[0122.421] ShellExecuteExW (in: pExecInfo=0x2dd0cc0*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Windows\\System32\\ransom_voice.vbs", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2dd0cc0*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Windows\\System32\\ransom_voice.vbs", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x4c0)) returned 1
[0122.555] GetWindowThreadProcessId (in: hWnd=0xa02c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0122.555] GetCurrentThreadId () returned 0x4b0
[0122.555] IsWindow (hWnd=0xa02c8) returned 1
[0122.555] KillTimer (hWnd=0xa02c8, uIDEvent=0xe) returned 1
[0122.555] DestroyWindow (hWnd=0xa02c8) returned 1
[0122.555] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xa02c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0122.555] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xa02c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0122.556] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xa02c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0122.557] CoTaskMemAlloc (cb=0x20c) returned 0x1084f90
[0122.557] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1084f90 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0122.557] CoTaskMemFree (pv=0x1084f90)
[0122.558] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0122.558] CoTaskMemAlloc (cb=0x280) returned 0x1db74070
[0122.558] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db74070, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0122.558] CoTaskMemFree (pv=0x1db74070)
[0122.558] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0122.558] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0122.558] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0122.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0122.558] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0122.558] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0122.558] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0122.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0122.559] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0122.559] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0xb02c8
[0122.559] SetWindowLongPtrW (hWnd=0xb02c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0122.559] GetWindowLongPtrW (hWnd=0xb02c8, nIndex=-4) returned 0x7ffcea425090
[0122.560] SetWindowLongPtrW (hWnd=0xb02c8, nIndex=-4, dwNewLong=0x1b7d3c6c) returned 0x7ffcea425090
[0122.560] GetWindowLongPtrW (hWnd=0xb02c8, nIndex=-4) returned 0x1b7d3c6c
[0122.560] GetWindowLongPtrW (hWnd=0xb02c8, nIndex=-16) returned 0x4c00000
[0122.560] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xb02c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0122.560] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xb02c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0122.561] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xb02c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0122.561] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xb02c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0122.561] SetTimer (hWnd=0xb02c8, nIDEvent=0xf, uElapse=0x64, lpTimerFunc=0x0) returned 0xf
[0122.562] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0122.562] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0122.562] GetSystemMetrics (nIndex=42) returned 0
[0122.562] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefd0d0, nMaxCount=9 | out: lpString="01:59:47") returned 8
[0122.562] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefd0d0) returned 0x8
[0122.562] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0122.562] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0122.562] GetSystemMetrics (nIndex=42) returned 0
[0122.562] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefd070, nMaxCount=9 | out: lpString="01:59:47") returned 8
[0122.562] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefd070) returned 0x8
[0122.562] SetWindowTextW (hWnd=0x702c2, lpString="01:59:46") returned 1
[0122.562] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xc, wParam=0x0, lParam=0x2dd1ddc) returned 0x1
[0122.562] GetStockObject (i=5) returned 0x900015
[0122.562] GetDlgItem (hDlg=0x502b4, nIDDlgItem=459458) returned 0x702c2
[0122.562] SendMessageW (hWnd=0x702c2, Msg=0x202b, wParam=0x702c2, lParam=0xefc7d0) returned 0x0
[0122.562] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0x202b, wParam=0x702c2, lParam=0xefc7d0) returned 0x0
[0122.563] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0122.563] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0122.563] GetSystemMetrics (nIndex=42) returned 0
[0122.563] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefcf30, nMaxCount=9 | out: lpString="01:59:46") returned 8
[0122.563] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefcf30) returned 0x8
[0122.563] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0122.563] AdjustWindowRectEx (in: lpRect=0xefcf60, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefcf60) returned 1
[0122.563] DrawTextExW (in: hdc=0xffffffff8c0107c3, lpchText="01:59:46", cchText=8, lprc=0xefcec8, format=0x102400, lpdtp=0x2dd20d0 | out: lpchText="01:59:46", lprc=0xefcec8) returned 37
[0122.563] InvalidateRect (hWnd=0x702c2, lpRect=0x0, bErase=1) returned 1
[0122.563] GetWindowTextLengthW (hWnd=0x502b4) returned 15
[0122.564] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xf
[0122.564] GetSystemMetrics (nIndex=42) returned 0
[0122.564] GetWindowTextW (in: hWnd=0x502b4, lpString=0xefcea0, nMaxCount=16 | out: lpString="Worm Locker 2.0") returned 15
[0122.564] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xd, wParam=0x10, lParam=0xefcea0) returned 0xf
[0122.564] BeginPaint (in: hWnd=0x702c2, lpPaint=0xefcea8 | out: lpPaint=0xefcea8) returned 0x10105d6
[0122.564] SelectPalette (hdc=0x10105d6, hPal=0x220807ed, bForceBkgd=1) returned 0x88000b
[0122.564] CreateCompatibleDC (hdc=0x10105d6) returned 0x7501079b
[0122.564] SelectObject (hdc=0x7501079b, h=0x28050778) returned 0x85000f
[0122.564] GdipCreateFromHDC (hdc=0x7501079b, graphics=0xefce28) returned 0x0
[0122.564] GdipTranslateWorldTransform (graphics=0x1c8f8a50, dx=0x7ffcca17ec22, dy=0xca117896fb4, order=0x0) returned 0x0
[0122.564] GdipSetClipRectI (graphics=0x1c8f8a50, x=0, y=0, width=145, height=37, combineMode=0x0) returned 0x0
[0122.564] GdipCreateMatrix (matrix=0xefce50) returned 0x0
[0122.564] GdipGetWorldTransform (graphics=0x1c8f8a50, matrix=0x1c8f9260) returned 0x0
[0122.565] GdipIsMatrixIdentity (matrix=0x1c8f9260, result=0xefceb8) returned 0x0
[0122.565] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db492f0
[0122.565] GdipGetMatrixElements (matrix=0x1c8f9260, matrixOut=0x1db492f0) returned 0x0
[0122.565] LocalFree (hMem=0x1db492f0) returned 0x0
[0122.565] GdipDeleteMatrix (matrix=0x1c8f9260) returned 0x0
[0122.565] GdipCreateRegion (region=0xefce50) returned 0x0
[0122.565] GdipGetClip (graphics=0x1c8f8a50, region=0x1c8f8e20) returned 0x0
[0122.565] GdipIsInfiniteRegion (region=0x1c8f8e20, graphics=0x1c8f8a50, result=0xefceb0) returned 0x0
[0122.565] GdipSaveGraphics (graphics=0x1c8f8a50, state=0xefcf50) returned 0x0
[0122.565] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0122.565] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0122.565] GetSystemMetrics (nIndex=42) returned 0
[0122.565] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefcd30, nMaxCount=9 | out: lpString="01:59:46") returned 8
[0122.565] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefcd30) returned 0x8
[0122.565] GetClientRect (in: hWnd=0x702c2, lpRect=0xefcee8 | out: lpRect=0xefcee8) returned 1
[0122.565] GdipCreateRegion (region=0xefcac0) returned 0x0
[0122.565] GdipGetClip (graphics=0x1c8f8a50, region=0x1c90a8d0) returned 0x0
[0122.565] GdipCreateMatrix (matrix=0xefcac0) returned 0x0
[0122.565] GdipGetWorldTransform (graphics=0x1c8f8a50, matrix=0x1c8f91f0) returned 0x0
[0122.565] GdipIsMatrixIdentity (matrix=0x1c8f91f0, result=0xefcb28) returned 0x0
[0122.565] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db492f0
[0122.565] GdipGetMatrixElements (matrix=0x1c8f91f0, matrixOut=0x1db492f0) returned 0x0
[0122.566] LocalFree (hMem=0x1db492f0) returned 0x0
[0122.566] GdipCombineRegionRegion (region=0x1c90a8d0, region2=0x1c8f8e20, combineMode=0x1) returned 0x0
[0122.566] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db492f0
[0122.566] GdipGetMatrixElements (matrix=0x1c8f91f0, matrixOut=0x1db492f0) returned 0x0
[0122.566] LocalFree (hMem=0x1db492f0) returned 0x0
[0122.566] GdipDeleteMatrix (matrix=0x1c8f91f0) returned 0x0
[0122.566] GdipIsInfiniteRegion (region=0x1c90a8d0, graphics=0x1c8f8a50, result=0xefcb90) returned 0x0
[0122.566] GdipIsInfiniteRegion (region=0x1c90a8d0, graphics=0x1c8f8a50, result=0xefcb50) returned 0x0
[0122.566] GdipGetRegionHRgn (region=0x1c90a8d0, graphics=0x1c8f8a50, hRgn=0xefcb50) returned 0x0
[0122.566] GdipDeleteRegion (region=0x1c90a8d0) returned 0x0
[0122.566] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefcb98) returned 0x0
[0122.566] GetCurrentObject (hdc=0x7501079b, type=0x1) returned 0xb00017
[0122.566] GetCurrentObject (hdc=0x7501079b, type=0x2) returned 0x900010
[0122.566] GetCurrentObject (hdc=0x7501079b, type=0x7) returned 0x28050778
[0122.566] GetCurrentObject (hdc=0x7501079b, type=0x6) returned 0x8a01c2
[0122.566] SaveDC (hdc=0x7501079b) returned 1
[0122.566] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2b04079d
[0122.566] GetClipRgn (hdc=0x7501079b, hrgn=0x2b04079d) returned 0
[0122.566] SelectClipRgn (hdc=0x7501079b, hrgn=0x5904064d) returned 2
[0122.566] DeleteObject (ho=0x2b04079d) returned 1
[0122.567] DeleteObject (ho=0x5904064d) returned 1
[0122.567] OffsetViewportOrgEx (in: hdc=0x7501079b, x=0, y=0, lppt=0x2dd27e8 | out: lppt=0x2dd27e8) returned 1
[0122.567] GetNearestColor (hdc=0x7501079b, color=0x0) returned 0x0
[0122.567] CreateSolidBrush (color=0x0) returned 0x1d100774
[0122.567] FillRect (hDC=0x7501079b, lprc=0xefcbd0, hbr=0x1d100774) returned 1
[0122.567] DeleteObject (ho=0x1d100774) returned 1
[0122.567] RestoreDC (hdc=0x7501079b, nSavedDC=-1) returned 1
[0122.567] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x7501079b) returned 0x0
[0122.567] GdipRestoreGraphics (graphics=0x1c8f8a50, state=0xfffffffffdae0dbd) returned 0x0
[0122.567] GdipDeleteRegion (region=0x1c8f8e20) returned 0x0
[0122.567] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0122.567] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0122.567] GetSystemMetrics (nIndex=42) returned 0
[0122.567] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefcd30, nMaxCount=9 | out: lpString="01:59:46") returned 8
[0122.567] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefcd30) returned 0x8
[0122.567] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefcd38) returned 0x0
[0122.567] GetCurrentObject (hdc=0x7501079b, type=0x1) returned 0xb00017
[0122.567] GetCurrentObject (hdc=0x7501079b, type=0x2) returned 0x900010
[0122.567] GetCurrentObject (hdc=0x7501079b, type=0x7) returned 0x28050778
[0122.567] GetCurrentObject (hdc=0x7501079b, type=0x6) returned 0x8a01c2
[0122.567] SaveDC (hdc=0x7501079b) returned 1
[0122.568] GetNearestColor (hdc=0x7501079b, color=0xffffff) returned 0xffffff
[0122.568] RestoreDC (hdc=0x7501079b, nSavedDC=-1) returned 1
[0122.568] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x7501079b) returned 0x0
[0122.568] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0122.568] AdjustWindowRectEx (in: lpRect=0xefcbf0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefcbf0) returned 1
[0122.568] GdipGetTextRenderingHint (graphics=0x1c8f8a50, mode=0xefcc48) returned 0x0
[0122.568] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefcc28) returned 0x0
[0122.568] GetCurrentObject (hdc=0x7501079b, type=0x1) returned 0xb00017
[0122.568] GetCurrentObject (hdc=0x7501079b, type=0x2) returned 0x900010
[0122.568] GetCurrentObject (hdc=0x7501079b, type=0x7) returned 0x28050778
[0122.568] GetCurrentObject (hdc=0x7501079b, type=0x6) returned 0x8a01c2
[0122.568] SaveDC (hdc=0x7501079b) returned 1
[0122.568] GetTextAlign (hdc=0x7501079b) returned 0x0
[0122.569] GetTextColor (hdc=0x7501079b) returned 0x0
[0122.569] SetTextColor (hdc=0x7501079b, color=0xffffff) returned 0x0
[0122.569] GetCurrentObject (hdc=0x7501079b, type=0x6) returned 0x8a01c2
[0122.569] GetObjectW (in: h=0x8a01c2, c=92, pv=0xefc730 | out: pv=0xefc730) returned 92
[0122.569] SelectObject (hdc=0x7501079b, h=0x480a077f) returned 0x8a01c2
[0122.569] GetBkMode (hdc=0x7501079b) returned 2
[0122.569] SetBkMode (hdc=0x7501079b, mode=1) returned 2
[0122.569] DrawTextExW (in: hdc=0x7501079b, lpchText="01:59:46", cchText=8, lprc=0xefcbb8, format=0x100000, lpdtp=0x2dd3180 | out: lpchText="01:59:46", lprc=0xefcbb8) returned 37
[0122.571] RestoreDC (hdc=0x7501079b, nSavedDC=-1) returned 1
[0122.571] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x7501079b) returned 0x0
[0122.571] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefce68) returned 0x0
[0122.571] BitBlt (hdc=0x10105d6, x=0, y=0, cx=145, cy=37, hdcSrc=0x7501079b, x1=0, y1=0, rop=0xcc0020) returned 1
[0122.571] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x7501079b) returned 0x0
[0122.571] SelectPalette (hdc=0x10105d6, hPal=0x88000b, bForceBkgd=0) returned 0x220807ed
[0122.571] SelectObject (hdc=0x7501079b, h=0x85000f) returned 0x28050778
[0122.572] DeleteDC (hdc=0x7501079b) returned 1
[0122.572] GdipDeleteGraphics (graphics=0x1c8f8a50) returned 0x0
[0122.572] EndPaint (hWnd=0x702c2, lpPaint=0xefce48) returned 1
[0122.670] GetWindowThreadProcessId (in: hWnd=0xb02c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0122.670] GetCurrentThreadId () returned 0x4b0
[0122.670] IsWindow (hWnd=0xb02c8) returned 1
[0122.670] KillTimer (hWnd=0xb02c8, uIDEvent=0xf) returned 1
[0122.670] DestroyWindow (hWnd=0xb02c8) returned 1
[0122.670] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xb02c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0122.670] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xb02c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0122.671] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xb02c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0122.674] CoTaskMemAlloc (cb=0x20c) returned 0x10840b0
[0122.674] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10840b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0122.674] CoTaskMemFree (pv=0x10840b0)
[0122.674] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0122.674] CoTaskMemAlloc (cb=0x280) returned 0x1db726d0
[0122.674] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db726d0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0122.674] CoTaskMemFree (pv=0x1db726d0)
[0122.674] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0122.675] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0122.675] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0122.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0122.675] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0122.675] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0122.675] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0122.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0122.676] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0122.676] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0xc02c8
[0122.676] SetWindowLongPtrW (hWnd=0xc02c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0122.677] GetWindowLongPtrW (hWnd=0xc02c8, nIndex=-4) returned 0x7ffcea425090
[0122.677] SetWindowLongPtrW (hWnd=0xc02c8, nIndex=-4, dwNewLong=0x1b7d3f3c) returned 0x7ffcea425090
[0122.677] GetWindowLongPtrW (hWnd=0xc02c8, nIndex=-4) returned 0x1b7d3f3c
[0122.677] GetWindowLongPtrW (hWnd=0xc02c8, nIndex=-16) returned 0x4c00000
[0122.678] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xc02c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0122.678] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xc02c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0122.679] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xc02c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0122.682] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xc02c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0122.682] SetTimer (hWnd=0xc02c8, nIDEvent=0x10, uElapse=0x64, lpTimerFunc=0x0) returned 0x10
[0122.793] GetWindowThreadProcessId (in: hWnd=0xc02c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0122.793] GetCurrentThreadId () returned 0x4b0
[0122.793] IsWindow (hWnd=0xc02c8) returned 1
[0122.793] KillTimer (hWnd=0xc02c8, uIDEvent=0x10) returned 1
[0122.793] DestroyWindow (hWnd=0xc02c8) returned 1
[0122.793] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xc02c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0122.793] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xc02c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0122.794] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xc02c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0122.796] CoTaskMemAlloc (cb=0x20c) returned 0x1085c50
[0122.796] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1085c50 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0122.796] CoTaskMemFree (pv=0x1085c50)
[0122.796] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0122.796] CoTaskMemAlloc (cb=0x280) returned 0x1db72960
[0122.796] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72960, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0122.796] CoTaskMemFree (pv=0x1db72960)
[0122.796] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0122.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0122.796] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0122.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0122.796] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0122.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0122.796] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0122.797] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0122.797] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0122.797] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0xd02c8
[0122.797] SetWindowLongPtrW (hWnd=0xd02c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0122.797] GetWindowLongPtrW (hWnd=0xd02c8, nIndex=-4) returned 0x7ffcea425090
[0122.798] SetWindowLongPtrW (hWnd=0xd02c8, nIndex=-4, dwNewLong=0x1b7d420c) returned 0x7ffcea425090
[0122.798] GetWindowLongPtrW (hWnd=0xd02c8, nIndex=-4) returned 0x1b7d420c
[0122.798] GetWindowLongPtrW (hWnd=0xd02c8, nIndex=-16) returned 0x4c00000
[0122.798] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xd02c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0122.798] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xd02c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0122.799] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xd02c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0122.799] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xd02c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0122.799] SetTimer (hWnd=0xd02c8, nIDEvent=0x11, uElapse=0x64, lpTimerFunc=0x0) returned 0x11
[0122.898] GetWindowThreadProcessId (in: hWnd=0xd02c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0122.898] GetCurrentThreadId () returned 0x4b0
[0122.898] IsWindow (hWnd=0xd02c8) returned 1
[0122.898] KillTimer (hWnd=0xd02c8, uIDEvent=0x11) returned 1
[0122.898] DestroyWindow (hWnd=0xd02c8) returned 1
[0122.898] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xd02c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0122.899] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xd02c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0122.899] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xd02c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0122.901] CoTaskMemAlloc (cb=0x20c) returned 0x1085c50
[0122.901] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1085c50 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0122.901] CoTaskMemFree (pv=0x1085c50)
[0122.901] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0122.901] CoTaskMemAlloc (cb=0x280) returned 0x1db738c0
[0122.901] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db738c0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0122.901] CoTaskMemFree (pv=0x1db738c0)
[0122.901] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0122.901] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0122.901] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0122.901] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0122.901] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0122.901] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0122.902] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0122.902] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0122.902] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0122.902] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0xe02c8
[0122.902] SetWindowLongPtrW (hWnd=0xe02c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0122.903] GetWindowLongPtrW (hWnd=0xe02c8, nIndex=-4) returned 0x7ffcea425090
[0122.903] SetWindowLongPtrW (hWnd=0xe02c8, nIndex=-4, dwNewLong=0x1b7d40cc) returned 0x7ffcea425090
[0122.903] GetWindowLongPtrW (hWnd=0xe02c8, nIndex=-4) returned 0x1b7d40cc
[0122.903] GetWindowLongPtrW (hWnd=0xe02c8, nIndex=-16) returned 0x4c00000
[0122.903] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xe02c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0122.903] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xe02c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0122.904] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xe02c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0122.904] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xe02c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0122.905] SetTimer (hWnd=0xe02c8, nIDEvent=0x12, uElapse=0x64, lpTimerFunc=0x0) returned 0x12
[0123.012] GetWindowThreadProcessId (in: hWnd=0xe02c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0123.012] GetCurrentThreadId () returned 0x4b0
[0123.012] IsWindow (hWnd=0xe02c8) returned 1
[0123.012] KillTimer (hWnd=0xe02c8, uIDEvent=0x12) returned 1
[0123.012] DestroyWindow (hWnd=0xe02c8) returned 1
[0123.012] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xe02c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0123.012] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xe02c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0123.013] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xe02c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0123.015] CoTaskMemAlloc (cb=0x20c) returned 0x10866f0
[0123.015] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10866f0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0123.015] CoTaskMemFree (pv=0x10866f0)
[0123.015] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0123.015] CoTaskMemAlloc (cb=0x280) returned 0x1db726d0
[0123.015] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db726d0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0123.015] CoTaskMemFree (pv=0x1db726d0)
[0123.015] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0123.015] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0123.015] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0123.015] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0123.015] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0123.015] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0123.015] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0123.015] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0123.016] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0123.016] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0xf02c8
[0123.016] SetWindowLongPtrW (hWnd=0xf02c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0123.016] GetWindowLongPtrW (hWnd=0xf02c8, nIndex=-4) returned 0x7ffcea425090
[0123.017] SetWindowLongPtrW (hWnd=0xf02c8, nIndex=-4, dwNewLong=0x1b7d3b2c) returned 0x7ffcea425090
[0123.017] GetWindowLongPtrW (hWnd=0xf02c8, nIndex=-4) returned 0x1b7d3b2c
[0123.017] GetWindowLongPtrW (hWnd=0xf02c8, nIndex=-16) returned 0x4c00000
[0123.017] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xf02c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0123.017] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xf02c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0123.018] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xf02c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0123.018] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xf02c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0123.018] SetTimer (hWnd=0xf02c8, nIDEvent=0x13, uElapse=0x64, lpTimerFunc=0x0) returned 0x13
[0123.125] GetWindowThreadProcessId (in: hWnd=0xf02c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0123.125] GetCurrentThreadId () returned 0x4b0
[0123.125] IsWindow (hWnd=0xf02c8) returned 1
[0123.125] KillTimer (hWnd=0xf02c8, uIDEvent=0x13) returned 1
[0123.125] DestroyWindow (hWnd=0xf02c8) returned 1
[0123.125] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xf02c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0123.125] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xf02c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0123.125] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0xf02c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0123.127] CoTaskMemAlloc (cb=0x20c) returned 0x10840b0
[0123.127] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10840b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0123.127] CoTaskMemFree (pv=0x10840b0)
[0123.127] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0123.127] CoTaskMemAlloc (cb=0x280) returned 0x1db72e80
[0123.127] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72e80, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0123.128] CoTaskMemFree (pv=0x1db72e80)
[0123.128] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0123.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0123.128] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0123.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0123.128] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0123.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0123.128] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0123.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0123.128] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0123.128] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x1002c8
[0123.129] SetWindowLongPtrW (hWnd=0x1002c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0123.129] GetWindowLongPtrW (hWnd=0x1002c8, nIndex=-4) returned 0x7ffcea425090
[0123.129] SetWindowLongPtrW (hWnd=0x1002c8, nIndex=-4, dwNewLong=0x1b7d3f8c) returned 0x7ffcea425090
[0123.129] GetWindowLongPtrW (hWnd=0x1002c8, nIndex=-4) returned 0x1b7d3f8c
[0123.129] GetWindowLongPtrW (hWnd=0x1002c8, nIndex=-16) returned 0x4c00000
[0123.130] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1002c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0123.130] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1002c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0123.130] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1002c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0123.131] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1002c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0123.131] SetTimer (hWnd=0x1002c8, nIDEvent=0x14, uElapse=0x64, lpTimerFunc=0x0) returned 0x14
[0123.231] GetWindowThreadProcessId (in: hWnd=0x1002c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0123.231] GetCurrentThreadId () returned 0x4b0
[0123.231] IsWindow (hWnd=0x1002c8) returned 1
[0123.231] KillTimer (hWnd=0x1002c8, uIDEvent=0x14) returned 1
[0123.231] DestroyWindow (hWnd=0x1002c8) returned 1
[0123.231] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1002c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0123.231] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1002c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0123.232] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1002c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0123.236] CoTaskMemAlloc (cb=0x20c) returned 0x1085c50
[0123.236] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1085c50 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0123.236] CoTaskMemFree (pv=0x1085c50)
[0123.236] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0123.236] CoTaskMemAlloc (cb=0x280) returned 0x1db72440
[0123.236] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72440, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0123.236] CoTaskMemFree (pv=0x1db72440)
[0123.236] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0123.236] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0123.236] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0123.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0123.236] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0123.237] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0123.237] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0123.237] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0123.237] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0123.237] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x1102c8
[0123.238] SetWindowLongPtrW (hWnd=0x1102c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0123.238] GetWindowLongPtrW (hWnd=0x1102c8, nIndex=-4) returned 0x7ffcea425090
[0123.238] SetWindowLongPtrW (hWnd=0x1102c8, nIndex=-4, dwNewLong=0x1b7d3d5c) returned 0x7ffcea425090
[0123.238] GetWindowLongPtrW (hWnd=0x1102c8, nIndex=-4) returned 0x1b7d3d5c
[0123.238] GetWindowLongPtrW (hWnd=0x1102c8, nIndex=-16) returned 0x4c00000
[0123.239] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1102c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0123.239] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1102c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0123.240] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1102c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0123.240] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1102c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0123.240] SetTimer (hWnd=0x1102c8, nIDEvent=0x15, uElapse=0x64, lpTimerFunc=0x0) returned 0x15
[0123.340] GetWindowThreadProcessId (in: hWnd=0x1102c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0123.340] GetCurrentThreadId () returned 0x4b0
[0123.340] IsWindow (hWnd=0x1102c8) returned 1
[0123.340] KillTimer (hWnd=0x1102c8, uIDEvent=0x15) returned 1
[0123.340] DestroyWindow (hWnd=0x1102c8) returned 1
[0123.340] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1102c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0123.340] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1102c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0123.340] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1102c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0123.342] CoTaskMemAlloc (cb=0x20c) returned 0x10866f0
[0123.342] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10866f0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0123.342] CoTaskMemFree (pv=0x10866f0)
[0123.342] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0123.343] CoTaskMemAlloc (cb=0x280) returned 0x1db72bf0
[0123.343] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72bf0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0123.343] CoTaskMemFree (pv=0x1db72bf0)
[0123.343] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0123.343] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0123.343] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0123.343] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0123.343] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0123.343] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0123.343] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0123.343] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0123.344] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0123.344] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x1202c8
[0123.344] SetWindowLongPtrW (hWnd=0x1202c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0123.344] GetWindowLongPtrW (hWnd=0x1202c8, nIndex=-4) returned 0x7ffcea425090
[0123.344] SetWindowLongPtrW (hWnd=0x1202c8, nIndex=-4, dwNewLong=0x1b7d3dfc) returned 0x7ffcea425090
[0123.345] GetWindowLongPtrW (hWnd=0x1202c8, nIndex=-4) returned 0x1b7d3dfc
[0123.345] GetWindowLongPtrW (hWnd=0x1202c8, nIndex=-16) returned 0x4c00000
[0123.345] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1202c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0123.345] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1202c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0123.346] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1202c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0123.346] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1202c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0123.346] SetTimer (hWnd=0x1202c8, nIDEvent=0x16, uElapse=0x64, lpTimerFunc=0x0) returned 0x16
[0123.445] GetWindowThreadProcessId (in: hWnd=0x1202c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0123.445] GetCurrentThreadId () returned 0x4b0
[0123.445] IsWindow (hWnd=0x1202c8) returned 1
[0123.445] KillTimer (hWnd=0x1202c8, uIDEvent=0x16) returned 1
[0123.445] DestroyWindow (hWnd=0x1202c8) returned 1
[0123.445] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1202c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0123.445] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1202c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0123.446] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1202c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0123.448] CoTaskMemAlloc (cb=0x20c) returned 0x1085c50
[0123.448] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1085c50 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0123.448] CoTaskMemFree (pv=0x1085c50)
[0123.448] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0123.448] CoTaskMemAlloc (cb=0x280) returned 0x1db73de0
[0123.448] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db73de0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0123.448] CoTaskMemFree (pv=0x1db73de0)
[0123.448] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0123.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0123.448] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0123.448] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0123.448] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0123.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0123.448] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0123.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0123.449] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0123.449] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x1302c8
[0123.450] SetWindowLongPtrW (hWnd=0x1302c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0123.450] GetWindowLongPtrW (hWnd=0x1302c8, nIndex=-4) returned 0x7ffcea425090
[0123.450] SetWindowLongPtrW (hWnd=0x1302c8, nIndex=-4, dwNewLong=0x1b7d402c) returned 0x7ffcea425090
[0123.450] GetWindowLongPtrW (hWnd=0x1302c8, nIndex=-4) returned 0x1b7d402c
[0123.450] GetWindowLongPtrW (hWnd=0x1302c8, nIndex=-16) returned 0x4c00000
[0123.451] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1302c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0123.451] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1302c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0123.451] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1302c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0123.452] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1302c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0123.452] SetTimer (hWnd=0x1302c8, nIDEvent=0x17, uElapse=0x64, lpTimerFunc=0x0) returned 0x17
[0123.556] GetWindowThreadProcessId (in: hWnd=0x1302c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0123.556] GetCurrentThreadId () returned 0x4b0
[0123.556] IsWindow (hWnd=0x1302c8) returned 1
[0123.556] KillTimer (hWnd=0x1302c8, uIDEvent=0x17) returned 1
[0123.557] DestroyWindow (hWnd=0x1302c8) returned 1
[0123.557] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1302c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0123.557] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1302c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0123.557] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1302c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0123.559] CoTaskMemAlloc (cb=0x20c) returned 0x10840b0
[0123.559] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10840b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0123.559] CoTaskMemFree (pv=0x10840b0)
[0123.559] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0123.559] CoTaskMemAlloc (cb=0x280) returned 0x1db73b50
[0123.559] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db73b50, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0123.560] CoTaskMemFree (pv=0x1db73b50)
[0123.560] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0123.560] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0123.560] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0123.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0123.560] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0123.560] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0123.560] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0123.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0123.561] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0123.561] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x1402c8
[0123.561] SetWindowLongPtrW (hWnd=0x1402c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0123.561] GetWindowLongPtrW (hWnd=0x1402c8, nIndex=-4) returned 0x7ffcea425090
[0123.561] SetWindowLongPtrW (hWnd=0x1402c8, nIndex=-4, dwNewLong=0x1b7d3dac) returned 0x7ffcea425090
[0123.561] GetWindowLongPtrW (hWnd=0x1402c8, nIndex=-4) returned 0x1b7d3dac
[0123.561] GetWindowLongPtrW (hWnd=0x1402c8, nIndex=-16) returned 0x4c00000
[0123.562] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1402c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0123.562] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1402c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0123.562] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1402c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0123.563] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1402c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0123.563] SetTimer (hWnd=0x1402c8, nIDEvent=0x18, uElapse=0x64, lpTimerFunc=0x0) returned 0x18
[0123.563] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0123.563] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0123.563] GetSystemMetrics (nIndex=42) returned 0
[0123.563] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefd0d0, nMaxCount=9 | out: lpString="01:59:46") returned 8
[0123.563] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefd0d0) returned 0x8
[0123.563] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0123.563] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0123.564] GetSystemMetrics (nIndex=42) returned 0
[0123.564] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefd070, nMaxCount=9 | out: lpString="01:59:46") returned 8
[0123.564] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefd070) returned 0x8
[0123.564] SetWindowTextW (hWnd=0x702c2, lpString="01:59:45") returned 1
[0123.564] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xc, wParam=0x0, lParam=0x2ddc4e4) returned 0x1
[0123.564] GetStockObject (i=5) returned 0x900015
[0123.564] GetDlgItem (hDlg=0x502b4, nIDDlgItem=459458) returned 0x702c2
[0123.564] SendMessageW (hWnd=0x702c2, Msg=0x202b, wParam=0x702c2, lParam=0xefc7d0) returned 0x0
[0123.564] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0x202b, wParam=0x702c2, lParam=0xefc7d0) returned 0x0
[0123.564] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0123.564] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0123.564] GetSystemMetrics (nIndex=42) returned 0
[0123.564] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefcf30, nMaxCount=9 | out: lpString="01:59:45") returned 8
[0123.564] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefcf30) returned 0x8
[0123.565] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0123.565] AdjustWindowRectEx (in: lpRect=0xefcf60, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefcf60) returned 1
[0123.565] DrawTextExW (in: hdc=0xffffffff8c0107c3, lpchText="01:59:45", cchText=8, lprc=0xefcec8, format=0x102400, lpdtp=0x2ddc7d8 | out: lpchText="01:59:45", lprc=0xefcec8) returned 37
[0123.565] InvalidateRect (hWnd=0x702c2, lpRect=0x0, bErase=1) returned 1
[0123.565] GetWindowTextLengthW (hWnd=0x502b4) returned 15
[0123.565] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xf
[0123.565] GetSystemMetrics (nIndex=42) returned 0
[0123.565] GetWindowTextW (in: hWnd=0x502b4, lpString=0xefcea0, nMaxCount=16 | out: lpString="Worm Locker 2.0") returned 15
[0123.565] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xd, wParam=0x10, lParam=0xefcea0) returned 0xf
[0123.565] BeginPaint (in: hWnd=0x702c2, lpPaint=0xefcea8 | out: lpPaint=0xefcea8) returned 0x10105d6
[0123.566] SelectPalette (hdc=0x10105d6, hPal=0x220807ed, bForceBkgd=1) returned 0x88000b
[0123.566] CreateCompatibleDC (hdc=0x10105d6) returned 0x510106da
[0123.566] SelectObject (hdc=0x510106da, h=0x28050778) returned 0x85000f
[0123.566] GdipCreateFromHDC (hdc=0x510106da, graphics=0xefce28) returned 0x0
[0123.566] GdipTranslateWorldTransform (graphics=0x1c8f8a50, dx=0x7ffcca17ec22, dy=0xca117896fb4, order=0x0) returned 0x0
[0123.566] GdipSetClipRectI (graphics=0x1c8f8a50, x=0, y=0, width=145, height=37, combineMode=0x0) returned 0x0
[0123.566] GdipCreateMatrix (matrix=0xefce50) returned 0x0
[0123.566] GdipGetWorldTransform (graphics=0x1c8f8a50, matrix=0x1c8f9230) returned 0x0
[0123.566] GdipIsMatrixIdentity (matrix=0x1c8f9230, result=0xefceb8) returned 0x0
[0123.566] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db7bab0
[0123.566] GdipGetMatrixElements (matrix=0x1c8f9230, matrixOut=0x1db7bab0) returned 0x0
[0123.566] LocalFree (hMem=0x1db7bab0) returned 0x0
[0123.566] GdipDeleteMatrix (matrix=0x1c8f9230) returned 0x0
[0123.566] GdipCreateRegion (region=0xefce50) returned 0x0
[0123.566] GdipGetClip (graphics=0x1c8f8a50, region=0x1c8f8e20) returned 0x0
[0123.566] GdipIsInfiniteRegion (region=0x1c8f8e20, graphics=0x1c8f8a50, result=0xefceb0) returned 0x0
[0123.566] GdipSaveGraphics (graphics=0x1c8f8a50, state=0xefcf50) returned 0x0
[0123.567] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0123.567] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0123.567] GetSystemMetrics (nIndex=42) returned 0
[0123.567] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefcd30, nMaxCount=9 | out: lpString="01:59:45") returned 8
[0123.567] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefcd30) returned 0x8
[0123.567] GetClientRect (in: hWnd=0x702c2, lpRect=0xefcee8 | out: lpRect=0xefcee8) returned 1
[0123.567] GdipCreateRegion (region=0xefcac0) returned 0x0
[0123.567] GdipGetClip (graphics=0x1c8f8a50, region=0x1c90a8d0) returned 0x0
[0123.567] GdipCreateMatrix (matrix=0xefcac0) returned 0x0
[0123.567] GdipGetWorldTransform (graphics=0x1c8f8a50, matrix=0x1c8f91f0) returned 0x0
[0123.567] GdipIsMatrixIdentity (matrix=0x1c8f91f0, result=0xefcb28) returned 0x0
[0123.567] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db7b6b0
[0123.567] GdipGetMatrixElements (matrix=0x1c8f91f0, matrixOut=0x1db7b6b0) returned 0x0
[0123.567] LocalFree (hMem=0x1db7b6b0) returned 0x0
[0123.567] GdipCombineRegionRegion (region=0x1c90a8d0, region2=0x1c8f8e20, combineMode=0x1) returned 0x0
[0123.567] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db7c0f0
[0123.567] GdipGetMatrixElements (matrix=0x1c8f91f0, matrixOut=0x1db7c0f0) returned 0x0
[0123.567] LocalFree (hMem=0x1db7c0f0) returned 0x0
[0123.567] GdipDeleteMatrix (matrix=0x1c8f91f0) returned 0x0
[0123.567] GdipIsInfiniteRegion (region=0x1c90a8d0, graphics=0x1c8f8a50, result=0xefcb90) returned 0x0
[0123.567] GdipIsInfiniteRegion (region=0x1c90a8d0, graphics=0x1c8f8a50, result=0xefcb50) returned 0x0
[0123.567] GdipGetRegionHRgn (region=0x1c90a8d0, graphics=0x1c8f8a50, hRgn=0xefcb50) returned 0x0
[0123.567] GdipDeleteRegion (region=0x1c90a8d0) returned 0x0
[0123.567] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefcb98) returned 0x0
[0123.568] GetCurrentObject (hdc=0x510106da, type=0x1) returned 0xb00017
[0123.568] GetCurrentObject (hdc=0x510106da, type=0x2) returned 0x900010
[0123.568] GetCurrentObject (hdc=0x510106da, type=0x7) returned 0x28050778
[0123.568] GetCurrentObject (hdc=0x510106da, type=0x6) returned 0x8a01c2
[0123.568] SaveDC (hdc=0x510106da) returned 1
[0123.568] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5a04064d
[0123.568] GetClipRgn (hdc=0x510106da, hrgn=0x5a04064d) returned 0
[0123.568] SelectClipRgn (hdc=0x510106da, hrgn=0x2e04079d) returned 2
[0123.568] DeleteObject (ho=0x5a04064d) returned 1
[0123.568] DeleteObject (ho=0x2e04079d) returned 1
[0123.568] OffsetViewportOrgEx (in: hdc=0x510106da, x=0, y=0, lppt=0x2ddcef0 | out: lppt=0x2ddcef0) returned 1
[0123.568] GetNearestColor (hdc=0x510106da, color=0x0) returned 0x0
[0123.568] CreateSolidBrush (color=0x0) returned 0x1e100774
[0123.568] FillRect (hDC=0x510106da, lprc=0xefcbd0, hbr=0x1e100774) returned 1
[0123.568] DeleteObject (ho=0x1e100774) returned 1
[0123.568] RestoreDC (hdc=0x510106da, nSavedDC=-1) returned 1
[0123.568] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x510106da) returned 0x0
[0123.568] GdipRestoreGraphics (graphics=0x1c8f8a50, state=0xfffffffffdac0dbd) returned 0x0
[0123.568] GdipDeleteRegion (region=0x1c8f8e20) returned 0x0
[0123.569] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0123.569] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0123.569] GetSystemMetrics (nIndex=42) returned 0
[0123.569] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefcd30, nMaxCount=9 | out: lpString="01:59:45") returned 8
[0123.569] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefcd30) returned 0x8
[0123.569] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefcd38) returned 0x0
[0123.569] GetCurrentObject (hdc=0x510106da, type=0x1) returned 0xb00017
[0123.569] GetCurrentObject (hdc=0x510106da, type=0x2) returned 0x900010
[0123.569] GetCurrentObject (hdc=0x510106da, type=0x7) returned 0x28050778
[0123.569] GetCurrentObject (hdc=0x510106da, type=0x6) returned 0x8a01c2
[0123.569] SaveDC (hdc=0x510106da) returned 1
[0123.569] GetNearestColor (hdc=0x510106da, color=0xffffff) returned 0xffffff
[0123.569] RestoreDC (hdc=0x510106da, nSavedDC=-1) returned 1
[0123.569] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x510106da) returned 0x0
[0123.569] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0123.574] AdjustWindowRectEx (in: lpRect=0xefcbf0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefcbf0) returned 1
[0123.574] GdipGetTextRenderingHint (graphics=0x1c8f8a50, mode=0xefcc48) returned 0x0
[0123.574] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefcc28) returned 0x0
[0123.574] GetCurrentObject (hdc=0x510106da, type=0x1) returned 0xb00017
[0123.574] GetCurrentObject (hdc=0x510106da, type=0x2) returned 0x900010
[0123.574] GetCurrentObject (hdc=0x510106da, type=0x7) returned 0x28050778
[0123.574] GetCurrentObject (hdc=0x510106da, type=0x6) returned 0x8a01c2
[0123.574] SaveDC (hdc=0x510106da) returned 1
[0123.574] GetTextAlign (hdc=0x510106da) returned 0x0
[0123.574] GetTextColor (hdc=0x510106da) returned 0x0
[0123.574] SetTextColor (hdc=0x510106da, color=0xffffff) returned 0x0
[0123.574] GetCurrentObject (hdc=0x510106da, type=0x6) returned 0x8a01c2
[0123.574] GetObjectW (in: h=0x8a01c2, c=92, pv=0xefc730 | out: pv=0xefc730) returned 92
[0123.574] SelectObject (hdc=0x510106da, h=0x480a077f) returned 0x8a01c2
[0123.574] GetBkMode (hdc=0x510106da) returned 2
[0123.574] SetBkMode (hdc=0x510106da, mode=1) returned 2
[0123.575] DrawTextExW (in: hdc=0x510106da, lpchText="01:59:45", cchText=8, lprc=0xefcbb8, format=0x100000, lpdtp=0x2ddd888 | out: lpchText="01:59:45", lprc=0xefcbb8) returned 37
[0123.575] RestoreDC (hdc=0x510106da, nSavedDC=-1) returned 1
[0123.575] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x510106da) returned 0x0
[0123.575] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefce68) returned 0x0
[0123.575] BitBlt (hdc=0x10105d6, x=0, y=0, cx=145, cy=37, hdcSrc=0x510106da, x1=0, y1=0, rop=0xcc0020) returned 1
[0123.575] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x510106da) returned 0x0
[0123.575] SelectPalette (hdc=0x10105d6, hPal=0x88000b, bForceBkgd=0) returned 0x220807ed
[0123.575] SelectObject (hdc=0x510106da, h=0x85000f) returned 0x28050778
[0123.575] DeleteDC (hdc=0x510106da) returned 1
[0123.575] GdipDeleteGraphics (graphics=0x1c8f8a50) returned 0x0
[0123.575] EndPaint (hWnd=0x702c2, lpPaint=0xefce48) returned 1
[0123.667] GetWindowThreadProcessId (in: hWnd=0x1402c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0123.667] GetCurrentThreadId () returned 0x4b0
[0123.667] IsWindow (hWnd=0x1402c8) returned 1
[0123.667] KillTimer (hWnd=0x1402c8, uIDEvent=0x18) returned 1
[0123.667] DestroyWindow (hWnd=0x1402c8) returned 1
[0123.667] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1402c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0123.667] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1402c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0123.668] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1402c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0123.670] CoTaskMemAlloc (cb=0x20c) returned 0x1084930
[0123.670] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1084930 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0123.670] CoTaskMemFree (pv=0x1084930)
[0123.670] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0123.670] CoTaskMemAlloc (cb=0x280) returned 0x1db733a0
[0123.670] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db733a0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0123.670] CoTaskMemFree (pv=0x1db733a0)
[0123.670] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0123.670] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0123.670] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0123.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0123.670] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0123.670] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0123.670] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0123.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0123.671] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0123.671] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x1502c8
[0123.671] SetWindowLongPtrW (hWnd=0x1502c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0123.671] GetWindowLongPtrW (hWnd=0x1502c8, nIndex=-4) returned 0x7ffcea425090
[0123.671] SetWindowLongPtrW (hWnd=0x1502c8, nIndex=-4, dwNewLong=0x1b7d3e4c) returned 0x7ffcea425090
[0123.672] GetWindowLongPtrW (hWnd=0x1502c8, nIndex=-4) returned 0x1b7d3e4c
[0123.672] GetWindowLongPtrW (hWnd=0x1502c8, nIndex=-16) returned 0x4c00000
[0123.672] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1502c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0123.672] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1502c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0123.673] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1502c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0123.673] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1502c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0123.673] SetTimer (hWnd=0x1502c8, nIDEvent=0x19, uElapse=0x64, lpTimerFunc=0x0) returned 0x19
[0123.773] GetWindowThreadProcessId (in: hWnd=0x1502c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0123.773] GetCurrentThreadId () returned 0x4b0
[0123.773] IsWindow (hWnd=0x1502c8) returned 1
[0123.773] KillTimer (hWnd=0x1502c8, uIDEvent=0x19) returned 1
[0123.774] DestroyWindow (hWnd=0x1502c8) returned 1
[0123.774] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1502c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0123.774] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1502c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0123.774] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1502c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0123.777] CoTaskMemAlloc (cb=0x20c) returned 0x10873b0
[0123.777] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10873b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0123.777] CoTaskMemFree (pv=0x10873b0)
[0123.777] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0123.777] CoTaskMemAlloc (cb=0x280) returned 0x1db72bf0
[0123.777] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72bf0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0123.777] CoTaskMemFree (pv=0x1db72bf0)
[0123.777] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0123.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0123.777] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0123.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0123.778] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0123.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0123.778] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0123.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0123.779] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0123.779] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x1602c8
[0123.779] SetWindowLongPtrW (hWnd=0x1602c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0123.779] GetWindowLongPtrW (hWnd=0x1602c8, nIndex=-4) returned 0x7ffcea425090
[0123.779] SetWindowLongPtrW (hWnd=0x1602c8, nIndex=-4, dwNewLong=0x1b7d3e9c) returned 0x7ffcea425090
[0123.780] GetWindowLongPtrW (hWnd=0x1602c8, nIndex=-4) returned 0x1b7d3e9c
[0123.780] GetWindowLongPtrW (hWnd=0x1602c8, nIndex=-16) returned 0x4c00000
[0123.780] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1602c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0123.780] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1602c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0123.781] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1602c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0123.781] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1602c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0123.782] SetTimer (hWnd=0x1602c8, nIDEvent=0x1a, uElapse=0x64, lpTimerFunc=0x0) returned 0x1a
[0123.889] GetWindowThreadProcessId (in: hWnd=0x1602c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0123.889] GetCurrentThreadId () returned 0x4b0
[0123.889] IsWindow (hWnd=0x1602c8) returned 1
[0123.889] KillTimer (hWnd=0x1602c8, uIDEvent=0x1a) returned 1
[0123.889] DestroyWindow (hWnd=0x1602c8) returned 1
[0123.889] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1602c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0123.890] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1602c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0123.891] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1602c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0123.896] CoTaskMemAlloc (cb=0x20c) returned 0x1085c50
[0123.896] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1085c50 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0123.896] CoTaskMemFree (pv=0x1085c50)
[0123.896] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0123.896] CoTaskMemAlloc (cb=0x280) returned 0x1db72bf0
[0123.896] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72bf0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0123.896] CoTaskMemFree (pv=0x1db72bf0)
[0123.896] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0123.896] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0123.896] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0123.897] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0123.897] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0123.897] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0123.897] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0123.897] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0123.897] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0123.897] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x1702c8
[0123.898] SetWindowLongPtrW (hWnd=0x1702c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0123.898] GetWindowLongPtrW (hWnd=0x1702c8, nIndex=-4) returned 0x7ffcea425090
[0123.898] SetWindowLongPtrW (hWnd=0x1702c8, nIndex=-4, dwNewLong=0x1b7d3fdc) returned 0x7ffcea425090
[0123.898] GetWindowLongPtrW (hWnd=0x1702c8, nIndex=-4) returned 0x1b7d3fdc
[0123.898] GetWindowLongPtrW (hWnd=0x1702c8, nIndex=-16) returned 0x4c00000
[0123.899] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1702c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0123.899] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1702c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0123.900] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1702c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0123.900] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1702c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0123.900] SetTimer (hWnd=0x1702c8, nIDEvent=0x1b, uElapse=0x64, lpTimerFunc=0x0) returned 0x1b
[0124.008] GetWindowThreadProcessId (in: hWnd=0x1702c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0124.008] GetCurrentThreadId () returned 0x4b0
[0124.008] IsWindow (hWnd=0x1702c8) returned 1
[0124.008] KillTimer (hWnd=0x1702c8, uIDEvent=0x1b) returned 1
[0124.008] DestroyWindow (hWnd=0x1702c8) returned 1
[0124.008] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1702c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0124.008] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1702c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0124.009] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1702c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0124.011] CoTaskMemAlloc (cb=0x20c) returned 0x10840b0
[0124.011] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10840b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0124.011] CoTaskMemFree (pv=0x10840b0)
[0124.011] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0124.011] CoTaskMemAlloc (cb=0x280) returned 0x1db72e80
[0124.011] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72e80, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0124.011] CoTaskMemFree (pv=0x1db72e80)
[0124.011] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0124.011] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0124.011] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0124.012] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0124.012] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0124.012] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0124.012] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0124.012] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0124.013] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0124.013] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x1802c8
[0124.013] SetWindowLongPtrW (hWnd=0x1802c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0124.013] GetWindowLongPtrW (hWnd=0x1802c8, nIndex=-4) returned 0x7ffcea425090
[0124.014] SetWindowLongPtrW (hWnd=0x1802c8, nIndex=-4, dwNewLong=0x1b7d411c) returned 0x7ffcea425090
[0124.014] GetWindowLongPtrW (hWnd=0x1802c8, nIndex=-4) returned 0x1b7d411c
[0124.014] GetWindowLongPtrW (hWnd=0x1802c8, nIndex=-16) returned 0x4c00000
[0124.014] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1802c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0124.015] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1802c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0124.015] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1802c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0124.015] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1802c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0124.016] SetTimer (hWnd=0x1802c8, nIDEvent=0x1c, uElapse=0x64, lpTimerFunc=0x0) returned 0x1c
[0124.222] GetWindowThreadProcessId (in: hWnd=0x1802c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0124.222] GetCurrentThreadId () returned 0x4b0
[0124.222] IsWindow (hWnd=0x1802c8) returned 1
[0124.222] KillTimer (hWnd=0x1802c8, uIDEvent=0x1c) returned 1
[0124.222] DestroyWindow (hWnd=0x1802c8) returned 1
[0124.223] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1802c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0124.223] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1802c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0124.223] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1802c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0124.226] CoTaskMemAlloc (cb=0x20c) returned 0x10866f0
[0124.226] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10866f0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0124.226] CoTaskMemFree (pv=0x10866f0)
[0124.226] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0124.226] CoTaskMemAlloc (cb=0x280) returned 0x1db72e80
[0124.226] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72e80, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0124.226] CoTaskMemFree (pv=0x1db72e80)
[0124.226] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0124.226] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0124.226] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0124.227] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0124.227] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0124.227] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0124.227] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0124.227] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0124.227] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0124.227] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x1902c8
[0124.228] SetWindowLongPtrW (hWnd=0x1902c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0124.228] GetWindowLongPtrW (hWnd=0x1902c8, nIndex=-4) returned 0x7ffcea425090
[0124.228] SetWindowLongPtrW (hWnd=0x1902c8, nIndex=-4, dwNewLong=0x1b7d416c) returned 0x7ffcea425090
[0124.228] GetWindowLongPtrW (hWnd=0x1902c8, nIndex=-4) returned 0x1b7d416c
[0124.228] GetWindowLongPtrW (hWnd=0x1902c8, nIndex=-16) returned 0x4c00000
[0124.229] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1902c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0124.229] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1902c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0124.230] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1902c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0124.230] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1902c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0124.231] SetTimer (hWnd=0x1902c8, nIDEvent=0x1d, uElapse=0x64, lpTimerFunc=0x0) returned 0x1d
[0124.336] GetWindowThreadProcessId (in: hWnd=0x1902c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0124.336] GetCurrentThreadId () returned 0x4b0
[0124.336] IsWindow (hWnd=0x1902c8) returned 1
[0124.336] KillTimer (hWnd=0x1902c8, uIDEvent=0x1d) returned 1
[0124.336] DestroyWindow (hWnd=0x1902c8) returned 1
[0124.336] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1902c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0124.336] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1902c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0124.337] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1902c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0124.339] CoTaskMemAlloc (cb=0x20c) returned 0x1085c50
[0124.339] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1085c50 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0124.339] CoTaskMemFree (pv=0x1085c50)
[0124.339] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0124.340] CoTaskMemAlloc (cb=0x280) returned 0x1db72960
[0124.340] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72960, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0124.340] CoTaskMemFree (pv=0x1db72960)
[0124.340] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0124.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0124.340] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0124.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0124.340] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0124.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0124.340] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0124.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0124.341] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0124.341] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x1a02c8
[0124.342] SetWindowLongPtrW (hWnd=0x1a02c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0124.342] GetWindowLongPtrW (hWnd=0x1a02c8, nIndex=-4) returned 0x7ffcea425090
[0124.342] SetWindowLongPtrW (hWnd=0x1a02c8, nIndex=-4, dwNewLong=0x1b7d41bc) returned 0x7ffcea425090
[0124.343] GetWindowLongPtrW (hWnd=0x1a02c8, nIndex=-4) returned 0x1b7d41bc
[0124.343] GetWindowLongPtrW (hWnd=0x1a02c8, nIndex=-16) returned 0x4c00000
[0124.343] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1a02c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0124.343] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1a02c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0124.344] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1a02c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0124.344] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1a02c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0124.345] SetTimer (hWnd=0x1a02c8, nIDEvent=0x1e, uElapse=0x64, lpTimerFunc=0x0) returned 0x1e
[0124.448] GetWindowThreadProcessId (in: hWnd=0x1a02c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0124.448] GetCurrentThreadId () returned 0x4b0
[0124.448] IsWindow (hWnd=0x1a02c8) returned 1
[0124.448] KillTimer (hWnd=0x1a02c8, uIDEvent=0x1e) returned 1
[0124.448] DestroyWindow (hWnd=0x1a02c8) returned 1
[0124.448] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1a02c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0124.448] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1a02c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0124.449] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1a02c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0124.450] CoTaskMemAlloc (cb=0x20c) returned 0x10866f0
[0124.450] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10866f0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0124.450] CoTaskMemFree (pv=0x10866f0)
[0124.450] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0124.451] CoTaskMemAlloc (cb=0x280) returned 0x1db72e80
[0124.451] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72e80, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0124.451] CoTaskMemFree (pv=0x1db72e80)
[0124.451] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0124.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0124.451] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0124.451] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0124.451] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0124.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0124.451] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0124.451] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0124.452] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0124.452] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x1b02c8
[0124.452] SetWindowLongPtrW (hWnd=0x1b02c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0124.452] GetWindowLongPtrW (hWnd=0x1b02c8, nIndex=-4) returned 0x7ffcea425090
[0124.453] SetWindowLongPtrW (hWnd=0x1b02c8, nIndex=-4, dwNewLong=0x1b7d4aac) returned 0x7ffcea425090
[0124.453] GetWindowLongPtrW (hWnd=0x1b02c8, nIndex=-4) returned 0x1b7d4aac
[0124.453] GetWindowLongPtrW (hWnd=0x1b02c8, nIndex=-16) returned 0x4c00000
[0124.453] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1b02c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0124.454] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1b02c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0124.454] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1b02c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0124.454] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1b02c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0124.455] SetTimer (hWnd=0x1b02c8, nIDEvent=0x1f, uElapse=0x64, lpTimerFunc=0x0) returned 0x1f
[0124.570] GetWindowThreadProcessId (in: hWnd=0x1b02c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0124.570] GetCurrentThreadId () returned 0x4b0
[0124.570] IsWindow (hWnd=0x1b02c8) returned 1
[0124.570] KillTimer (hWnd=0x1b02c8, uIDEvent=0x1f) returned 1
[0124.570] DestroyWindow (hWnd=0x1b02c8) returned 1
[0124.570] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1b02c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0124.570] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1b02c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0124.571] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1b02c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0124.573] CoTaskMemAlloc (cb=0x20c) returned 0x10866f0
[0124.573] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10866f0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0124.573] CoTaskMemFree (pv=0x10866f0)
[0124.573] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0124.573] CoTaskMemAlloc (cb=0x280) returned 0x1db733a0
[0124.573] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db733a0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0124.573] CoTaskMemFree (pv=0x1db733a0)
[0124.573] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0124.573] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0124.573] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0124.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0124.573] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0124.573] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0124.573] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0124.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0124.574] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0124.574] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x1c02c8
[0124.574] SetWindowLongPtrW (hWnd=0x1c02c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0124.574] GetWindowLongPtrW (hWnd=0x1c02c8, nIndex=-4) returned 0x7ffcea425090
[0124.575] SetWindowLongPtrW (hWnd=0x1c02c8, nIndex=-4, dwNewLong=0x1b7d4afc) returned 0x7ffcea425090
[0124.575] GetWindowLongPtrW (hWnd=0x1c02c8, nIndex=-4) returned 0x1b7d4afc
[0124.575] GetWindowLongPtrW (hWnd=0x1c02c8, nIndex=-16) returned 0x4c00000
[0124.575] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1c02c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0124.575] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1c02c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0124.576] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1c02c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0124.576] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1c02c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0124.576] SetTimer (hWnd=0x1c02c8, nIDEvent=0x20, uElapse=0x64, lpTimerFunc=0x0) returned 0x20
[0124.577] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0124.577] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0124.577] GetSystemMetrics (nIndex=42) returned 0
[0124.577] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefd0d0, nMaxCount=9 | out: lpString="01:59:45") returned 8
[0124.577] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefd0d0) returned 0x8
[0124.577] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0124.577] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0124.577] GetSystemMetrics (nIndex=42) returned 0
[0124.577] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefd070, nMaxCount=9 | out: lpString="01:59:45") returned 8
[0124.577] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefd070) returned 0x8
[0124.577] SetWindowTextW (hWnd=0x702c2, lpString="01:59:44") returned 1
[0124.577] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xc, wParam=0x0, lParam=0x2de5b9c) returned 0x1
[0124.577] GetStockObject (i=5) returned 0x900015
[0124.577] GetDlgItem (hDlg=0x502b4, nIDDlgItem=459458) returned 0x702c2
[0124.577] SendMessageW (hWnd=0x702c2, Msg=0x202b, wParam=0x702c2, lParam=0xefc7d0) returned 0x0
[0124.577] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0x202b, wParam=0x702c2, lParam=0xefc7d0) returned 0x0
[0124.577] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0124.578] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0124.578] GetSystemMetrics (nIndex=42) returned 0
[0124.578] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefcf30, nMaxCount=9 | out: lpString="01:59:44") returned 8
[0124.578] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefcf30) returned 0x8
[0124.578] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0124.578] AdjustWindowRectEx (in: lpRect=0xefcf60, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefcf60) returned 1
[0124.578] DrawTextExW (in: hdc=0xffffffff8c0107c3, lpchText="01:59:44", cchText=8, lprc=0xefcec8, format=0x102400, lpdtp=0x2de5e90 | out: lpchText="01:59:44", lprc=0xefcec8) returned 37
[0124.578] InvalidateRect (hWnd=0x702c2, lpRect=0x0, bErase=1) returned 1
[0124.578] GetWindowTextLengthW (hWnd=0x502b4) returned 15
[0124.578] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xf
[0124.579] GetSystemMetrics (nIndex=42) returned 0
[0124.579] GetWindowTextW (in: hWnd=0x502b4, lpString=0xefcea0, nMaxCount=16 | out: lpString="Worm Locker 2.0") returned 15
[0124.579] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xd, wParam=0x10, lParam=0xefcea0) returned 0xf
[0124.579] BeginPaint (in: hWnd=0x702c2, lpPaint=0xefcea8 | out: lpPaint=0xefcea8) returned 0x10105d6
[0124.579] SelectPalette (hdc=0x10105d6, hPal=0x220807ed, bForceBkgd=1) returned 0x88000b
[0124.579] CreateCompatibleDC (hdc=0x10105d6) returned 0x5b010664
[0124.579] SelectObject (hdc=0x5b010664, h=0x28050778) returned 0x85000f
[0124.579] GdipCreateFromHDC (hdc=0x5b010664, graphics=0xefce28) returned 0x0
[0124.579] GdipTranslateWorldTransform (graphics=0x1c8f8a50, dx=0x7ffcca17ec22, dy=0xca117896fb4, order=0x0) returned 0x0
[0124.579] GdipSetClipRectI (graphics=0x1c8f8a50, x=0, y=0, width=145, height=37, combineMode=0x0) returned 0x0
[0124.579] GdipCreateMatrix (matrix=0xefce50) returned 0x0
[0124.579] GdipGetWorldTransform (graphics=0x1c8f8a50, matrix=0x1c8f9230) returned 0x0
[0124.580] GdipIsMatrixIdentity (matrix=0x1c8f9230, result=0xefceb8) returned 0x0
[0124.580] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db7b470
[0124.580] GdipGetMatrixElements (matrix=0x1c8f9230, matrixOut=0x1db7b470) returned 0x0
[0124.580] LocalFree (hMem=0x1db7b470) returned 0x0
[0124.580] GdipDeleteMatrix (matrix=0x1c8f9230) returned 0x0
[0124.580] GdipCreateRegion (region=0xefce50) returned 0x0
[0124.580] GdipGetClip (graphics=0x1c8f8a50, region=0x1c8f8e20) returned 0x0
[0124.580] GdipIsInfiniteRegion (region=0x1c8f8e20, graphics=0x1c8f8a50, result=0xefceb0) returned 0x0
[0124.580] GdipSaveGraphics (graphics=0x1c8f8a50, state=0xefcf50) returned 0x0
[0124.580] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0124.580] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0124.580] GetSystemMetrics (nIndex=42) returned 0
[0124.580] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefcd30, nMaxCount=9 | out: lpString="01:59:44") returned 8
[0124.580] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefcd30) returned 0x8
[0124.580] GetClientRect (in: hWnd=0x702c2, lpRect=0xefcee8 | out: lpRect=0xefcee8) returned 1
[0124.580] GdipCreateRegion (region=0xefcac0) returned 0x0
[0124.580] GdipGetClip (graphics=0x1c8f8a50, region=0x1c90a8d0) returned 0x0
[0124.580] GdipCreateMatrix (matrix=0xefcac0) returned 0x0
[0124.580] GdipGetWorldTransform (graphics=0x1c8f8a50, matrix=0x1c8f91f0) returned 0x0
[0124.580] GdipIsMatrixIdentity (matrix=0x1c8f91f0, result=0xefcb28) returned 0x0
[0124.580] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db7b330
[0124.580] GdipGetMatrixElements (matrix=0x1c8f91f0, matrixOut=0x1db7b330) returned 0x0
[0124.580] LocalFree (hMem=0x1db7b330) returned 0x0
[0124.580] GdipCombineRegionRegion (region=0x1c90a8d0, region2=0x1c8f8e20, combineMode=0x1) returned 0x0
[0124.581] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db7c070
[0124.581] GdipGetMatrixElements (matrix=0x1c8f91f0, matrixOut=0x1db7c070) returned 0x0
[0124.581] LocalFree (hMem=0x1db7c070) returned 0x0
[0124.581] GdipDeleteMatrix (matrix=0x1c8f91f0) returned 0x0
[0124.581] GdipIsInfiniteRegion (region=0x1c90a8d0, graphics=0x1c8f8a50, result=0xefcb90) returned 0x0
[0124.581] GdipIsInfiniteRegion (region=0x1c90a8d0, graphics=0x1c8f8a50, result=0xefcb50) returned 0x0
[0124.581] GdipGetRegionHRgn (region=0x1c90a8d0, graphics=0x1c8f8a50, hRgn=0xefcb50) returned 0x0
[0124.581] GdipDeleteRegion (region=0x1c90a8d0) returned 0x0
[0124.581] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefcb98) returned 0x0
[0124.581] GetCurrentObject (hdc=0x5b010664, type=0x1) returned 0xb00017
[0124.581] GetCurrentObject (hdc=0x5b010664, type=0x2) returned 0x900010
[0124.581] GetCurrentObject (hdc=0x5b010664, type=0x7) returned 0x28050778
[0124.581] GetCurrentObject (hdc=0x5b010664, type=0x6) returned 0x8a01c2
[0124.581] SaveDC (hdc=0x5b010664) returned 1
[0124.581] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2f04079d
[0124.581] GetClipRgn (hdc=0x5b010664, hrgn=0x2f04079d) returned 0
[0124.581] SelectClipRgn (hdc=0x5b010664, hrgn=0x5d04064d) returned 2
[0124.581] DeleteObject (ho=0x2f04079d) returned 1
[0124.581] DeleteObject (ho=0x5d04064d) returned 1
[0124.581] OffsetViewportOrgEx (in: hdc=0x5b010664, x=0, y=0, lppt=0x2de65a8 | out: lppt=0x2de65a8) returned 1
[0124.581] GetNearestColor (hdc=0x5b010664, color=0x0) returned 0x0
[0124.582] CreateSolidBrush (color=0x0) returned 0x1f100774
[0124.582] FillRect (hDC=0x5b010664, lprc=0xefcbd0, hbr=0x1f100774) returned 1
[0124.582] DeleteObject (ho=0x1f100774) returned 1
[0124.582] RestoreDC (hdc=0x5b010664, nSavedDC=-1) returned 1
[0124.582] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x5b010664) returned 0x0
[0124.582] GdipRestoreGraphics (graphics=0x1c8f8a50, state=0xfffffffffdaa0dbd) returned 0x0
[0124.582] GdipDeleteRegion (region=0x1c8f8e20) returned 0x0
[0124.582] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0124.582] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0124.582] GetSystemMetrics (nIndex=42) returned 0
[0124.582] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefcd30, nMaxCount=9 | out: lpString="01:59:44") returned 8
[0124.582] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefcd30) returned 0x8
[0124.582] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefcd38) returned 0x0
[0124.582] GetCurrentObject (hdc=0x5b010664, type=0x1) returned 0xb00017
[0124.582] GetCurrentObject (hdc=0x5b010664, type=0x2) returned 0x900010
[0124.582] GetCurrentObject (hdc=0x5b010664, type=0x7) returned 0x28050778
[0124.582] GetCurrentObject (hdc=0x5b010664, type=0x6) returned 0x8a01c2
[0124.582] SaveDC (hdc=0x5b010664) returned 1
[0124.582] GetNearestColor (hdc=0x5b010664, color=0xffffff) returned 0xffffff
[0124.582] RestoreDC (hdc=0x5b010664, nSavedDC=-1) returned 1
[0124.582] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x5b010664) returned 0x0
[0124.583] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0124.583] AdjustWindowRectEx (in: lpRect=0xefcbf0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefcbf0) returned 1
[0124.583] GdipGetTextRenderingHint (graphics=0x1c8f8a50, mode=0xefcc48) returned 0x0
[0124.583] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefcc28) returned 0x0
[0124.583] GetCurrentObject (hdc=0x5b010664, type=0x1) returned 0xb00017
[0124.583] GetCurrentObject (hdc=0x5b010664, type=0x2) returned 0x900010
[0124.583] GetCurrentObject (hdc=0x5b010664, type=0x7) returned 0x28050778
[0124.583] GetCurrentObject (hdc=0x5b010664, type=0x6) returned 0x8a01c2
[0124.583] SaveDC (hdc=0x5b010664) returned 1
[0124.583] GetTextAlign (hdc=0x5b010664) returned 0x0
[0124.583] GetTextColor (hdc=0x5b010664) returned 0x0
[0124.583] SetTextColor (hdc=0x5b010664, color=0xffffff) returned 0x0
[0124.583] GetCurrentObject (hdc=0x5b010664, type=0x6) returned 0x8a01c2
[0124.583] GetObjectW (in: h=0x8a01c2, c=92, pv=0xefc730 | out: pv=0xefc730) returned 92
[0124.584] SelectObject (hdc=0x5b010664, h=0x480a077f) returned 0x8a01c2
[0124.584] GetBkMode (hdc=0x5b010664) returned 2
[0124.584] SetBkMode (hdc=0x5b010664, mode=1) returned 2
[0124.584] DrawTextExW (in: hdc=0x5b010664, lpchText="01:59:44", cchText=8, lprc=0xefcbb8, format=0x100000, lpdtp=0x2de6f40 | out: lpchText="01:59:44", lprc=0xefcbb8) returned 37
[0124.584] RestoreDC (hdc=0x5b010664, nSavedDC=-1) returned 1
[0124.584] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x5b010664) returned 0x0
[0124.584] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefce68) returned 0x0
[0124.584] BitBlt (hdc=0x10105d6, x=0, y=0, cx=145, cy=37, hdcSrc=0x5b010664, x1=0, y1=0, rop=0xcc0020) returned 1
[0124.585] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x5b010664) returned 0x0
[0124.585] SelectPalette (hdc=0x10105d6, hPal=0x88000b, bForceBkgd=0) returned 0x220807ed
[0124.585] SelectObject (hdc=0x5b010664, h=0x85000f) returned 0x28050778
[0124.585] DeleteDC (hdc=0x5b010664) returned 1
[0124.585] GdipDeleteGraphics (graphics=0x1c8f8a50) returned 0x0
[0124.585] EndPaint (hWnd=0x702c2, lpPaint=0xefce48) returned 1
[0124.679] GetWindowThreadProcessId (in: hWnd=0x1c02c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0124.679] GetCurrentThreadId () returned 0x4b0
[0124.679] IsWindow (hWnd=0x1c02c8) returned 1
[0124.679] KillTimer (hWnd=0x1c02c8, uIDEvent=0x20) returned 1
[0124.679] DestroyWindow (hWnd=0x1c02c8) returned 1
[0124.680] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1c02c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0124.680] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1c02c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0124.680] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1c02c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0124.682] CoTaskMemAlloc (cb=0x20c) returned 0x1084f90
[0124.682] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1084f90 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0124.682] CoTaskMemFree (pv=0x1084f90)
[0124.682] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0124.682] CoTaskMemAlloc (cb=0x280) returned 0x1db73de0
[0124.682] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db73de0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0124.682] CoTaskMemFree (pv=0x1db73de0)
[0124.682] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0124.682] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0124.682] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0124.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0124.683] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0124.683] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0124.683] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0124.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0124.683] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0124.683] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x1d02c8
[0124.684] SetWindowLongPtrW (hWnd=0x1d02c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0124.684] GetWindowLongPtrW (hWnd=0x1d02c8, nIndex=-4) returned 0x7ffcea425090
[0124.684] SetWindowLongPtrW (hWnd=0x1d02c8, nIndex=-4, dwNewLong=0x1b7d4d7c) returned 0x7ffcea425090
[0124.684] GetWindowLongPtrW (hWnd=0x1d02c8, nIndex=-4) returned 0x1b7d4d7c
[0124.684] GetWindowLongPtrW (hWnd=0x1d02c8, nIndex=-16) returned 0x4c00000
[0124.685] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1d02c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0124.685] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1d02c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0124.685] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1d02c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0124.685] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1d02c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0124.686] SetTimer (hWnd=0x1d02c8, nIDEvent=0x21, uElapse=0x64, lpTimerFunc=0x0) returned 0x21
[0124.789] GetWindowThreadProcessId (in: hWnd=0x1d02c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0124.789] GetCurrentThreadId () returned 0x4b0
[0124.789] IsWindow (hWnd=0x1d02c8) returned 1
[0124.789] KillTimer (hWnd=0x1d02c8, uIDEvent=0x21) returned 1
[0124.790] DestroyWindow (hWnd=0x1d02c8) returned 1
[0124.790] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1d02c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0124.790] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1d02c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0124.791] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1d02c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0124.793] CoTaskMemAlloc (cb=0x20c) returned 0x1085c50
[0124.793] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1085c50 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0124.793] CoTaskMemFree (pv=0x1085c50)
[0124.793] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0124.793] CoTaskMemAlloc (cb=0x280) returned 0x1db72e80
[0124.793] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72e80, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0124.793] CoTaskMemFree (pv=0x1db72e80)
[0124.793] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0124.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0124.793] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0124.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0124.793] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0124.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0124.793] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0124.794] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0124.794] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0124.794] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x1e02c8
[0124.794] SetWindowLongPtrW (hWnd=0x1e02c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0124.794] GetWindowLongPtrW (hWnd=0x1e02c8, nIndex=-4) returned 0x7ffcea425090
[0124.795] SetWindowLongPtrW (hWnd=0x1e02c8, nIndex=-4, dwNewLong=0x1b7d487c) returned 0x7ffcea425090
[0124.795] GetWindowLongPtrW (hWnd=0x1e02c8, nIndex=-4) returned 0x1b7d487c
[0124.795] GetWindowLongPtrW (hWnd=0x1e02c8, nIndex=-16) returned 0x4c00000
[0124.795] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1e02c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0124.795] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1e02c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0124.796] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1e02c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0124.796] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1e02c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0124.796] SetTimer (hWnd=0x1e02c8, nIDEvent=0x22, uElapse=0x64, lpTimerFunc=0x0) returned 0x22
[0124.930] GetWindowThreadProcessId (in: hWnd=0x1e02c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0124.930] GetCurrentThreadId () returned 0x4b0
[0124.930] IsWindow (hWnd=0x1e02c8) returned 1
[0124.930] KillTimer (hWnd=0x1e02c8, uIDEvent=0x22) returned 1
[0124.931] DestroyWindow (hWnd=0x1e02c8) returned 1
[0124.931] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1e02c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0124.931] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1e02c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0124.932] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1e02c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0124.934] CoTaskMemAlloc (cb=0x20c) returned 0x1085c50
[0124.934] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1085c50 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0124.934] CoTaskMemFree (pv=0x1085c50)
[0124.934] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0124.934] CoTaskMemAlloc (cb=0x280) returned 0x1db733a0
[0124.934] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db733a0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0124.934] CoTaskMemFree (pv=0x1db733a0)
[0124.934] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0124.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0124.934] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0124.935] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0124.935] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0124.935] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0124.935] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0124.935] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0124.936] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0124.936] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x1f02c8
[0124.936] SetWindowLongPtrW (hWnd=0x1f02c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0124.936] GetWindowLongPtrW (hWnd=0x1f02c8, nIndex=-4) returned 0x7ffcea425090
[0124.936] SetWindowLongPtrW (hWnd=0x1f02c8, nIndex=-4, dwNewLong=0x1b7d540c) returned 0x7ffcea425090
[0124.937] GetWindowLongPtrW (hWnd=0x1f02c8, nIndex=-4) returned 0x1b7d540c
[0124.937] GetWindowLongPtrW (hWnd=0x1f02c8, nIndex=-16) returned 0x4c00000
[0124.937] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1f02c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0124.938] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1f02c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0124.939] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1f02c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0124.939] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1f02c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0124.940] SetTimer (hWnd=0x1f02c8, nIDEvent=0x23, uElapse=0x64, lpTimerFunc=0x0) returned 0x23
[0125.039] GetWindowThreadProcessId (in: hWnd=0x1f02c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0125.039] GetCurrentThreadId () returned 0x4b0
[0125.039] IsWindow (hWnd=0x1f02c8) returned 1
[0125.039] KillTimer (hWnd=0x1f02c8, uIDEvent=0x23) returned 1
[0125.039] DestroyWindow (hWnd=0x1f02c8) returned 1
[0125.039] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1f02c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0125.039] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1f02c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0125.039] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x1f02c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0125.041] CoTaskMemAlloc (cb=0x20c) returned 0x10866f0
[0125.041] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10866f0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0125.041] CoTaskMemFree (pv=0x10866f0)
[0125.041] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0125.042] CoTaskMemAlloc (cb=0x280) returned 0x1db72bf0
[0125.042] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72bf0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0125.042] CoTaskMemFree (pv=0x1db72bf0)
[0125.042] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0125.042] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0125.042] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0125.042] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0125.042] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0125.042] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0125.042] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0125.042] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0125.043] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0125.043] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x2002c8
[0125.043] SetWindowLongPtrW (hWnd=0x2002c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0125.043] GetWindowLongPtrW (hWnd=0x2002c8, nIndex=-4) returned 0x7ffcea425090
[0125.043] SetWindowLongPtrW (hWnd=0x2002c8, nIndex=-4, dwNewLong=0x1b7d536c) returned 0x7ffcea425090
[0125.043] GetWindowLongPtrW (hWnd=0x2002c8, nIndex=-4) returned 0x1b7d536c
[0125.043] GetWindowLongPtrW (hWnd=0x2002c8, nIndex=-16) returned 0x4c00000
[0125.044] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2002c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0125.044] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2002c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0125.045] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2002c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0125.045] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2002c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0125.045] SetTimer (hWnd=0x2002c8, nIDEvent=0x24, uElapse=0x64, lpTimerFunc=0x0) returned 0x24
[0125.159] GetWindowThreadProcessId (in: hWnd=0x2002c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0125.159] GetCurrentThreadId () returned 0x4b0
[0125.159] IsWindow (hWnd=0x2002c8) returned 1
[0125.159] KillTimer (hWnd=0x2002c8, uIDEvent=0x24) returned 1
[0125.159] DestroyWindow (hWnd=0x2002c8) returned 1
[0125.159] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2002c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0125.159] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2002c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0125.160] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2002c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0125.162] CoTaskMemAlloc (cb=0x20c) returned 0x1084930
[0125.162] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1084930 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0125.162] CoTaskMemFree (pv=0x1084930)
[0125.162] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0125.162] CoTaskMemAlloc (cb=0x280) returned 0x1db72e80
[0125.162] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72e80, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0125.162] CoTaskMemFree (pv=0x1db72e80)
[0125.162] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0125.162] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0125.162] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0125.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0125.162] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0125.162] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0125.163] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0125.163] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0125.163] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0125.163] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x2102c8
[0125.163] SetWindowLongPtrW (hWnd=0x2102c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0125.164] GetWindowLongPtrW (hWnd=0x2102c8, nIndex=-4) returned 0x7ffcea425090
[0125.164] SetWindowLongPtrW (hWnd=0x2102c8, nIndex=-4, dwNewLong=0x1b7d4dcc) returned 0x7ffcea425090
[0125.164] GetWindowLongPtrW (hWnd=0x2102c8, nIndex=-4) returned 0x1b7d4dcc
[0125.164] GetWindowLongPtrW (hWnd=0x2102c8, nIndex=-16) returned 0x4c00000
[0125.165] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2102c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0125.165] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2102c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0125.165] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2102c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0125.166] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2102c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0125.166] SetTimer (hWnd=0x2102c8, nIDEvent=0x25, uElapse=0x64, lpTimerFunc=0x0) returned 0x25
[0125.274] GetWindowThreadProcessId (in: hWnd=0x2102c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0125.274] GetCurrentThreadId () returned 0x4b0
[0125.274] IsWindow (hWnd=0x2102c8) returned 1
[0125.274] KillTimer (hWnd=0x2102c8, uIDEvent=0x25) returned 1
[0125.274] DestroyWindow (hWnd=0x2102c8) returned 1
[0125.274] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2102c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0125.274] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2102c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0125.276] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2102c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0125.278] CoTaskMemAlloc (cb=0x20c) returned 0x1084f90
[0125.278] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1084f90 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0125.278] CoTaskMemFree (pv=0x1084f90)
[0125.278] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0125.278] CoTaskMemAlloc (cb=0x280) returned 0x1db73630
[0125.278] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db73630, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0125.278] CoTaskMemFree (pv=0x1db73630)
[0125.278] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0125.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0125.278] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0125.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0125.279] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0125.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0125.279] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0125.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0125.279] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0125.279] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x2202c8
[0125.280] SetWindowLongPtrW (hWnd=0x2202c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0125.280] GetWindowLongPtrW (hWnd=0x2202c8, nIndex=-4) returned 0x7ffcea425090
[0125.280] SetWindowLongPtrW (hWnd=0x2202c8, nIndex=-4, dwNewLong=0x1b7d559c) returned 0x7ffcea425090
[0125.280] GetWindowLongPtrW (hWnd=0x2202c8, nIndex=-4) returned 0x1b7d559c
[0125.280] GetWindowLongPtrW (hWnd=0x2202c8, nIndex=-16) returned 0x4c00000
[0125.281] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2202c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0125.281] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2202c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0125.282] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2202c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0125.282] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2202c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0125.282] SetTimer (hWnd=0x2202c8, nIDEvent=0x26, uElapse=0x64, lpTimerFunc=0x0) returned 0x26
[0125.398] GetWindowThreadProcessId (in: hWnd=0x2202c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0125.398] GetCurrentThreadId () returned 0x4b0
[0125.398] IsWindow (hWnd=0x2202c8) returned 1
[0125.398] KillTimer (hWnd=0x2202c8, uIDEvent=0x26) returned 1
[0125.398] DestroyWindow (hWnd=0x2202c8) returned 1
[0125.399] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2202c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0125.399] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2202c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0125.399] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2202c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0125.402] CoTaskMemAlloc (cb=0x20c) returned 0x10842d0
[0125.402] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10842d0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0125.402] CoTaskMemFree (pv=0x10842d0)
[0125.402] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0125.402] CoTaskMemAlloc (cb=0x280) returned 0x1db72440
[0125.402] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72440, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0125.402] CoTaskMemFree (pv=0x1db72440)
[0125.402] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0125.402] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0125.402] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0125.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0125.403] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0125.403] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0125.403] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0125.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0125.403] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0125.403] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x2302c8
[0125.404] SetWindowLongPtrW (hWnd=0x2302c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0125.404] GetWindowLongPtrW (hWnd=0x2302c8, nIndex=-4) returned 0x7ffcea425090
[0125.404] SetWindowLongPtrW (hWnd=0x2302c8, nIndex=-4, dwNewLong=0x1b7d4ebc) returned 0x7ffcea425090
[0125.404] GetWindowLongPtrW (hWnd=0x2302c8, nIndex=-4) returned 0x1b7d4ebc
[0125.404] GetWindowLongPtrW (hWnd=0x2302c8, nIndex=-16) returned 0x4c00000
[0125.405] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2302c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0125.405] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2302c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0125.405] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2302c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0125.406] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2302c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0125.406] SetTimer (hWnd=0x2302c8, nIDEvent=0x27, uElapse=0x64, lpTimerFunc=0x0) returned 0x27
[0125.507] GetWindowThreadProcessId (in: hWnd=0x2302c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0125.507] GetCurrentThreadId () returned 0x4b0
[0125.507] IsWindow (hWnd=0x2302c8) returned 1
[0125.507] KillTimer (hWnd=0x2302c8, uIDEvent=0x27) returned 1
[0125.508] DestroyWindow (hWnd=0x2302c8) returned 1
[0125.508] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2302c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0125.508] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2302c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0125.508] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2302c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0125.512] CoTaskMemAlloc (cb=0x20c) returned 0x10873b0
[0125.512] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10873b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0125.512] CoTaskMemFree (pv=0x10873b0)
[0125.512] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0125.512] CoTaskMemAlloc (cb=0x280) returned 0x1db72bf0
[0125.512] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72bf0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0125.512] CoTaskMemFree (pv=0x1db72bf0)
[0125.512] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0125.512] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0125.512] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0125.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0125.513] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0125.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0125.513] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0125.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0125.513] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0125.513] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x2402c8
[0125.514] SetWindowLongPtrW (hWnd=0x2402c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0125.514] GetWindowLongPtrW (hWnd=0x2402c8, nIndex=-4) returned 0x7ffcea425090
[0125.514] SetWindowLongPtrW (hWnd=0x2402c8, nIndex=-4, dwNewLong=0x1b7d554c) returned 0x7ffcea425090
[0125.514] GetWindowLongPtrW (hWnd=0x2402c8, nIndex=-4) returned 0x1b7d554c
[0125.514] GetWindowLongPtrW (hWnd=0x2402c8, nIndex=-16) returned 0x4c00000
[0125.515] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2402c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0125.515] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2402c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0125.516] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2402c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0125.517] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2402c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0125.517] SetTimer (hWnd=0x2402c8, nIDEvent=0x28, uElapse=0x64, lpTimerFunc=0x0) returned 0x28
[0125.586] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0125.586] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0125.586] GetSystemMetrics (nIndex=42) returned 0
[0125.586] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefd0d0, nMaxCount=9 | out: lpString="01:59:44") returned 8
[0125.586] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefd0d0) returned 0x8
[0125.586] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0125.586] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0125.586] GetSystemMetrics (nIndex=42) returned 0
[0125.586] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefd070, nMaxCount=9 | out: lpString="01:59:44") returned 8
[0125.586] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefd070) returned 0x8
[0125.586] SetWindowTextW (hWnd=0x702c2, lpString="01:59:43") returned 1
[0125.587] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xc, wParam=0x0, lParam=0x2def254) returned 0x1
[0125.587] GetStockObject (i=5) returned 0x900015
[0125.587] GetDlgItem (hDlg=0x502b4, nIDDlgItem=459458) returned 0x702c2
[0125.587] SendMessageW (hWnd=0x702c2, Msg=0x202b, wParam=0x702c2, lParam=0xefc7d0) returned 0x0
[0125.587] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0x202b, wParam=0x702c2, lParam=0xefc7d0) returned 0x0
[0125.587] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0125.587] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0125.587] GetSystemMetrics (nIndex=42) returned 0
[0125.587] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefcf30, nMaxCount=9 | out: lpString="01:59:43") returned 8
[0125.587] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefcf30) returned 0x8
[0125.588] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0125.588] AdjustWindowRectEx (in: lpRect=0xefcf60, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefcf60) returned 1
[0125.588] DrawTextExW (in: hdc=0xffffffff8c0107c3, lpchText="01:59:43", cchText=8, lprc=0xefcec8, format=0x102400, lpdtp=0x2def548 | out: lpchText="01:59:43", lprc=0xefcec8) returned 37
[0125.588] InvalidateRect (hWnd=0x702c2, lpRect=0x0, bErase=1) returned 1
[0125.588] GetWindowTextLengthW (hWnd=0x502b4) returned 15
[0125.588] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xf
[0125.588] GetSystemMetrics (nIndex=42) returned 0
[0125.588] GetWindowTextW (in: hWnd=0x502b4, lpString=0xefcea0, nMaxCount=16 | out: lpString="Worm Locker 2.0") returned 15
[0125.588] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xd, wParam=0x10, lParam=0xefcea0) returned 0xf
[0125.588] BeginPaint (in: hWnd=0x702c2, lpPaint=0xefcea8 | out: lpPaint=0xefcea8) returned 0x10105d6
[0125.589] SelectPalette (hdc=0x10105d6, hPal=0x220807ed, bForceBkgd=1) returned 0x88000b
[0125.589] CreateCompatibleDC (hdc=0x10105d6) returned 0x2b0107e9
[0125.589] SelectObject (hdc=0x2b0107e9, h=0x28050778) returned 0x85000f
[0125.589] GdipCreateFromHDC (hdc=0x2b0107e9, graphics=0xefce28) returned 0x0
[0125.589] GdipTranslateWorldTransform (graphics=0x1c8f8a50, dx=0x7ffcca17ec22, dy=0xca117896fb4, order=0x0) returned 0x0
[0125.589] GdipSetClipRectI (graphics=0x1c8f8a50, x=0, y=0, width=145, height=37, combineMode=0x0) returned 0x0
[0125.589] GdipCreateMatrix (matrix=0xefce50) returned 0x0
[0125.589] GdipGetWorldTransform (graphics=0x1c8f8a50, matrix=0x1c8f9230) returned 0x0
[0125.589] GdipIsMatrixIdentity (matrix=0x1c8f9230, result=0xefceb8) returned 0x0
[0125.589] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db7b670
[0125.589] GdipGetMatrixElements (matrix=0x1c8f9230, matrixOut=0x1db7b670) returned 0x0
[0125.590] LocalFree (hMem=0x1db7b670) returned 0x0
[0125.590] GdipDeleteMatrix (matrix=0x1c8f9230) returned 0x0
[0125.590] GdipCreateRegion (region=0xefce50) returned 0x0
[0125.590] GdipGetClip (graphics=0x1c8f8a50, region=0x1c8f8e20) returned 0x0
[0125.590] GdipIsInfiniteRegion (region=0x1c8f8e20, graphics=0x1c8f8a50, result=0xefceb0) returned 0x0
[0125.590] GdipSaveGraphics (graphics=0x1c8f8a50, state=0xefcf50) returned 0x0
[0125.590] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0125.590] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0125.590] GetSystemMetrics (nIndex=42) returned 0
[0125.590] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefcd30, nMaxCount=9 | out: lpString="01:59:43") returned 8
[0125.590] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefcd30) returned 0x8
[0125.590] GetClientRect (in: hWnd=0x702c2, lpRect=0xefcee8 | out: lpRect=0xefcee8) returned 1
[0125.590] GdipCreateRegion (region=0xefcac0) returned 0x0
[0125.590] GdipGetClip (graphics=0x1c8f8a50, region=0x1c90a8d0) returned 0x0
[0125.590] GdipCreateMatrix (matrix=0xefcac0) returned 0x0
[0125.590] GdipGetWorldTransform (graphics=0x1c8f8a50, matrix=0x1c8f91f0) returned 0x0
[0125.590] GdipIsMatrixIdentity (matrix=0x1c8f91f0, result=0xefcb28) returned 0x0
[0125.590] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db7c070
[0125.590] GdipGetMatrixElements (matrix=0x1c8f91f0, matrixOut=0x1db7c070) returned 0x0
[0125.590] LocalFree (hMem=0x1db7c070) returned 0x0
[0125.590] GdipCombineRegionRegion (region=0x1c90a8d0, region2=0x1c8f8e20, combineMode=0x1) returned 0x0
[0125.590] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db7beb0
[0125.590] GdipGetMatrixElements (matrix=0x1c8f91f0, matrixOut=0x1db7beb0) returned 0x0
[0125.591] LocalFree (hMem=0x1db7beb0) returned 0x0
[0125.591] GdipDeleteMatrix (matrix=0x1c8f91f0) returned 0x0
[0125.591] GdipIsInfiniteRegion (region=0x1c90a8d0, graphics=0x1c8f8a50, result=0xefcb90) returned 0x0
[0125.591] GdipIsInfiniteRegion (region=0x1c90a8d0, graphics=0x1c8f8a50, result=0xefcb50) returned 0x0
[0125.591] GdipGetRegionHRgn (region=0x1c90a8d0, graphics=0x1c8f8a50, hRgn=0xefcb50) returned 0x0
[0125.591] GdipDeleteRegion (region=0x1c90a8d0) returned 0x0
[0125.591] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefcb98) returned 0x0
[0125.591] GetCurrentObject (hdc=0x2b0107e9, type=0x1) returned 0xb00017
[0125.591] GetCurrentObject (hdc=0x2b0107e9, type=0x2) returned 0x900010
[0125.591] GetCurrentObject (hdc=0x2b0107e9, type=0x7) returned 0x28050778
[0125.591] GetCurrentObject (hdc=0x2b0107e9, type=0x6) returned 0x8a01c2
[0125.591] SaveDC (hdc=0x2b0107e9) returned 1
[0125.591] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5e04064d
[0125.591] GetClipRgn (hdc=0x2b0107e9, hrgn=0x5e04064d) returned 0
[0125.591] SelectClipRgn (hdc=0x2b0107e9, hrgn=0x3204079d) returned 2
[0125.591] DeleteObject (ho=0x5e04064d) returned 1
[0125.591] DeleteObject (ho=0x3204079d) returned 1
[0125.591] OffsetViewportOrgEx (in: hdc=0x2b0107e9, x=0, y=0, lppt=0x2defc60 | out: lppt=0x2defc60) returned 1
[0125.591] GetNearestColor (hdc=0x2b0107e9, color=0x0) returned 0x0
[0125.592] CreateSolidBrush (color=0x0) returned 0x20100774
[0125.592] FillRect (hDC=0x2b0107e9, lprc=0xefcbd0, hbr=0x20100774) returned 1
[0125.592] DeleteObject (ho=0x20100774) returned 1
[0125.592] RestoreDC (hdc=0x2b0107e9, nSavedDC=-1) returned 1
[0125.592] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x2b0107e9) returned 0x0
[0125.592] GdipRestoreGraphics (graphics=0x1c8f8a50, state=0xfffffffffda80dbd) returned 0x0
[0125.592] GdipDeleteRegion (region=0x1c8f8e20) returned 0x0
[0125.592] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0125.592] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0125.592] GetSystemMetrics (nIndex=42) returned 0
[0125.592] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefcd30, nMaxCount=9 | out: lpString="01:59:43") returned 8
[0125.592] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefcd30) returned 0x8
[0125.592] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefcd38) returned 0x0
[0125.592] GetCurrentObject (hdc=0x2b0107e9, type=0x1) returned 0xb00017
[0125.592] GetCurrentObject (hdc=0x2b0107e9, type=0x2) returned 0x900010
[0125.592] GetCurrentObject (hdc=0x2b0107e9, type=0x7) returned 0x28050778
[0125.592] GetCurrentObject (hdc=0x2b0107e9, type=0x6) returned 0x8a01c2
[0125.592] SaveDC (hdc=0x2b0107e9) returned 1
[0125.592] GetNearestColor (hdc=0x2b0107e9, color=0xffffff) returned 0xffffff
[0125.593] RestoreDC (hdc=0x2b0107e9, nSavedDC=-1) returned 1
[0125.593] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x2b0107e9) returned 0x0
[0125.593] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0125.593] AdjustWindowRectEx (in: lpRect=0xefcbf0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefcbf0) returned 1
[0125.593] GdipGetTextRenderingHint (graphics=0x1c8f8a50, mode=0xefcc48) returned 0x0
[0125.593] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefcc28) returned 0x0
[0125.593] GetCurrentObject (hdc=0x2b0107e9, type=0x1) returned 0xb00017
[0125.593] GetCurrentObject (hdc=0x2b0107e9, type=0x2) returned 0x900010
[0125.593] GetCurrentObject (hdc=0x2b0107e9, type=0x7) returned 0x28050778
[0125.593] GetCurrentObject (hdc=0x2b0107e9, type=0x6) returned 0x8a01c2
[0125.594] SaveDC (hdc=0x2b0107e9) returned 1
[0125.594] GetTextAlign (hdc=0x2b0107e9) returned 0x0
[0125.594] GetTextColor (hdc=0x2b0107e9) returned 0x0
[0125.594] SetTextColor (hdc=0x2b0107e9, color=0xffffff) returned 0x0
[0125.594] GetCurrentObject (hdc=0x2b0107e9, type=0x6) returned 0x8a01c2
[0125.594] GetObjectW (in: h=0x8a01c2, c=92, pv=0xefc730 | out: pv=0xefc730) returned 92
[0125.594] SelectObject (hdc=0x2b0107e9, h=0x480a077f) returned 0x8a01c2
[0125.594] GetBkMode (hdc=0x2b0107e9) returned 2
[0125.594] SetBkMode (hdc=0x2b0107e9, mode=1) returned 2
[0125.594] DrawTextExW (in: hdc=0x2b0107e9, lpchText="01:59:43", cchText=8, lprc=0xefcbb8, format=0x100000, lpdtp=0x2df05f8 | out: lpchText="01:59:43", lprc=0xefcbb8) returned 37
[0125.595] RestoreDC (hdc=0x2b0107e9, nSavedDC=-1) returned 1
[0125.596] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x2b0107e9) returned 0x0
[0125.596] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefce68) returned 0x0
[0125.596] BitBlt (hdc=0x10105d6, x=0, y=0, cx=145, cy=37, hdcSrc=0x2b0107e9, x1=0, y1=0, rop=0xcc0020) returned 1
[0125.596] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x2b0107e9) returned 0x0
[0125.596] SelectPalette (hdc=0x10105d6, hPal=0x88000b, bForceBkgd=0) returned 0x220807ed
[0125.596] SelectObject (hdc=0x2b0107e9, h=0x85000f) returned 0x28050778
[0125.596] DeleteDC (hdc=0x2b0107e9) returned 1
[0125.596] GdipDeleteGraphics (graphics=0x1c8f8a50) returned 0x0
[0125.596] EndPaint (hWnd=0x702c2, lpPaint=0xefce48) returned 1
[0125.620] GetWindowThreadProcessId (in: hWnd=0x2402c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0125.620] GetCurrentThreadId () returned 0x4b0
[0125.620] IsWindow (hWnd=0x2402c8) returned 1
[0125.620] KillTimer (hWnd=0x2402c8, uIDEvent=0x28) returned 1
[0125.620] DestroyWindow (hWnd=0x2402c8) returned 1
[0125.620] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2402c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0125.620] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2402c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0125.621] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2402c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0125.622] CoTaskMemAlloc (cb=0x20c) returned 0x10873b0
[0125.623] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10873b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0125.623] CoTaskMemFree (pv=0x10873b0)
[0125.623] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0125.623] CoTaskMemAlloc (cb=0x280) returned 0x1db73110
[0125.623] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db73110, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0125.623] CoTaskMemFree (pv=0x1db73110)
[0125.623] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0125.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0125.623] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0125.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0125.623] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0125.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0125.623] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0125.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0125.624] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0125.624] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x2502c8
[0125.624] SetWindowLongPtrW (hWnd=0x2502c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0125.624] GetWindowLongPtrW (hWnd=0x2502c8, nIndex=-4) returned 0x7ffcea425090
[0125.624] SetWindowLongPtrW (hWnd=0x2502c8, nIndex=-4, dwNewLong=0x1b7d4a5c) returned 0x7ffcea425090
[0125.625] GetWindowLongPtrW (hWnd=0x2502c8, nIndex=-4) returned 0x1b7d4a5c
[0125.625] GetWindowLongPtrW (hWnd=0x2502c8, nIndex=-16) returned 0x4c00000
[0125.625] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2502c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0125.625] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2502c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0125.626] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2502c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0125.626] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2502c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0125.626] SetTimer (hWnd=0x2502c8, nIDEvent=0x29, uElapse=0x64, lpTimerFunc=0x0) returned 0x29
[0125.727] GetWindowThreadProcessId (in: hWnd=0x2502c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0125.727] GetCurrentThreadId () returned 0x4b0
[0125.727] IsWindow (hWnd=0x2502c8) returned 1
[0125.727] KillTimer (hWnd=0x2502c8, uIDEvent=0x29) returned 1
[0125.727] DestroyWindow (hWnd=0x2502c8) returned 1
[0125.727] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2502c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0125.727] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2502c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0125.727] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2502c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0125.729] CoTaskMemAlloc (cb=0x20c) returned 0x10873b0
[0125.729] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10873b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0125.729] CoTaskMemFree (pv=0x10873b0)
[0125.729] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0125.729] CoTaskMemAlloc (cb=0x280) returned 0x1db72bf0
[0125.729] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72bf0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0125.729] CoTaskMemFree (pv=0x1db72bf0)
[0125.729] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0125.729] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0125.730] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0125.730] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0125.730] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0125.730] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0125.730] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0125.730] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0125.730] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0125.730] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x2602c8
[0125.731] SetWindowLongPtrW (hWnd=0x2602c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0125.731] GetWindowLongPtrW (hWnd=0x2602c8, nIndex=-4) returned 0x7ffcea425090
[0125.731] SetWindowLongPtrW (hWnd=0x2602c8, nIndex=-4, dwNewLong=0x1b7d504c) returned 0x7ffcea425090
[0125.731] GetWindowLongPtrW (hWnd=0x2602c8, nIndex=-4) returned 0x1b7d504c
[0125.731] GetWindowLongPtrW (hWnd=0x2602c8, nIndex=-16) returned 0x4c00000
[0125.732] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2602c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0125.732] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2602c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0125.732] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2602c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0125.732] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2602c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0125.733] SetTimer (hWnd=0x2602c8, nIDEvent=0x2a, uElapse=0x64, lpTimerFunc=0x0) returned 0x2a
[0125.836] GetWindowThreadProcessId (in: hWnd=0x2602c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0125.836] GetCurrentThreadId () returned 0x4b0
[0125.836] IsWindow (hWnd=0x2602c8) returned 1
[0125.836] KillTimer (hWnd=0x2602c8, uIDEvent=0x2a) returned 1
[0125.836] DestroyWindow (hWnd=0x2602c8) returned 1
[0125.836] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2602c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0125.836] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2602c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0125.837] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2602c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0125.839] CoTaskMemAlloc (cb=0x20c) returned 0x1085c50
[0125.839] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1085c50 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0125.840] CoTaskMemFree (pv=0x1085c50)
[0125.840] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0125.840] CoTaskMemAlloc (cb=0x280) returned 0x1db733a0
[0125.840] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db733a0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0125.840] CoTaskMemFree (pv=0x1db733a0)
[0125.840] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0125.840] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0125.840] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0125.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0125.840] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0125.840] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0125.840] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0125.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0125.841] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0125.841] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x2702c8
[0125.842] SetWindowLongPtrW (hWnd=0x2702c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0125.842] GetWindowLongPtrW (hWnd=0x2702c8, nIndex=-4) returned 0x7ffcea425090
[0125.842] SetWindowLongPtrW (hWnd=0x2702c8, nIndex=-4, dwNewLong=0x1b7d55ec) returned 0x7ffcea425090
[0125.842] GetWindowLongPtrW (hWnd=0x2702c8, nIndex=-4) returned 0x1b7d55ec
[0125.842] GetWindowLongPtrW (hWnd=0x2702c8, nIndex=-16) returned 0x4c00000
[0125.843] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2702c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0125.843] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2702c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0125.844] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2702c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0125.844] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2702c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0125.845] SetTimer (hWnd=0x2702c8, nIDEvent=0x2b, uElapse=0x64, lpTimerFunc=0x0) returned 0x2b
[0125.945] GetWindowThreadProcessId (in: hWnd=0x2702c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0125.945] GetCurrentThreadId () returned 0x4b0
[0125.945] IsWindow (hWnd=0x2702c8) returned 1
[0125.945] KillTimer (hWnd=0x2702c8, uIDEvent=0x2b) returned 1
[0125.945] DestroyWindow (hWnd=0x2702c8) returned 1
[0125.945] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2702c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0125.946] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2702c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0125.946] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2702c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0125.948] CoTaskMemAlloc (cb=0x20c) returned 0x1084b50
[0125.948] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1084b50 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0125.948] CoTaskMemFree (pv=0x1084b50)
[0125.948] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0125.948] CoTaskMemAlloc (cb=0x280) returned 0x1db73de0
[0125.948] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db73de0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0125.948] CoTaskMemFree (pv=0x1db73de0)
[0125.948] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0125.948] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0125.948] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0125.949] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0125.949] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0125.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0125.949] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0125.949] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0125.949] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0125.949] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x2802c8
[0125.950] SetWindowLongPtrW (hWnd=0x2802c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0125.950] GetWindowLongPtrW (hWnd=0x2802c8, nIndex=-4) returned 0x7ffcea425090
[0125.950] SetWindowLongPtrW (hWnd=0x2802c8, nIndex=-4, dwNewLong=0x1b7d47dc) returned 0x7ffcea425090
[0125.950] GetWindowLongPtrW (hWnd=0x2802c8, nIndex=-4) returned 0x1b7d47dc
[0125.950] GetWindowLongPtrW (hWnd=0x2802c8, nIndex=-16) returned 0x4c00000
[0125.951] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2802c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0125.951] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2802c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0125.951] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2802c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0125.951] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2802c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0125.952] SetTimer (hWnd=0x2802c8, nIDEvent=0x2c, uElapse=0x64, lpTimerFunc=0x0) returned 0x2c
[0126.054] GetWindowThreadProcessId (in: hWnd=0x2802c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0126.054] GetCurrentThreadId () returned 0x4b0
[0126.054] IsWindow (hWnd=0x2802c8) returned 1
[0126.054] KillTimer (hWnd=0x2802c8, uIDEvent=0x2c) returned 1
[0126.055] DestroyWindow (hWnd=0x2802c8) returned 1
[0126.055] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2802c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0126.055] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2802c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0126.058] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2802c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0126.060] CoTaskMemAlloc (cb=0x20c) returned 0x10873b0
[0126.060] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10873b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0126.060] CoTaskMemFree (pv=0x10873b0)
[0126.060] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0126.060] CoTaskMemAlloc (cb=0x280) returned 0x1db72bf0
[0126.060] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72bf0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0126.060] CoTaskMemFree (pv=0x1db72bf0)
[0126.060] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0126.060] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0126.060] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0126.060] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0126.060] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0126.060] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0126.060] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0126.061] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0126.061] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0126.061] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x2902c8
[0126.061] SetWindowLongPtrW (hWnd=0x2902c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0126.061] GetWindowLongPtrW (hWnd=0x2902c8, nIndex=-4) returned 0x7ffcea425090
[0126.062] SetWindowLongPtrW (hWnd=0x2902c8, nIndex=-4, dwNewLong=0x1b7d491c) returned 0x7ffcea425090
[0126.062] GetWindowLongPtrW (hWnd=0x2902c8, nIndex=-4) returned 0x1b7d491c
[0126.062] GetWindowLongPtrW (hWnd=0x2902c8, nIndex=-16) returned 0x4c00000
[0126.062] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2902c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0126.062] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2902c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0126.063] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2902c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0126.063] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2902c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0126.064] SetTimer (hWnd=0x2902c8, nIDEvent=0x2d, uElapse=0x64, lpTimerFunc=0x0) returned 0x2d
[0126.202] GetWindowThreadProcessId (in: hWnd=0x2902c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0126.202] GetCurrentThreadId () returned 0x4b0
[0126.202] IsWindow (hWnd=0x2902c8) returned 1
[0126.202] KillTimer (hWnd=0x2902c8, uIDEvent=0x2d) returned 1
[0126.202] DestroyWindow (hWnd=0x2902c8) returned 1
[0126.202] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2902c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0126.202] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2902c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0126.203] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2902c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0126.205] CoTaskMemAlloc (cb=0x20c) returned 0x10873b0
[0126.205] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10873b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0126.205] CoTaskMemFree (pv=0x10873b0)
[0126.205] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0126.205] CoTaskMemAlloc (cb=0x280) returned 0x1db726d0
[0126.205] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db726d0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0126.205] CoTaskMemFree (pv=0x1db726d0)
[0126.205] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0126.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0126.205] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0126.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0126.205] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0126.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0126.205] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0126.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0126.206] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0126.206] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x2a02c8
[0126.206] SetWindowLongPtrW (hWnd=0x2a02c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0126.206] GetWindowLongPtrW (hWnd=0x2a02c8, nIndex=-4) returned 0x7ffcea425090
[0126.207] SetWindowLongPtrW (hWnd=0x2a02c8, nIndex=-4, dwNewLong=0x1b7d4bec) returned 0x7ffcea425090
[0126.207] GetWindowLongPtrW (hWnd=0x2a02c8, nIndex=-4) returned 0x1b7d4bec
[0126.207] GetWindowLongPtrW (hWnd=0x2a02c8, nIndex=-16) returned 0x4c00000
[0126.207] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2a02c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0126.207] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2a02c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0126.208] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2a02c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0126.208] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2a02c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0126.209] SetTimer (hWnd=0x2a02c8, nIDEvent=0x2e, uElapse=0x64, lpTimerFunc=0x0) returned 0x2e
[0126.354] GetWindowThreadProcessId (in: hWnd=0x2a02c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0126.354] GetCurrentThreadId () returned 0x4b0
[0126.354] IsWindow (hWnd=0x2a02c8) returned 1
[0126.354] KillTimer (hWnd=0x2a02c8, uIDEvent=0x2e) returned 1
[0126.354] DestroyWindow (hWnd=0x2a02c8) returned 1
[0126.354] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2a02c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0126.354] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2a02c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0126.355] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2a02c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0126.357] CoTaskMemAlloc (cb=0x20c) returned 0x1084710
[0126.357] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1084710 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0126.357] CoTaskMemFree (pv=0x1084710)
[0126.357] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0126.357] CoTaskMemAlloc (cb=0x280) returned 0x1db72e80
[0126.357] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72e80, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0126.357] CoTaskMemFree (pv=0x1db72e80)
[0126.357] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0126.357] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0126.357] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0126.357] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0126.357] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0126.357] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0126.357] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0126.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0126.358] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0126.358] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x2b02c8
[0126.359] SetWindowLongPtrW (hWnd=0x2b02c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0126.359] GetWindowLongPtrW (hWnd=0x2b02c8, nIndex=-4) returned 0x7ffcea425090
[0126.359] SetWindowLongPtrW (hWnd=0x2b02c8, nIndex=-4, dwNewLong=0x1b7d50ec) returned 0x7ffcea425090
[0126.359] GetWindowLongPtrW (hWnd=0x2b02c8, nIndex=-4) returned 0x1b7d50ec
[0126.359] GetWindowLongPtrW (hWnd=0x2b02c8, nIndex=-16) returned 0x4c00000
[0126.360] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2b02c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0126.360] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2b02c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0126.360] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2b02c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0126.360] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2b02c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0126.361] SetTimer (hWnd=0x2b02c8, nIDEvent=0x2f, uElapse=0x64, lpTimerFunc=0x0) returned 0x2f
[0126.461] GetWindowThreadProcessId (in: hWnd=0x2b02c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0126.461] GetCurrentThreadId () returned 0x4b0
[0126.461] IsWindow (hWnd=0x2b02c8) returned 1
[0126.461] KillTimer (hWnd=0x2b02c8, uIDEvent=0x2f) returned 1
[0126.461] DestroyWindow (hWnd=0x2b02c8) returned 1
[0126.461] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2b02c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0126.461] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2b02c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0126.462] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2b02c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0126.464] CoTaskMemAlloc (cb=0x20c) returned 0x1084b50
[0126.464] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1084b50 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0126.464] CoTaskMemFree (pv=0x1084b50)
[0126.464] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0126.464] CoTaskMemAlloc (cb=0x280) returned 0x1db73110
[0126.464] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db73110, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0126.464] CoTaskMemFree (pv=0x1db73110)
[0126.464] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0126.465] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0126.465] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0126.465] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0126.465] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0126.465] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0126.465] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0126.465] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0126.466] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0126.466] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x2c02c8
[0126.466] SetWindowLongPtrW (hWnd=0x2c02c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0126.466] GetWindowLongPtrW (hWnd=0x2c02c8, nIndex=-4) returned 0x7ffcea425090
[0126.467] SetWindowLongPtrW (hWnd=0x2c02c8, nIndex=-4, dwNewLong=0x1b7d4ffc) returned 0x7ffcea425090
[0126.467] GetWindowLongPtrW (hWnd=0x2c02c8, nIndex=-4) returned 0x1b7d4ffc
[0126.467] GetWindowLongPtrW (hWnd=0x2c02c8, nIndex=-16) returned 0x4c00000
[0126.468] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2c02c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0126.468] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2c02c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0126.468] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2c02c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0126.469] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2c02c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0126.469] SetTimer (hWnd=0x2c02c8, nIDEvent=0x30, uElapse=0x64, lpTimerFunc=0x0) returned 0x30
[0126.666] GetWindowThreadProcessId (in: hWnd=0x2c02c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0126.666] GetCurrentThreadId () returned 0x4b0
[0126.666] IsWindow (hWnd=0x2c02c8) returned 1
[0126.666] KillTimer (hWnd=0x2c02c8, uIDEvent=0x30) returned 1
[0126.666] DestroyWindow (hWnd=0x2c02c8) returned 1
[0126.666] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2c02c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0126.667] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2c02c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0126.668] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2c02c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0126.670] CoTaskMemAlloc (cb=0x20c) returned 0x10873b0
[0126.670] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10873b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0126.670] CoTaskMemFree (pv=0x10873b0)
[0126.670] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0126.670] CoTaskMemAlloc (cb=0x280) returned 0x1db72e80
[0126.670] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72e80, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0126.671] CoTaskMemFree (pv=0x1db72e80)
[0126.671] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0126.671] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0126.671] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0126.671] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0126.671] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0126.671] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0126.671] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0126.671] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0126.672] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0126.672] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x2d02c8
[0126.672] SetWindowLongPtrW (hWnd=0x2d02c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0126.673] GetWindowLongPtrW (hWnd=0x2d02c8, nIndex=-4) returned 0x7ffcea425090
[0126.673] SetWindowLongPtrW (hWnd=0x2d02c8, nIndex=-4, dwNewLong=0x1b7d48cc) returned 0x7ffcea425090
[0126.673] GetWindowLongPtrW (hWnd=0x2d02c8, nIndex=-4) returned 0x1b7d48cc
[0126.673] GetWindowLongPtrW (hWnd=0x2d02c8, nIndex=-16) returned 0x4c00000
[0126.674] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2d02c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0126.674] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2d02c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0126.674] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2d02c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0126.675] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2d02c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0126.675] SetTimer (hWnd=0x2d02c8, nIDEvent=0x31, uElapse=0x64, lpTimerFunc=0x0) returned 0x31
[0126.676] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0126.676] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0126.676] GetSystemMetrics (nIndex=42) returned 0
[0126.676] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefd0d0, nMaxCount=9 | out: lpString="01:59:43") returned 8
[0126.676] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefd0d0) returned 0x8
[0126.676] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0126.676] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0126.676] GetSystemMetrics (nIndex=42) returned 0
[0126.676] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefd070, nMaxCount=9 | out: lpString="01:59:43") returned 8
[0126.676] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefd070) returned 0x8
[0126.676] SetWindowTextW (hWnd=0x702c2, lpString="01:59:42") returned 1
[0126.676] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xc, wParam=0x0, lParam=0x2df995c) returned 0x1
[0126.676] GetStockObject (i=5) returned 0x900015
[0126.676] GetDlgItem (hDlg=0x502b4, nIDDlgItem=459458) returned 0x702c2
[0126.676] SendMessageW (hWnd=0x702c2, Msg=0x202b, wParam=0x702c2, lParam=0xefc7d0) returned 0x0
[0126.676] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0x202b, wParam=0x702c2, lParam=0xefc7d0) returned 0x0
[0126.677] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0126.677] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0126.677] GetSystemMetrics (nIndex=42) returned 0
[0126.677] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefcf30, nMaxCount=9 | out: lpString="01:59:42") returned 8
[0126.677] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefcf30) returned 0x8
[0126.678] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0126.678] AdjustWindowRectEx (in: lpRect=0xefcf60, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefcf60) returned 1
[0126.678] DrawTextExW (in: hdc=0xffffffff8c0107c3, lpchText="01:59:42", cchText=8, lprc=0xefcec8, format=0x102400, lpdtp=0x2df9c50 | out: lpchText="01:59:42", lprc=0xefcec8) returned 37
[0126.678] InvalidateRect (hWnd=0x702c2, lpRect=0x0, bErase=1) returned 1
[0126.679] GetWindowTextLengthW (hWnd=0x502b4) returned 15
[0126.679] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xf
[0126.679] GetSystemMetrics (nIndex=42) returned 0
[0126.679] GetWindowTextW (in: hWnd=0x502b4, lpString=0xefcea0, nMaxCount=16 | out: lpString="Worm Locker 2.0") returned 15
[0126.679] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xd, wParam=0x10, lParam=0xefcea0) returned 0xf
[0126.679] BeginPaint (in: hWnd=0x702c2, lpPaint=0xefcea8 | out: lpPaint=0xefcea8) returned 0xf0105ee
[0126.680] SelectPalette (hdc=0xf0105ee, hPal=0x220807ed, bForceBkgd=1) returned 0x88000b
[0126.680] CreateCompatibleDC (hdc=0xf0105ee) returned 0x360107f5
[0126.680] SelectObject (hdc=0x360107f5, h=0x28050778) returned 0x85000f
[0126.680] GdipCreateFromHDC (hdc=0x360107f5, graphics=0xefce28) returned 0x0
[0126.680] GdipTranslateWorldTransform (graphics=0x1c8f8a50, dx=0x7ffcca17ec22, dy=0xca117896fb4, order=0x0) returned 0x0
[0126.680] GdipSetClipRectI (graphics=0x1c8f8a50, x=0, y=0, width=145, height=37, combineMode=0x0) returned 0x0
[0126.680] GdipCreateMatrix (matrix=0xefce50) returned 0x0
[0126.680] GdipGetWorldTransform (graphics=0x1c8f8a50, matrix=0x1c8f9230) returned 0x0
[0126.680] GdipIsMatrixIdentity (matrix=0x1c8f9230, result=0xefceb8) returned 0x0
[0126.680] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db7bd30
[0126.680] GdipGetMatrixElements (matrix=0x1c8f9230, matrixOut=0x1db7bd30) returned 0x0
[0126.681] LocalFree (hMem=0x1db7bd30) returned 0x0
[0126.681] GdipDeleteMatrix (matrix=0x1c8f9230) returned 0x0
[0126.681] GdipCreateRegion (region=0xefce50) returned 0x0
[0126.681] GdipGetClip (graphics=0x1c8f8a50, region=0x1c8f8e20) returned 0x0
[0126.681] GdipIsInfiniteRegion (region=0x1c8f8e20, graphics=0x1c8f8a50, result=0xefceb0) returned 0x0
[0126.681] GdipSaveGraphics (graphics=0x1c8f8a50, state=0xefcf50) returned 0x0
[0126.681] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0126.681] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0126.681] GetSystemMetrics (nIndex=42) returned 0
[0126.681] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefcd30, nMaxCount=9 | out: lpString="01:59:42") returned 8
[0126.681] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefcd30) returned 0x8
[0126.681] GetClientRect (in: hWnd=0x702c2, lpRect=0xefcee8 | out: lpRect=0xefcee8) returned 1
[0126.681] GdipCreateRegion (region=0xefcac0) returned 0x0
[0126.681] GdipGetClip (graphics=0x1c8f8a50, region=0x1c90a8d0) returned 0x0
[0126.681] GdipCreateMatrix (matrix=0xefcac0) returned 0x0
[0126.681] GdipGetWorldTransform (graphics=0x1c8f8a50, matrix=0x1c8f91f0) returned 0x0
[0126.681] GdipIsMatrixIdentity (matrix=0x1c8f91f0, result=0xefcb28) returned 0x0
[0126.681] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db7c070
[0126.681] GdipGetMatrixElements (matrix=0x1c8f91f0, matrixOut=0x1db7c070) returned 0x0
[0126.682] LocalFree (hMem=0x1db7c070) returned 0x0
[0126.682] GdipCombineRegionRegion (region=0x1c90a8d0, region2=0x1c8f8e20, combineMode=0x1) returned 0x0
[0126.682] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db7b870
[0126.682] GdipGetMatrixElements (matrix=0x1c8f91f0, matrixOut=0x1db7b870) returned 0x0
[0126.682] LocalFree (hMem=0x1db7b870) returned 0x0
[0126.682] GdipDeleteMatrix (matrix=0x1c8f91f0) returned 0x0
[0126.682] GdipIsInfiniteRegion (region=0x1c90a8d0, graphics=0x1c8f8a50, result=0xefcb90) returned 0x0
[0126.682] GdipIsInfiniteRegion (region=0x1c90a8d0, graphics=0x1c8f8a50, result=0xefcb50) returned 0x0
[0126.682] GdipGetRegionHRgn (region=0x1c90a8d0, graphics=0x1c8f8a50, hRgn=0xefcb50) returned 0x0
[0126.682] GdipDeleteRegion (region=0x1c90a8d0) returned 0x0
[0126.682] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefcb98) returned 0x0
[0126.682] GetCurrentObject (hdc=0x360107f5, type=0x1) returned 0xb00017
[0126.682] GetCurrentObject (hdc=0x360107f5, type=0x2) returned 0x900010
[0126.682] GetCurrentObject (hdc=0x360107f5, type=0x7) returned 0x28050778
[0126.682] GetCurrentObject (hdc=0x360107f5, type=0x6) returned 0x8a01c2
[0126.682] SaveDC (hdc=0x360107f5) returned 1
[0126.683] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3304079d
[0126.683] GetClipRgn (hdc=0x360107f5, hrgn=0x3304079d) returned 0
[0126.683] SelectClipRgn (hdc=0x360107f5, hrgn=0x6104064d) returned 2
[0126.683] DeleteObject (ho=0x3304079d) returned 1
[0126.683] DeleteObject (ho=0x6104064d) returned 1
[0126.683] OffsetViewportOrgEx (in: hdc=0x360107f5, x=0, y=0, lppt=0x2dfa368 | out: lppt=0x2dfa368) returned 1
[0126.683] GetNearestColor (hdc=0x360107f5, color=0x0) returned 0x0
[0126.683] CreateSolidBrush (color=0x0) returned 0x21100774
[0126.683] FillRect (hDC=0x360107f5, lprc=0xefcbd0, hbr=0x21100774) returned 1
[0126.683] DeleteObject (ho=0x21100774) returned 1
[0126.683] RestoreDC (hdc=0x360107f5, nSavedDC=-1) returned 1
[0126.683] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x360107f5) returned 0x0
[0126.683] GdipRestoreGraphics (graphics=0x1c8f8a50, state=0xfffffffffda60dbd) returned 0x0
[0126.683] GdipDeleteRegion (region=0x1c8f8e20) returned 0x0
[0126.683] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0126.684] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0126.684] GetSystemMetrics (nIndex=42) returned 0
[0126.684] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefcd30, nMaxCount=9 | out: lpString="01:59:42") returned 8
[0126.684] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefcd30) returned 0x8
[0126.684] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefcd38) returned 0x0
[0126.684] GetCurrentObject (hdc=0x360107f5, type=0x1) returned 0xb00017
[0126.684] GetCurrentObject (hdc=0x360107f5, type=0x2) returned 0x900010
[0126.684] GetCurrentObject (hdc=0x360107f5, type=0x7) returned 0x28050778
[0126.684] GetCurrentObject (hdc=0x360107f5, type=0x6) returned 0x8a01c2
[0126.684] SaveDC (hdc=0x360107f5) returned 1
[0126.684] GetNearestColor (hdc=0x360107f5, color=0xffffff) returned 0xffffff
[0126.684] RestoreDC (hdc=0x360107f5, nSavedDC=-1) returned 1
[0126.684] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x360107f5) returned 0x0
[0126.685] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0126.685] AdjustWindowRectEx (in: lpRect=0xefcbf0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefcbf0) returned 1
[0126.685] GdipGetTextRenderingHint (graphics=0x1c8f8a50, mode=0xefcc48) returned 0x0
[0126.685] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefcc28) returned 0x0
[0126.685] GetCurrentObject (hdc=0x360107f5, type=0x1) returned 0xb00017
[0126.685] GetCurrentObject (hdc=0x360107f5, type=0x2) returned 0x900010
[0126.685] GetCurrentObject (hdc=0x360107f5, type=0x7) returned 0x28050778
[0126.685] GetCurrentObject (hdc=0x360107f5, type=0x6) returned 0x8a01c2
[0126.685] SaveDC (hdc=0x360107f5) returned 1
[0126.685] GetTextAlign (hdc=0x360107f5) returned 0x0
[0126.686] GetTextColor (hdc=0x360107f5) returned 0x0
[0126.686] SetTextColor (hdc=0x360107f5, color=0xffffff) returned 0x0
[0126.686] GetCurrentObject (hdc=0x360107f5, type=0x6) returned 0x8a01c2
[0126.686] GetObjectW (in: h=0x8a01c2, c=92, pv=0xefc730 | out: pv=0xefc730) returned 92
[0126.686] SelectObject (hdc=0x360107f5, h=0x480a077f) returned 0x8a01c2
[0126.686] GetBkMode (hdc=0x360107f5) returned 2
[0126.686] SetBkMode (hdc=0x360107f5, mode=1) returned 2
[0126.686] DrawTextExW (in: hdc=0x360107f5, lpchText="01:59:42", cchText=8, lprc=0xefcbb8, format=0x100000, lpdtp=0x2dfad00 | out: lpchText="01:59:42", lprc=0xefcbb8) returned 37
[0126.687] RestoreDC (hdc=0x360107f5, nSavedDC=-1) returned 1
[0126.687] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x360107f5) returned 0x0
[0126.687] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefce68) returned 0x0
[0126.687] BitBlt (hdc=0xf0105ee, x=0, y=0, cx=145, cy=37, hdcSrc=0x360107f5, x1=0, y1=0, rop=0xcc0020) returned 1
[0126.687] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x360107f5) returned 0x0
[0126.687] SelectPalette (hdc=0xf0105ee, hPal=0x88000b, bForceBkgd=0) returned 0x220807ed
[0126.687] SelectObject (hdc=0x360107f5, h=0x85000f) returned 0x28050778
[0126.687] DeleteDC (hdc=0x360107f5) returned 1
[0126.688] GdipDeleteGraphics (graphics=0x1c8f8a50) returned 0x0
[0126.688] EndPaint (hWnd=0x702c2, lpPaint=0xefce48) returned 1
[0126.773] GetWindowThreadProcessId (in: hWnd=0x2d02c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0126.773] GetCurrentThreadId () returned 0x4b0
[0126.773] IsWindow (hWnd=0x2d02c8) returned 1
[0126.773] KillTimer (hWnd=0x2d02c8, uIDEvent=0x31) returned 1
[0126.774] DestroyWindow (hWnd=0x2d02c8) returned 1
[0126.774] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2d02c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0126.774] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2d02c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0126.774] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2d02c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0126.777] CoTaskMemAlloc (cb=0x20c) returned 0x10840b0
[0126.777] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10840b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0126.777] CoTaskMemFree (pv=0x10840b0)
[0126.777] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0126.777] CoTaskMemAlloc (cb=0x280) returned 0x1db72960
[0126.777] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72960, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0126.777] CoTaskMemFree (pv=0x1db72960)
[0126.777] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0126.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0126.777] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0126.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0126.777] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0126.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0126.778] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0126.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0126.778] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0126.778] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x2e02c8
[0126.779] SetWindowLongPtrW (hWnd=0x2e02c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0126.780] GetWindowLongPtrW (hWnd=0x2e02c8, nIndex=-4) returned 0x7ffcea425090
[0126.780] SetWindowLongPtrW (hWnd=0x2e02c8, nIndex=-4, dwNewLong=0x1b7d545c) returned 0x7ffcea425090
[0126.780] GetWindowLongPtrW (hWnd=0x2e02c8, nIndex=-4) returned 0x1b7d545c
[0126.780] GetWindowLongPtrW (hWnd=0x2e02c8, nIndex=-16) returned 0x4c00000
[0126.781] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2e02c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0126.781] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2e02c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0126.781] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2e02c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0126.782] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2e02c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0126.782] SetTimer (hWnd=0x2e02c8, nIDEvent=0x32, uElapse=0x64, lpTimerFunc=0x0) returned 0x32
[0126.883] GetWindowThreadProcessId (in: hWnd=0x2e02c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0126.883] GetCurrentThreadId () returned 0x4b0
[0126.883] IsWindow (hWnd=0x2e02c8) returned 1
[0126.883] KillTimer (hWnd=0x2e02c8, uIDEvent=0x32) returned 1
[0126.883] DestroyWindow (hWnd=0x2e02c8) returned 1
[0126.883] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2e02c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0126.883] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2e02c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0126.884] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2e02c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0126.886] CoTaskMemAlloc (cb=0x20c) returned 0x10873b0
[0126.886] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10873b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0126.887] CoTaskMemFree (pv=0x10873b0)
[0126.887] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0126.887] CoTaskMemAlloc (cb=0x280) returned 0x1db72bf0
[0126.887] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72bf0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0126.887] CoTaskMemFree (pv=0x1db72bf0)
[0126.887] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0126.887] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0126.887] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0126.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0126.887] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0126.887] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0126.887] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0126.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0126.888] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0126.888] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x2f02c8
[0126.889] SetWindowLongPtrW (hWnd=0x2f02c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0126.889] GetWindowLongPtrW (hWnd=0x2f02c8, nIndex=-4) returned 0x7ffcea425090
[0126.889] SetWindowLongPtrW (hWnd=0x2f02c8, nIndex=-4, dwNewLong=0x1b7d4b4c) returned 0x7ffcea425090
[0126.889] GetWindowLongPtrW (hWnd=0x2f02c8, nIndex=-4) returned 0x1b7d4b4c
[0126.889] GetWindowLongPtrW (hWnd=0x2f02c8, nIndex=-16) returned 0x4c00000
[0126.890] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2f02c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0126.890] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2f02c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0126.891] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2f02c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0126.891] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2f02c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0126.892] SetTimer (hWnd=0x2f02c8, nIDEvent=0x33, uElapse=0x64, lpTimerFunc=0x0) returned 0x33
[0127.036] GetWindowThreadProcessId (in: hWnd=0x2f02c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0127.036] GetCurrentThreadId () returned 0x4b0
[0127.036] IsWindow (hWnd=0x2f02c8) returned 1
[0127.036] KillTimer (hWnd=0x2f02c8, uIDEvent=0x33) returned 1
[0127.036] DestroyWindow (hWnd=0x2f02c8) returned 1
[0127.036] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2f02c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0127.037] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2f02c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0127.037] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x2f02c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0127.039] CoTaskMemAlloc (cb=0x20c) returned 0x1083830
[0127.039] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1083830 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0127.039] CoTaskMemFree (pv=0x1083830)
[0127.039] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0127.039] CoTaskMemAlloc (cb=0x280) returned 0x1db733a0
[0127.039] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db733a0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0127.039] CoTaskMemFree (pv=0x1db733a0)
[0127.039] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0127.039] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0127.040] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0127.040] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0127.040] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0127.040] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0127.040] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0127.040] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0127.040] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0127.041] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x3002c8
[0127.041] SetWindowLongPtrW (hWnd=0x3002c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0127.041] GetWindowLongPtrW (hWnd=0x3002c8, nIndex=-4) returned 0x7ffcea425090
[0127.041] SetWindowLongPtrW (hWnd=0x3002c8, nIndex=-4, dwNewLong=0x1b7d513c) returned 0x7ffcea425090
[0127.041] GetWindowLongPtrW (hWnd=0x3002c8, nIndex=-4) returned 0x1b7d513c
[0127.041] GetWindowLongPtrW (hWnd=0x3002c8, nIndex=-16) returned 0x4c00000
[0127.042] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3002c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0127.042] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3002c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0127.042] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3002c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0127.043] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3002c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0127.043] SetTimer (hWnd=0x3002c8, nIDEvent=0x34, uElapse=0x64, lpTimerFunc=0x0) returned 0x34
[0127.170] GetWindowThreadProcessId (in: hWnd=0x3002c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0127.170] GetCurrentThreadId () returned 0x4b0
[0127.170] IsWindow (hWnd=0x3002c8) returned 1
[0127.170] KillTimer (hWnd=0x3002c8, uIDEvent=0x34) returned 1
[0127.170] DestroyWindow (hWnd=0x3002c8) returned 1
[0127.170] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3002c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0127.170] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3002c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0127.171] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3002c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0127.173] CoTaskMemAlloc (cb=0x20c) returned 0x10840b0
[0127.173] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10840b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0127.173] CoTaskMemFree (pv=0x10840b0)
[0127.173] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0127.173] CoTaskMemAlloc (cb=0x280) returned 0x1db72e80
[0127.173] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72e80, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0127.173] CoTaskMemFree (pv=0x1db72e80)
[0127.173] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0127.173] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0127.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0127.174] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0127.174] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0127.174] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0127.174] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0127.174] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0127.175] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0127.175] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x3102c8
[0127.175] SetWindowLongPtrW (hWnd=0x3102c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0127.175] GetWindowLongPtrW (hWnd=0x3102c8, nIndex=-4) returned 0x7ffcea425090
[0127.176] SetWindowLongPtrW (hWnd=0x3102c8, nIndex=-4, dwNewLong=0x1b7d522c) returned 0x7ffcea425090
[0127.176] GetWindowLongPtrW (hWnd=0x3102c8, nIndex=-4) returned 0x1b7d522c
[0127.176] GetWindowLongPtrW (hWnd=0x3102c8, nIndex=-16) returned 0x4c00000
[0127.176] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3102c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0127.176] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3102c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0127.177] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3102c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0127.177] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3102c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0127.177] SetTimer (hWnd=0x3102c8, nIDEvent=0x35, uElapse=0x64, lpTimerFunc=0x0) returned 0x35
[0127.273] GetWindowThreadProcessId (in: hWnd=0x3102c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0127.273] GetCurrentThreadId () returned 0x4b0
[0127.273] IsWindow (hWnd=0x3102c8) returned 1
[0127.273] KillTimer (hWnd=0x3102c8, uIDEvent=0x35) returned 1
[0127.273] DestroyWindow (hWnd=0x3102c8) returned 1
[0127.273] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3102c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0127.273] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3102c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0127.274] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3102c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0127.276] CoTaskMemAlloc (cb=0x20c) returned 0x10840b0
[0127.276] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10840b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0127.276] CoTaskMemFree (pv=0x10840b0)
[0127.276] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0127.276] CoTaskMemAlloc (cb=0x280) returned 0x1db73b50
[0127.276] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db73b50, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0127.276] CoTaskMemFree (pv=0x1db73b50)
[0127.276] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0127.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0127.276] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0127.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0127.276] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0127.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0127.276] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0127.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0127.277] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0127.277] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x3202c8
[0127.277] SetWindowLongPtrW (hWnd=0x3202c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0127.277] GetWindowLongPtrW (hWnd=0x3202c8, nIndex=-4) returned 0x7ffcea425090
[0127.278] SetWindowLongPtrW (hWnd=0x3202c8, nIndex=-4, dwNewLong=0x1b7d4e1c) returned 0x7ffcea425090
[0127.278] GetWindowLongPtrW (hWnd=0x3202c8, nIndex=-4) returned 0x1b7d4e1c
[0127.278] GetWindowLongPtrW (hWnd=0x3202c8, nIndex=-16) returned 0x4c00000
[0127.278] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3202c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0127.278] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3202c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0127.279] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3202c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0127.279] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3202c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0127.280] SetTimer (hWnd=0x3202c8, nIDEvent=0x36, uElapse=0x64, lpTimerFunc=0x0) returned 0x36
[0127.476] GetWindowThreadProcessId (in: hWnd=0x3202c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0127.476] GetCurrentThreadId () returned 0x4b0
[0127.476] IsWindow (hWnd=0x3202c8) returned 1
[0127.476] KillTimer (hWnd=0x3202c8, uIDEvent=0x36) returned 1
[0127.476] DestroyWindow (hWnd=0x3202c8) returned 1
[0127.476] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3202c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0127.476] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3202c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0127.477] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3202c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0127.479] CoTaskMemAlloc (cb=0x20c) returned 0x1085c50
[0127.479] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1085c50 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0127.479] CoTaskMemFree (pv=0x1085c50)
[0127.479] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0127.479] CoTaskMemAlloc (cb=0x280) returned 0x1db73630
[0127.479] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db73630, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0127.479] CoTaskMemFree (pv=0x1db73630)
[0127.479] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0127.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0127.479] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0127.479] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0127.479] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0127.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0127.479] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0127.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0127.480] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0127.480] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x3302c8
[0127.480] SetWindowLongPtrW (hWnd=0x3302c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0127.481] GetWindowLongPtrW (hWnd=0x3302c8, nIndex=-4) returned 0x7ffcea425090
[0127.481] SetWindowLongPtrW (hWnd=0x3302c8, nIndex=-4, dwNewLong=0x1b7d518c) returned 0x7ffcea425090
[0127.481] GetWindowLongPtrW (hWnd=0x3302c8, nIndex=-4) returned 0x1b7d518c
[0127.481] GetWindowLongPtrW (hWnd=0x3302c8, nIndex=-16) returned 0x4c00000
[0127.481] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3302c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0127.482] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3302c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0127.482] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3302c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0127.483] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3302c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0127.483] SetTimer (hWnd=0x3302c8, nIDEvent=0x37, uElapse=0x64, lpTimerFunc=0x0) returned 0x37
[0127.586] GetWindowThreadProcessId (in: hWnd=0x3302c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0127.586] GetCurrentThreadId () returned 0x4b0
[0127.586] IsWindow (hWnd=0x3302c8) returned 1
[0127.586] KillTimer (hWnd=0x3302c8, uIDEvent=0x37) returned 1
[0127.586] DestroyWindow (hWnd=0x3302c8) returned 1
[0127.586] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3302c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0127.586] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3302c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0127.587] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3302c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0127.589] CoTaskMemAlloc (cb=0x20c) returned 0x10873b0
[0127.589] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10873b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0127.589] CoTaskMemFree (pv=0x10873b0)
[0127.589] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0127.589] CoTaskMemAlloc (cb=0x280) returned 0x1db73de0
[0127.589] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db73de0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0127.589] CoTaskMemFree (pv=0x1db73de0)
[0127.589] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0127.589] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0127.589] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0127.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0127.590] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0127.590] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0127.590] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0127.590] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0127.590] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0127.590] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x3402c8
[0127.591] SetWindowLongPtrW (hWnd=0x3402c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0127.591] GetWindowLongPtrW (hWnd=0x3402c8, nIndex=-4) returned 0x7ffcea425090
[0127.591] SetWindowLongPtrW (hWnd=0x3402c8, nIndex=-4, dwNewLong=0x1b7d52cc) returned 0x7ffcea425090
[0127.591] GetWindowLongPtrW (hWnd=0x3402c8, nIndex=-4) returned 0x1b7d52cc
[0127.591] GetWindowLongPtrW (hWnd=0x3402c8, nIndex=-16) returned 0x4c00000
[0127.592] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3402c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0127.592] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3402c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0127.595] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3402c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0127.595] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3402c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0127.596] SetTimer (hWnd=0x3402c8, nIDEvent=0x38, uElapse=0x64, lpTimerFunc=0x0) returned 0x38
[0127.596] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0127.596] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0127.596] GetSystemMetrics (nIndex=42) returned 0
[0127.596] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefd0d0, nMaxCount=9 | out: lpString="01:59:42") returned 8
[0127.596] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefd0d0) returned 0x8
[0127.596] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0127.596] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0127.596] GetSystemMetrics (nIndex=42) returned 0
[0127.596] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefd070, nMaxCount=9 | out: lpString="01:59:42") returned 8
[0127.596] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefd070) returned 0x8
[0127.597] SetWindowTextW (hWnd=0x702c2, lpString="01:59:41") returned 1
[0127.597] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xc, wParam=0x0, lParam=0x2e01fc4) returned 0x1
[0127.597] GetStockObject (i=5) returned 0x900015
[0127.597] GetDlgItem (hDlg=0x502b4, nIDDlgItem=459458) returned 0x702c2
[0127.597] SendMessageW (hWnd=0x702c2, Msg=0x202b, wParam=0x702c2, lParam=0xefc7d0) returned 0x0
[0127.597] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0x202b, wParam=0x702c2, lParam=0xefc7d0) returned 0x0
[0127.597] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0127.597] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0127.597] GetSystemMetrics (nIndex=42) returned 0
[0127.597] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefcf30, nMaxCount=9 | out: lpString="01:59:41") returned 8
[0127.597] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefcf30) returned 0x8
[0127.598] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0127.598] AdjustWindowRectEx (in: lpRect=0xefcf60, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefcf60) returned 1
[0127.598] DrawTextExW (in: hdc=0xffffffff8c0107c3, lpchText="01:59:41", cchText=8, lprc=0xefcec8, format=0x102400, lpdtp=0x2e022b8 | out: lpchText="01:59:41", lprc=0xefcec8) returned 37
[0127.598] InvalidateRect (hWnd=0x702c2, lpRect=0x0, bErase=1) returned 1
[0127.598] GetWindowTextLengthW (hWnd=0x502b4) returned 15
[0127.598] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xf
[0127.598] GetSystemMetrics (nIndex=42) returned 0
[0127.598] GetWindowTextW (in: hWnd=0x502b4, lpString=0xefcea0, nMaxCount=16 | out: lpString="Worm Locker 2.0") returned 15
[0127.598] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xd, wParam=0x10, lParam=0xefcea0) returned 0xf
[0127.599] BeginPaint (in: hWnd=0x702c2, lpPaint=0xefcea8 | out: lpPaint=0xefcea8) returned 0xd0104fe
[0127.599] SelectPalette (hdc=0xd0104fe, hPal=0x220807ed, bForceBkgd=1) returned 0x88000b
[0127.599] CreateCompatibleDC (hdc=0xd0104fe) returned 0x2d010805
[0127.599] SelectObject (hdc=0x2d010805, h=0x28050778) returned 0x85000f
[0127.599] GdipCreateFromHDC (hdc=0x2d010805, graphics=0xefce28) returned 0x0
[0127.599] GdipTranslateWorldTransform (graphics=0x1c8f8a50, dx=0x7ffcca17ec22, dy=0xca117896fb4, order=0x0) returned 0x0
[0127.599] GdipSetClipRectI (graphics=0x1c8f8a50, x=0, y=0, width=145, height=37, combineMode=0x0) returned 0x0
[0127.599] GdipCreateMatrix (matrix=0xefce50) returned 0x0
[0127.599] GdipGetWorldTransform (graphics=0x1c8f8a50, matrix=0x1c8f9230) returned 0x0
[0127.599] GdipIsMatrixIdentity (matrix=0x1c8f9230, result=0xefceb8) returned 0x0
[0127.600] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db7bab0
[0127.600] GdipGetMatrixElements (matrix=0x1c8f9230, matrixOut=0x1db7bab0) returned 0x0
[0127.600] LocalFree (hMem=0x1db7bab0) returned 0x0
[0127.600] GdipDeleteMatrix (matrix=0x1c8f9230) returned 0x0
[0127.600] GdipCreateRegion (region=0xefce50) returned 0x0
[0127.600] GdipGetClip (graphics=0x1c8f8a50, region=0x1c8f8e20) returned 0x0
[0127.600] GdipIsInfiniteRegion (region=0x1c8f8e20, graphics=0x1c8f8a50, result=0xefceb0) returned 0x0
[0127.600] GdipSaveGraphics (graphics=0x1c8f8a50, state=0xefcf50) returned 0x0
[0127.600] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0127.600] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0127.600] GetSystemMetrics (nIndex=42) returned 0
[0127.600] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefcd30, nMaxCount=9 | out: lpString="01:59:41") returned 8
[0127.600] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefcd30) returned 0x8
[0127.600] GetClientRect (in: hWnd=0x702c2, lpRect=0xefcee8 | out: lpRect=0xefcee8) returned 1
[0127.600] GdipCreateRegion (region=0xefcac0) returned 0x0
[0127.600] GdipGetClip (graphics=0x1c8f8a50, region=0x1c90a8d0) returned 0x0
[0127.600] GdipCreateMatrix (matrix=0xefcac0) returned 0x0
[0127.600] GdipGetWorldTransform (graphics=0x1c8f8a50, matrix=0x1c8f91f0) returned 0x0
[0127.601] GdipIsMatrixIdentity (matrix=0x1c8f91f0, result=0xefcb28) returned 0x0
[0127.601] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db7bbb0
[0127.601] GdipGetMatrixElements (matrix=0x1c8f91f0, matrixOut=0x1db7bbb0) returned 0x0
[0127.601] LocalFree (hMem=0x1db7bbb0) returned 0x0
[0127.601] GdipCombineRegionRegion (region=0x1c90a8d0, region2=0x1c8f8e20, combineMode=0x1) returned 0x0
[0127.601] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1db7b870
[0127.601] GdipGetMatrixElements (matrix=0x1c8f91f0, matrixOut=0x1db7b870) returned 0x0
[0127.602] LocalFree (hMem=0x1db7b870) returned 0x0
[0127.602] GdipDeleteMatrix (matrix=0x1c8f91f0) returned 0x0
[0127.602] GdipIsInfiniteRegion (region=0x1c90a8d0, graphics=0x1c8f8a50, result=0xefcb90) returned 0x0
[0127.602] GdipIsInfiniteRegion (region=0x1c90a8d0, graphics=0x1c8f8a50, result=0xefcb50) returned 0x0
[0127.602] GdipGetRegionHRgn (region=0x1c90a8d0, graphics=0x1c8f8a50, hRgn=0xefcb50) returned 0x0
[0127.602] GdipDeleteRegion (region=0x1c90a8d0) returned 0x0
[0127.602] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefcb98) returned 0x0
[0127.602] GetCurrentObject (hdc=0x2d010805, type=0x1) returned 0xb00017
[0127.602] GetCurrentObject (hdc=0x2d010805, type=0x2) returned 0x900010
[0127.602] GetCurrentObject (hdc=0x2d010805, type=0x7) returned 0x28050778
[0127.602] GetCurrentObject (hdc=0x2d010805, type=0x6) returned 0x8a01c2
[0127.602] SaveDC (hdc=0x2d010805) returned 1
[0127.602] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x6204064d
[0127.602] GetClipRgn (hdc=0x2d010805, hrgn=0x6204064d) returned 0
[0127.602] SelectClipRgn (hdc=0x2d010805, hrgn=0x3604079d) returned 2
[0127.602] DeleteObject (ho=0x6204064d) returned 1
[0127.603] DeleteObject (ho=0x3604079d) returned 1
[0127.603] OffsetViewportOrgEx (in: hdc=0x2d010805, x=0, y=0, lppt=0x2e029d0 | out: lppt=0x2e029d0) returned 1
[0127.603] GetNearestColor (hdc=0x2d010805, color=0x0) returned 0x0
[0127.603] CreateSolidBrush (color=0x0) returned 0x22100774
[0127.603] FillRect (hDC=0x2d010805, lprc=0xefcbd0, hbr=0x22100774) returned 1
[0127.603] DeleteObject (ho=0x22100774) returned 1
[0127.603] RestoreDC (hdc=0x2d010805, nSavedDC=-1) returned 1
[0127.603] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x2d010805) returned 0x0
[0127.603] GdipRestoreGraphics (graphics=0x1c8f8a50, state=0xfffffffffda40dbd) returned 0x0
[0127.603] GdipDeleteRegion (region=0x1c8f8e20) returned 0x0
[0127.603] GetWindowTextLengthW (hWnd=0x702c2) returned 8
[0127.603] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x8
[0127.603] GetSystemMetrics (nIndex=42) returned 0
[0127.603] GetWindowTextW (in: hWnd=0x702c2, lpString=0xefcd30, nMaxCount=9 | out: lpString="01:59:41") returned 8
[0127.603] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0xd, wParam=0x9, lParam=0xefcd30) returned 0x8
[0127.603] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefcd38) returned 0x0
[0127.603] GetCurrentObject (hdc=0x2d010805, type=0x1) returned 0xb00017
[0127.603] GetCurrentObject (hdc=0x2d010805, type=0x2) returned 0x900010
[0127.603] GetCurrentObject (hdc=0x2d010805, type=0x7) returned 0x28050778
[0127.603] GetCurrentObject (hdc=0x2d010805, type=0x6) returned 0x8a01c2
[0127.604] SaveDC (hdc=0x2d010805) returned 1
[0127.604] GetNearestColor (hdc=0x2d010805, color=0xffffff) returned 0xffffff
[0127.604] RestoreDC (hdc=0x2d010805, nSavedDC=-1) returned 1
[0127.604] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x2d010805) returned 0x0
[0127.604] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x7ffcdf080000
[0127.604] AdjustWindowRectEx (in: lpRect=0xefcbf0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0xefcbf0) returned 1
[0127.604] GdipGetTextRenderingHint (graphics=0x1c8f8a50, mode=0xefcc48) returned 0x0
[0127.605] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefcc28) returned 0x0
[0127.605] GetCurrentObject (hdc=0x2d010805, type=0x1) returned 0xb00017
[0127.605] GetCurrentObject (hdc=0x2d010805, type=0x2) returned 0x900010
[0127.605] GetCurrentObject (hdc=0x2d010805, type=0x7) returned 0x28050778
[0127.605] GetCurrentObject (hdc=0x2d010805, type=0x6) returned 0x8a01c2
[0127.605] SaveDC (hdc=0x2d010805) returned 1
[0127.605] GetTextAlign (hdc=0x2d010805) returned 0x0
[0127.605] GetTextColor (hdc=0x2d010805) returned 0x0
[0127.605] SetTextColor (hdc=0x2d010805, color=0xffffff) returned 0x0
[0127.605] GetCurrentObject (hdc=0x2d010805, type=0x6) returned 0x8a01c2
[0127.605] GetObjectW (in: h=0x8a01c2, c=92, pv=0xefc730 | out: pv=0xefc730) returned 92
[0127.605] SelectObject (hdc=0x2d010805, h=0x480a077f) returned 0x8a01c2
[0127.605] GetBkMode (hdc=0x2d010805) returned 2
[0127.605] SetBkMode (hdc=0x2d010805, mode=1) returned 2
[0127.606] DrawTextExW (in: hdc=0x2d010805, lpchText="01:59:41", cchText=8, lprc=0xefcbb8, format=0x100000, lpdtp=0x2e03368 | out: lpchText="01:59:41", lprc=0xefcbb8) returned 37
[0127.606] RestoreDC (hdc=0x2d010805, nSavedDC=-1) returned 1
[0127.606] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x2d010805) returned 0x0
[0127.606] GdipGetDC (graphics=0x1c8f8a50, hdc=0xefce68) returned 0x0
[0127.606] BitBlt (hdc=0xd0104fe, x=0, y=0, cx=145, cy=37, hdcSrc=0x2d010805, x1=0, y1=0, rop=0xcc0020) returned 1
[0127.606] GdipReleaseDC (graphics=0x1c8f8a50, hdc=0x2d010805) returned 0x0
[0127.606] SelectPalette (hdc=0xd0104fe, hPal=0x88000b, bForceBkgd=0) returned 0x220807ed
[0127.606] SelectObject (hdc=0x2d010805, h=0x85000f) returned 0x28050778
[0127.607] DeleteDC (hdc=0x2d010805) returned 1
[0127.607] GdipDeleteGraphics (graphics=0x1c8f8a50) returned 0x0
[0127.607] EndPaint (hWnd=0x702c2, lpPaint=0xefce48) returned 1
[0127.698] GetWindowThreadProcessId (in: hWnd=0x3402c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0127.698] GetCurrentThreadId () returned 0x4b0
[0127.698] IsWindow (hWnd=0x3402c8) returned 1
[0127.698] KillTimer (hWnd=0x3402c8, uIDEvent=0x38) returned 1
[0127.698] DestroyWindow (hWnd=0x3402c8) returned 1
[0127.698] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3402c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0127.698] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3402c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0127.699] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3402c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0127.701] CoTaskMemAlloc (cb=0x20c) returned 0x10873b0
[0127.701] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10873b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0127.701] CoTaskMemFree (pv=0x10873b0)
[0127.701] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0127.701] CoTaskMemAlloc (cb=0x280) returned 0x1db726d0
[0127.701] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db726d0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0127.701] CoTaskMemFree (pv=0x1db726d0)
[0127.701] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0127.701] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0127.701] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0127.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0127.702] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0127.702] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0127.702] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0127.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0127.702] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0127.702] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x3502c8
[0127.703] SetWindowLongPtrW (hWnd=0x3502c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0127.703] GetWindowLongPtrW (hWnd=0x3502c8, nIndex=-4) returned 0x7ffcea425090
[0127.703] SetWindowLongPtrW (hWnd=0x3502c8, nIndex=-4, dwNewLong=0x1b7d527c) returned 0x7ffcea425090
[0127.703] GetWindowLongPtrW (hWnd=0x3502c8, nIndex=-4) returned 0x1b7d527c
[0127.703] GetWindowLongPtrW (hWnd=0x3502c8, nIndex=-16) returned 0x4c00000
[0127.704] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3502c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0127.704] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3502c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0127.705] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3502c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0127.705] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3502c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0127.706] SetTimer (hWnd=0x3502c8, nIDEvent=0x39, uElapse=0x64, lpTimerFunc=0x0) returned 0x39
[0127.851] GetWindowThreadProcessId (in: hWnd=0x3502c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0127.852] GetCurrentThreadId () returned 0x4b0
[0127.852] IsWindow (hWnd=0x3502c8) returned 1
[0127.852] KillTimer (hWnd=0x3502c8, uIDEvent=0x39) returned 1
[0127.852] DestroyWindow (hWnd=0x3502c8) returned 1
[0127.852] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3502c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0127.852] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3502c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0127.852] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3502c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0127.857] CoTaskMemAlloc (cb=0x20c) returned 0x1085c50
[0127.857] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1085c50 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0127.857] CoTaskMemFree (pv=0x1085c50)
[0127.857] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0127.857] CoTaskMemAlloc (cb=0x280) returned 0x1db726d0
[0127.857] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db726d0, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0127.857] CoTaskMemFree (pv=0x1db726d0)
[0127.857] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0127.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0127.857] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0127.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0127.857] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0127.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0127.857] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0127.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0127.858] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0127.858] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x3602c8
[0127.858] SetWindowLongPtrW (hWnd=0x3602c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0127.858] GetWindowLongPtrW (hWnd=0x3602c8, nIndex=-4) returned 0x7ffcea425090
[0127.858] SetWindowLongPtrW (hWnd=0x3602c8, nIndex=-4, dwNewLong=0x1b7d51dc) returned 0x7ffcea425090
[0127.859] GetWindowLongPtrW (hWnd=0x3602c8, nIndex=-4) returned 0x1b7d51dc
[0127.859] GetWindowLongPtrW (hWnd=0x3602c8, nIndex=-16) returned 0x4c00000
[0127.859] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3602c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0127.859] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3602c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0127.860] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3602c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0127.860] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3602c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0127.860] SetTimer (hWnd=0x3602c8, nIDEvent=0x3a, uElapse=0x64, lpTimerFunc=0x0) returned 0x3a
[0128.012] GetWindowThreadProcessId (in: hWnd=0x3602c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0128.012] GetCurrentThreadId () returned 0x4b0
[0128.012] IsWindow (hWnd=0x3602c8) returned 1
[0128.012] KillTimer (hWnd=0x3602c8, uIDEvent=0x3a) returned 1
[0128.012] DestroyWindow (hWnd=0x3602c8) returned 1
[0128.012] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3602c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0128.012] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3602c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0128.016] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3602c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0128.018] CoTaskMemAlloc (cb=0x20c) returned 0x1085c50
[0128.018] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1085c50 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0128.018] CoTaskMemFree (pv=0x1085c50)
[0128.018] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0128.019] CoTaskMemAlloc (cb=0x280) returned 0x1db73630
[0128.019] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db73630, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0128.019] CoTaskMemFree (pv=0x1db73630)
[0128.019] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0128.019] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0128.019] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0128.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0128.019] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0128.019] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0128.019] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0128.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0128.019] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0128.020] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x3702c8
[0128.020] SetWindowLongPtrW (hWnd=0x3702c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0128.020] GetWindowLongPtrW (hWnd=0x3702c8, nIndex=-4) returned 0x7ffcea425090
[0128.020] SetWindowLongPtrW (hWnd=0x3702c8, nIndex=-4, dwNewLong=0x1b7d531c) returned 0x7ffcea425090
[0128.020] GetWindowLongPtrW (hWnd=0x3702c8, nIndex=-4) returned 0x1b7d531c
[0128.020] GetWindowLongPtrW (hWnd=0x3702c8, nIndex=-16) returned 0x4c00000
[0128.027] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3702c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0128.027] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3702c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0128.028] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3702c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0128.028] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3702c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0128.029] SetTimer (hWnd=0x3702c8, nIDEvent=0x3b, uElapse=0x64, lpTimerFunc=0x0) returned 0x3b
[0128.133] GetWindowThreadProcessId (in: hWnd=0x3702c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0128.133] GetCurrentThreadId () returned 0x4b0
[0128.133] IsWindow (hWnd=0x3702c8) returned 1
[0128.133] KillTimer (hWnd=0x3702c8, uIDEvent=0x3b) returned 1
[0128.133] DestroyWindow (hWnd=0x3702c8) returned 1
[0128.133] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3702c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0128.133] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3702c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0128.134] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3702c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0128.135] CoTaskMemAlloc (cb=0x20c) returned 0x10840b0
[0128.135] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10840b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0128.135] CoTaskMemFree (pv=0x10840b0)
[0128.135] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0128.136] CoTaskMemAlloc (cb=0x280) returned 0x1db72440
[0128.136] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72440, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0128.136] CoTaskMemFree (pv=0x1db72440)
[0128.136] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0128.136] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0128.136] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0128.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0128.136] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0128.136] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0128.136] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0128.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0128.137] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0128.137] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x3802c8
[0128.137] SetWindowLongPtrW (hWnd=0x3802c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0128.137] GetWindowLongPtrW (hWnd=0x3802c8, nIndex=-4) returned 0x7ffcea425090
[0128.137] SetWindowLongPtrW (hWnd=0x3802c8, nIndex=-4, dwNewLong=0x1b7d53bc) returned 0x7ffcea425090
[0128.137] GetWindowLongPtrW (hWnd=0x3802c8, nIndex=-4) returned 0x1b7d53bc
[0128.137] GetWindowLongPtrW (hWnd=0x3802c8, nIndex=-16) returned 0x4c00000
[0128.138] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3802c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0128.138] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3802c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0128.139] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3802c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0128.139] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3802c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0128.139] SetTimer (hWnd=0x3802c8, nIDEvent=0x3c, uElapse=0x64, lpTimerFunc=0x0) returned 0x3c
[0128.242] GetWindowThreadProcessId (in: hWnd=0x3802c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0128.242] GetCurrentThreadId () returned 0x4b0
[0128.242] IsWindow (hWnd=0x3802c8) returned 1
[0128.242] KillTimer (hWnd=0x3802c8, uIDEvent=0x3c) returned 1
[0128.242] DestroyWindow (hWnd=0x3802c8) returned 1
[0128.243] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3802c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0128.243] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3802c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0128.243] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3802c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0128.245] CoTaskMemAlloc (cb=0x20c) returned 0x10873b0
[0128.245] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10873b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0128.245] CoTaskMemFree (pv=0x10873b0)
[0128.245] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0128.245] CoTaskMemAlloc (cb=0x280) returned 0x1db72e80
[0128.245] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db72e80, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0128.245] CoTaskMemFree (pv=0x1db72e80)
[0128.245] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0128.245] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0128.245] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0128.245] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0128.245] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0128.246] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0128.246] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0128.246] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0128.246] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0128.246] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x3902c8
[0128.246] SetWindowLongPtrW (hWnd=0x3902c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0128.246] GetWindowLongPtrW (hWnd=0x3902c8, nIndex=-4) returned 0x7ffcea425090
[0128.247] SetWindowLongPtrW (hWnd=0x3902c8, nIndex=-4, dwNewLong=0x1b7d563c) returned 0x7ffcea425090
[0128.247] GetWindowLongPtrW (hWnd=0x3902c8, nIndex=-4) returned 0x1b7d563c
[0128.247] GetWindowLongPtrW (hWnd=0x3902c8, nIndex=-16) returned 0x4c00000
[0128.248] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3902c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0128.248] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3902c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0128.248] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3902c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0128.249] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3902c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0128.249] SetTimer (hWnd=0x3902c8, nIDEvent=0x3d, uElapse=0x64, lpTimerFunc=0x0) returned 0x3d
[0128.351] GetWindowThreadProcessId (in: hWnd=0x3902c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0128.351] GetCurrentThreadId () returned 0x4b0
[0128.351] IsWindow (hWnd=0x3902c8) returned 1
[0128.351] KillTimer (hWnd=0x3902c8, uIDEvent=0x3d) returned 1
[0128.351] DestroyWindow (hWnd=0x3902c8) returned 1
[0128.351] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3902c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0128.351] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3902c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0128.352] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3902c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0128.354] CoTaskMemAlloc (cb=0x20c) returned 0x10873b0
[0128.354] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x10873b0 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0128.354] CoTaskMemFree (pv=0x10873b0)
[0128.354] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0128.354] CoTaskMemAlloc (cb=0x280) returned 0x1db73110
[0128.354] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db73110, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0128.354] CoTaskMemFree (pv=0x1db73110)
[0128.354] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0128.355] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0128.355] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0128.355] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0128.355] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0128.355] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0128.355] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0128.355] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0128.355] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0128.355] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x3a02c8
[0128.356] SetWindowLongPtrW (hWnd=0x3a02c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0128.356] GetWindowLongPtrW (hWnd=0x3a02c8, nIndex=-4) returned 0x7ffcea425090
[0128.356] SetWindowLongPtrW (hWnd=0x3a02c8, nIndex=-4, dwNewLong=0x1b7d4a0c) returned 0x7ffcea425090
[0128.356] GetWindowLongPtrW (hWnd=0x3a02c8, nIndex=-4) returned 0x1b7d4a0c
[0128.356] GetWindowLongPtrW (hWnd=0x3a02c8, nIndex=-16) returned 0x4c00000
[0128.357] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3a02c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0128.357] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3a02c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0128.358] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3a02c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0128.358] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3a02c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0128.359] SetTimer (hWnd=0x3a02c8, nIDEvent=0x3e, uElapse=0x64, lpTimerFunc=0x0) returned 0x3e
[0128.467] GetWindowThreadProcessId (in: hWnd=0x3a02c8, lpdwProcessId=0xefd180 | out: lpdwProcessId=0xefd180) returned 0x4b0
[0128.468] GetCurrentThreadId () returned 0x4b0
[0128.468] IsWindow (hWnd=0x3a02c8) returned 1
[0128.468] KillTimer (hWnd=0x3a02c8, uIDEvent=0x3e) returned 1
[0128.468] DestroyWindow (hWnd=0x3a02c8) returned 1
[0128.468] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3a02c8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0128.468] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3a02c8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0128.468] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3a02c8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0128.471] CoTaskMemAlloc (cb=0x20c) returned 0x1085c50
[0128.471] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x1085c50 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
[0128.471] CoTaskMemFree (pv=0x1085c50)
[0128.471] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xefcb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
[0128.471] CoTaskMemAlloc (cb=0x280) returned 0x1db73110
[0128.471] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x1db73110, nSize=0x13e | out: lpBuffer="C:\\Users\\FD1HVy") returned 0xf
[0128.471] CoTaskMemFree (pv=0x1db73110)
[0128.471] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x23
[0128.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0128.471] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0128.471] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0128.471] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0xefccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25
[0128.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xefd140) returned 1
[0128.471] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\desktop.ini" (normalized: "c:\\users\\fd1hvy\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xefd220 | out: lpFileInformation=0xefd220*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0128.472] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xefd100) returned 1
[0128.472] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000
[0128.472] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xb40000, lpParam=0x0) returned 0x3b02c8
[0128.472] SetWindowLongPtrW (hWnd=0x3b02c8, nIndex=-4, dwNewLong=0x7ffcea425090) returned 0x1b7d120c
[0128.473] GetWindowLongPtrW (hWnd=0x3b02c8, nIndex=-4) returned 0x7ffcea425090
[0128.473] SetWindowLongPtrW (hWnd=0x3b02c8, nIndex=-4, dwNewLong=0x1b7d46ec) returned 0x7ffcea425090
[0128.473] GetWindowLongPtrW (hWnd=0x3b02c8, nIndex=-4) returned 0x1b7d46ec
[0128.473] GetWindowLongPtrW (hWnd=0x3b02c8, nIndex=-16) returned 0x4c00000
[0128.474] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3b02c8, Msg=0x24, wParam=0x0, lParam=0xefc860) returned 0x0
[0128.474] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3b02c8, Msg=0x81, wParam=0x0, lParam=0xefc7d0) returned 0x1
[0128.474] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3b02c8, Msg=0x83, wParam=0x0, lParam=0xefc880) returned 0x0
[0128.475] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x3b02c8, Msg=0x1, wParam=0x0, lParam=0xefc7a0) returned 0x0
[0128.475] SetTimer (hWnd=0x3b02c8, nIDEvent=0x3f, uElapse=0x64, lpTimerFunc=0x0) returned 0x3f
[0128.476] LocalFree (hMem=0x1db3ca50) returned 0x0
[0128.477] GetWindowLongPtrW (hWnd=0x502b4, nIndex=-8) returned 0x702b6
[0128.478] MonitorFromWindow (hwnd=0x702b6, dwFlags=0x2) returned 0x10001
[0128.478] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xefd810 | out: lpmi=0xefd810) returned 1
[0128.478] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x23010816
[0128.478] GetDeviceCaps (hdc=0x23010816, index=12) returned 32
[0128.478] GetDeviceCaps (hdc=0x23010816, index=14) returned 1
[0128.478] DeleteDC (hdc=0x23010816) returned 1
[0128.478] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xefd880 | out: lpmi=0xefd880) returned 1
[0128.478] SetWindowPos (hWnd=0x502b4, hWndInsertAfter=0x0, X=360, Y=155, cx=720, cy=550, uFlags=0x15) returned 1
[0128.479] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x46, wParam=0x0, lParam=0xefd6f0) returned 0x0
[0128.480] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0
[0128.480] GetWindowPlacement (in: hWnd=0x502b4, lpwndpl=0xefd220 | out: lpwndpl=0xefd220) returned 1
[0128.480] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x202d4, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0
[0128.480] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0d4630, hWnd=0x202d4, Msg=0x14, wParam=0xd0104fe, lParam=0x0) returned 0x1
[0128.480] GetStockObject (i=5) returned 0x900015
[0128.480] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x1
[0128.480] SetTextColor (hdc=0x10105d6, color=0xffffff) returned 0x0
[0128.481] SetBkColor (hdc=0x10105d6, color=0x0) returned 0xffffff
[0128.481] GetWindowPlacement (in: hWnd=0x502b4, lpwndpl=0xefc730 | out: lpwndpl=0xefc730) returned 1
[0128.482] GetWindowTextLengthW (hWnd=0x502b4) returned 15
[0128.482] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xf
[0128.482] GetSystemMetrics (nIndex=42) returned 0
[0128.482] GetWindowTextW (in: hWnd=0x502b4, lpString=0xefc2c0, nMaxCount=16 | out: lpString="Worm Locker 2.0") returned 15
[0128.482] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xd, wParam=0x10, lParam=0xefc2c0) returned 0xf
[0128.482] GetClientRect (in: hWnd=0x502b4, lpRect=0xefc348 | out: lpRect=0xefc348) returned 1
[0128.482] GdipGetImageFlags (image=0x1c8f81b0, flags=0xefc108) returned 0x0
[0128.482] GetCurrentObject (hdc=0x2c010816, type=0x1) returned 0xb00017
[0128.482] GetCurrentObject (hdc=0x2c010816, type=0x2) returned 0x900010
[0128.482] GetCurrentObject (hdc=0x2c010816, type=0x7) returned 0x6050817
[0128.482] GetCurrentObject (hdc=0x2c010816, type=0x6) returned 0x8a01c2
[0128.482] SaveDC (hdc=0x2c010816) returned 1
[0128.482] GetNearestColor (hdc=0x2c010816, color=0xf0f0f0) returned 0xf0f0f0
[0128.482] CreateSolidBrush (color=0xf0f0f0) returned 0x23100774
[0128.482] FillRect (hDC=0x2c010816, lprc=0xefc030, hbr=0x23100774) returned 1
[0128.483] DeleteObject (ho=0x23100774) returned 1
[0128.483] RestoreDC (hdc=0x2c010816, nSavedDC=-1) returned 1
[0128.483] SelectPalette (hdc=0x2c010816, hPal=0x220807ed, bForceBkgd=1) returned 0x88000b
[0128.483] GdipCreateFromHDC (hdc=0x2c010816, graphics=0xefc108) returned 0x0
[0128.483] GdipSetPageUnit (graphics=0x1c8f8a50, unit=0x2) returned 0x0
[0128.484] GdipCreateMatrix (matrix=0xefc000) returned 0x0
[0128.484] GdipGetWorldTransform (graphics=0x1c8f8a50, matrix=0x1c8f9230) returned 0x0
[0128.484] GdipIsMatrixIdentity (matrix=0x1c8f9230, result=0xefc068) returned 0x0
[0128.484] GdipDeleteMatrix (matrix=0x1c8f9230) returned 0x0
[0128.484] GdipCreateRegion (region=0xefc000) returned 0x0
[0128.484] GdipGetClip (graphics=0x1c8f8a50, region=0x1c8f8e20) returned 0x0
[0128.484] GdipIsInfiniteRegion (region=0x1c8f8e20, graphics=0x1c8f8a50, result=0xefc060) returned 0x0
[0128.484] GdipDeleteRegion (region=0x1c8f8e20) returned 0x0
[0128.484] GdipSaveGraphics (graphics=0x1c8f8a50, state=0xefc100) returned 0x0
[0128.484] GdipCreateSolidFill (color=0xfffffffffff0f0f0, brush=0xefbfc0) returned 0x0
[0128.484] GdipFillRectangleI (graphics=0x1c8f8a50, brush=0x1c90a8d0, x=0, y=0, width=720, height=550) returned 0x0
[0128.485] GdipDeleteBrush (brush=0x1c90a8d0) returned 0x0
[0128.485] GdipCreateImageAttributes (imageattr=0xefbfe0) returned 0x0
[0128.485] GdipSetImageAttributesWrapMode (imageAttr=0x1c8f9270, wrap=0x3, argb=0x0, clamp=0) returned 0x0
[0128.485] GdipGetImageWidth (image=0x1c8f81b0, width=0xefbfd8) returned 0x0
[0128.485] GdipGetImageHeight (image=0x1c8f81b0, height=0xefbfd8) returned 0x0
[0128.485] GdipDrawImageRectRectI (graphics=0x1c8f8a50, image=0x1c8f81b0, dstx=0, dsty=0, dstwidth=720, dstheight=550, srcx=0, srcy=0, srcwidth=800, srcheight=600, srcUnit=0x2, imageAttributes=0x1c8f9270, callback=0x0, callbackData=0x0) returned 0x0
[0128.491] GdipDisposeImageAttributes (imageattr=0x1c8f9270) returned 0x0
[0128.491] GdipRestoreGraphics (graphics=0x1c8f8a50, state=0xfffffffffda20dbd) returned 0x0
[0128.491] GetWindowTextLengthW (hWnd=0x502b4) returned 15
[0128.491] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xf
[0128.491] GetSystemMetrics (nIndex=42) returned 0
[0128.495] GetWindowTextW (in: hWnd=0x502b4, lpString=0xefc2c0, nMaxCount=16 | out: lpString="Worm Locker 2.0") returned 15
[0128.495] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0xd, wParam=0x10, lParam=0xefc2c0) returned 0xf
[0128.495] GdipDeleteGraphics (graphics=0x1c8f8a50) returned 0x0
[0128.495] SelectPalette (hdc=0x2c010816, hPal=0x88000b, bForceBkgd=0) returned 0x220807ed
[0128.497] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0x14, wParam=0x10105d6, lParam=0x0) returned 0x1
[0128.497] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202d0, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0
[0128.497] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x202ce, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0
[0128.497] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x302cc, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0
[0128.497] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x302c6, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0
[0128.497] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0cfd70, hWnd=0x702c2, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0
[0128.498] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x102d6, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0
[0128.498] GetWindowPlacement (in: hWnd=0x502b4, lpwndpl=0xefd200 | out: lpwndpl=0xefd200) returned 1
[0128.499] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x47, wParam=0x0, lParam=0xefd6f0) returned 0x0
[0128.499] CallWindowProcW (lpPrevWndFunc=0x7ffcea425090, hWnd=0x502b4, Msg=0x3, wParam=0x0, lParam=0x9b0168) returned 0x0
[0128.499] GetClientRect (in: hWnd=0x502b4, lpRect=0xefc550 | out: lpRect=0xefc550) returned 1
[0128.499] GetWindowRect (in: hWnd=0x502b4, lpRect=0xefc550 | out: lpRect=0xefc550) returned 1
[0128.499] GetClientRect (in: hWnd=0x502b4, lpRect=0xefd0a0 | out: lpRect=0xefd0a0) returned 1
[0128.499] GetWindowRect (in: hWnd=0x502b4, lpRect=0xefd0a0 | out: lpRect=0xefd0a0) returned 1
[0128.500] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0128.500] CallWindowProcW (lpPrevWndFunc=0x7ffcdf0c2450, hWnd=0x202d2, Msg=0x282, wParam=0xb, lParam=0x0) returned 0x0
[0128.504] BlockInput (fBlockIt=0) returned 1
[0128.504] LocalFree (hMem=0x1db45050) returned 0x0
[0128.504] LocalFree (hMem=0x1db44cb0) returned 0x0
[0128.952] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xefd240 | out: lpLuid=0xefd240*(LowPart=0x14, HighPart=0)) returned 1
[0128.954] GetCurrentProcess () returned 0xffffffffffffffff
[0128.954] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xefd238 | out: TokenHandle=0xefd238*=0x278) returned 1
[0128.954] AdjustTokenPrivileges (in: TokenHandle=0x278, DisableAllPrivileges=0, NewState=0x2e0b070*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0128.954] CloseHandle (hObject=0x278) returned 1
[0129.249] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d6a3a8, Length=0x20000, ResultLength=0xefe140 | out: SystemInformation=0x12d6a3a8, ResultLength=0xefe140*=0x24df8) returned 0xc0000004
[0129.254] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d8a3e0, Length=0x275f8, ResultLength=0xefe140 | out: SystemInformation=0x12d8a3e0, ResultLength=0xefe140*=0x24df8) returned 0x0
[0129.277] OpenProcess (dwDesiredAccess=0x1, bInheritHandle=0, dwProcessId=0x13c0) returned 0x278
[0129.505] TerminateProcess (hProcess=0x278, uExitCode=0xffffffff) returned 1
[0129.522] CloseHandle (hObject=0x278) returned 1
[0129.529] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d8a3e0, Length=0x275f8, ResultLength=0xefe140 | out: SystemInformation=0x12d8a3e0, ResultLength=0xefe140*=0x25170) returned 0x0
[0129.531] OpenProcess (dwDesiredAccess=0x1, bInheritHandle=0, dwProcessId=0xcdc) returned 0x278
[0129.531] TerminateProcess (hProcess=0x278, uExitCode=0xffffffff)
Thread:
id = 31
os_tid = 0x4f8
Thread:
id = 32
os_tid = 0xd14
Thread:
id = 33
os_tid = 0xd1c
[0102.344] CoGetContextToken (in: pToken=0x1b1ef790 | out: pToken=0x1b1ef790) returned 0x800401f0
[0102.344] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0102.344] RoInitialize () returned 0x1
[0102.344] RoUninitialize () returned 0x0
[0113.525] CloseHandle (hObject=0x88) returned 1
[0113.525] CloseHandle (hObject=0x288) returned 1
[0113.526] CloseHandle (hObject=0x284) returned 1
[0113.526] CloseHandle (hObject=0x274) returned 1
[0113.526] CloseHandle (hObject=0x280) returned 1
[0113.526] RegCloseKey (hKey=0x3ec) returned 0x0
[0113.526] CloseHandle (hObject=0x27c) returned 1
[0113.526] CloseHandle (hObject=0x28c) returned 1
[0113.526] CloseHandle (hObject=0x278) returned 1
Thread:
id = 36
os_tid = 0xddc
Thread:
id = 37
os_tid = 0xbb0
Thread:
id = 38
os_tid = 0x56c
Thread:
id = 39
os_tid = 0xa8c
Thread:
id = 42
os_tid = 0x1290
Thread:
id = 43
os_tid = 0xfc0
Thread:
id = 44
os_tid = 0xfbc
Thread:
id = 45
os_tid = 0xbdc
Thread:
id = 46
os_tid = 0xfb4
Process:
id = "6"
image_name = "takeown.exe"
filename = "c:\\windows\\system32\\takeown.exe"
page_root = "0x70ae0000"
os_pid = "0xa74"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "3"
os_parent_pid = "0xf84"
cmd_line = "takeown /f C:\\Windows\\System32 "
cur_dir = "C:\\Users\\FD1HVy\\Desktop\\"
os_username = "NQDPDE\\FD1HVy"
bitness = "32"
os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Thread:
id = 34
os_tid = 0xd78
Thread:
id = 35
os_tid = 0xd80
Process:
id = "7"
image_name = "icacls.exe"
filename = "c:\\windows\\system32\\icacls.exe"
page_root = "0x1bea7000"
os_pid = "0xc74"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "3"
os_parent_pid = "0xf84"
cmd_line = "icacls C:\\Windows\\System32 /grant \"FD1HVy:F\""
cur_dir = "C:\\Users\\FD1HVy\\Desktop\\"
os_username = "NQDPDE\\FD1HVy"
bitness = "32"
os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Thread:
id = 40
os_tid = 0x804
Thread:
id = 41
os_tid = 0xf50
Process:
id = "8"
image_name = "shutdown.exe"
filename = "c:\\windows\\system32\\shutdown.exe"
page_root = "0x9ca7000"
os_pid = "0x1040"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "5"
os_parent_pid = "0xcdc"
cmd_line = "\"C:\\Windows\\System32\\shutdown.exe\" /r /t 0"
cur_dir = "C:\\Users\\FD1HVy\\Desktop\\"
os_username = "NQDPDE\\FD1HVy"
bitness = "32"
os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Thread:
id = 47
os_tid = 0xf98
Thread:
id = 53
os_tid = 0x118c
Process:
id = "9"
image_name = "conhost.exe"
filename = "c:\\windows\\system32\\conhost.exe"
page_root = "0x58cb0000"
os_pid = "0xfa8"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "8"
os_parent_pid = "0x1040"
cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1"
cur_dir = "C:\\WINDOWS"
os_username = "NQDPDE\\FD1HVy"
bitness = "32"
os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Thread:
id = 48
os_tid = 0xf9c
Thread:
id = 49
os_tid = 0x1348
Thread:
id = 50
os_tid = 0x126c
Thread:
id = 51
os_tid = 0x13ec
Thread:
id = 52
os_tid = 0x1030
Process:
id = "10"
image_name = "wscript.exe"
filename = "c:\\windows\\system32\\wscript.exe"
page_root = "0x29537000"
os_pid = "0x13c0"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "5"
os_parent_pid = "0xcdc"
cmd_line = "\"C:\\WINDOWS\\System32\\WScript.exe\" \"C:\\Windows\\System32\\ransom_voice.vbs\" "
cur_dir = "C:\\Users\\FD1HVy\\Desktop\\"
os_username = "NQDPDE\\FD1HVy"
bitness = "32"
os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Thread:
id = 54
os_tid = 0x13fc
Thread:
id = 55
os_tid = 0x13dc